From d9b84c143ca50ecc0ae435034f6760b899f8dca2 Mon Sep 17 00:00:00 2001
From: Javier Domingo Cansino <javierdo1@gmail.com>
Date: Tue, 18 Aug 2020 20:29:55 +0200
Subject: [PATCH] Accept existing XMRF policies and update them intead of
 raising errors

---
 backend/ipsec/handle_xfrm.go | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/backend/ipsec/handle_xfrm.go b/backend/ipsec/handle_xfrm.go
index cdbb79f724..7622618765 100644
--- a/backend/ipsec/handle_xfrm.go
+++ b/backend/ipsec/handle_xfrm.go
@@ -30,7 +30,7 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in
 
 	dst := remoteLease.Subnet.ToIPNet()
 
-	policy := netlink.XfrmPolicy{
+	policy := &netlink.XfrmPolicy{
 		Src: src,
 		Dst: dst,
 		Dir: dir,
@@ -47,14 +47,20 @@ func AddXFRMPolicy(myLease, remoteLease *subnet.Lease, dir netlink.Dir, reqID in
 		Reqid: reqID,
 	}
 
-	log.Infof("Adding ipsec policy: %+v", tmpl)
-
 	policy.Tmpls = append(policy.Tmpls, tmpl)
 
-	if err := netlink.XfrmPolicyAdd(&policy); err != nil {
-		return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
+	existingPolicy, err := netlink.XfrmPolicyGet(policy)
+	if err != nil {
+		log.Infof("Adding ipsec policy: %+v", tmpl)
+		if err := netlink.XfrmPolicyAdd(policy); err != nil {
+			return fmt.Errorf("error adding policy: %+v err: %v", policy, err)
+		}
+	} else {
+		log.Info("Updating ipsec policy %+v with %+v", existingPolicy, policy)
+		if err := netlink.XfrmPolicyUpdate(policy); err != nil {
+			return fmt.Errorf("error updating policy: %+v err: %v", policy, err)
+		}
 	}
-
 	return nil
 }