--- embedaddon/strongswan/src/libcharon/sa/ikev2/tasks/child_create.c	2020/06/03 09:46:45	1.1.1.1
+++ embedaddon/strongswan/src/libcharon/sa/ikev2/tasks/child_create.c	2021/03/17 00:20:09	1.1.1.2
@@ -707,6 +707,17 @@ static status_t select_and_install(private_child_creat
 		}
 	}
 
+	this->child_sa->set_ipcomp(this->child_sa, this->ipcomp);
+	this->child_sa->set_mode(this->child_sa, this->mode);
+	this->child_sa->set_protocol(this->child_sa,
+								 this->proposal->get_protocol(this->proposal));
+	this->child_sa->set_state(this->child_sa, CHILD_INSTALLING);
+
+	/* addresses might have changed since we originally sent the request, update
+	 * them before we configure any policies and install the SAs */
+	this->child_sa->update(this->child_sa, me, other, NULL,
+						   this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY));
+
 	this->child_sa->set_policies(this->child_sa, my_ts, other_ts);
 	if (!this->initiator)
 	{
@@ -716,12 +727,6 @@ static status_t select_and_install(private_child_creat
 							  offsetof(traffic_selector_t, destroy));
 	}
 
-	this->child_sa->set_state(this->child_sa, CHILD_INSTALLING);
-	this->child_sa->set_ipcomp(this->child_sa, this->ipcomp);
-	this->child_sa->set_mode(this->child_sa, this->mode);
-	this->child_sa->set_protocol(this->child_sa,
-								 this->proposal->get_protocol(this->proposal));
-
 	if (this->my_cpi == 0 || this->other_cpi == 0 || this->ipcomp == IPCOMP_NONE)
 	{
 		this->my_cpi = this->other_cpi = 0;
@@ -1853,7 +1858,10 @@ METHOD(task_t, migrate, void,
 	{
 		this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
 	}
-
+	if (!this->rekey && !this->retry)
+	{
+		this->dh_group = MODP_NONE;
+	}
 	this->ike_sa = ike_sa;
 	this->keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
 	this->proposal = NULL;