[strongSwan-dev] strongSwan 5 draft-ietf-ipsec-nat-t-ike-02 support
Tobias Brunner
tobias at strongswan.org
Thu Dec 13 18:54:18 CET 2012
Hi Volker,
> this is a patch to support nat traversal draft-ietf-ipsec-nat-t-ike-02 in
> strongSwan 5. Comments or suggestions are welcome.
Thanks a lot for the patch. It looks quite nice. In order for us to
apply it we'd require you to submit the non-trivial changes (e.g. those
in the isakmp_vendor.c file) under the MIT X11 license (see [1] for
details). If you are OK with that, please resubmit your updated patch.
Then a point regarding the patch itself. It's a bit unfortunate that
the ike_extension_t enum gets polluted with new values that are really
only needed to respond with the proper vendor ID. An additional
EXT_NATT_DRAFT_00_03 (to name it similar to the other enum values - even
though it reverses the logic in some of your functions) should be
enough, as you could keep track of the selected NAT-T vendor ID directly
in the isakmp_vendor task (for responders build() will be called right
after process() so you could simply store best_natt_ext on
private_isakmp_vendor_t and then use that to send the proper NAT-T VID).
Regards,
Tobias
[1] http://wiki.strongswan.org/projects/strongswan/wiki/Contributions
More information about the Dev
mailing list