diff -urNp openswan-2.6.32-orig/programs/pluto/kernel.c openswan-2.6.32-cvs-patched/programs/pluto/kernel.c --- openswan-2.6.32-orig/programs/pluto/kernel.c 2011-01-10 15:25:35.453925433 -0500 +++ openswan-2.6.32-cvs-patched/programs/pluto/kernel.c 2011-01-10 15:24:48.701924368 -0500 @@ -2761,8 +2761,15 @@ install_ipsec_sa(struct state *st, bool } if (st->st_connection->remotepeertype == CISCO) { - if(!do_command(st->st_connection, &st->st_connection->spd, "updateresolvconf", st)) { - DBG(DBG_CONTROL, DBG_log("Updating resolv.conf failed, you may need to update it manually")); + + sr = st->st_connection->spd.next; + st->st_connection->spd.eroute_owner = sr->eroute_owner; + st->st_connection->spd.routing = sr->routing; + + if(!st->st_connection->newest_ipsec_sa) { + if(!do_command(st->st_connection, &st->st_connection->spd, "updateresolvconf", st)) { + DBG(DBG_CONTROL, DBG_log("Updating resolv.conf failed, you may need to update it manually")); + } } } @@ -2804,7 +2811,11 @@ delete_ipsec_sa(struct state *st USED_BY */ sr->routing = (c->policy & POLICY_FAIL_MASK) == POLICY_FAIL_NONE ? RT_ROUTED_PROSPECTIVE : RT_ROUTED_FAILURE; - + + if (sr == &c->spd && c->remotepeertype == CISCO) { + continue; + } + (void) do_command(c, sr, "down", st); if ((c->policy & POLICY_DONT_REKEY) && c->kind == CK_INSTANCE) @@ -2834,7 +2845,7 @@ delete_ipsec_sa(struct state *st USED_BY } (void) teardown_half_ipsec_sa(st, TRUE); - if (st->st_connection->remotepeertype == CISCO) { + if (st->st_connection->remotepeertype == CISCO && st->st_serialno == st->st_connection->newest_ipsec_sa) { if(!do_command(st->st_connection, &st->st_connection->spd, "restoreresolvconf", st)) { DBG(DBG_CONTROL, DBG_log("Restoring resolv.conf failed, you may need to do it manually")); }