[strongSwan-dev] strongSwan 5 draft-ietf-ipsec-nat-t-ike-02 support

Tobias Brunner tobias at strongswan.org
Thu Dec 13 18:54:18 CET 2012

Hi Volker,

> this is a patch to support nat traversal draft-ietf-ipsec-nat-t-ike-02 in
> strongSwan 5. Comments or suggestions are welcome.

Thanks a lot for the patch.  It looks quite nice.  In order for us to
apply it we'd require you to submit the non-trivial changes (e.g. those
in the isakmp_vendor.c file) under the MIT X11 license (see [1] for
details).  If you are OK with that, please resubmit your updated patch.

Then a point regarding the patch itself.  It's a bit unfortunate that
the ike_extension_t enum gets polluted with new values that are really
only needed to respond with the proper vendor ID.  An additional
EXT_NATT_DRAFT_00_03 (to name it similar to the other enum values - even
though it reverses the logic in some of your functions) should be
enough, as you could keep track of the selected NAT-T vendor ID directly
in the isakmp_vendor task (for responders build() will be called right
after process() so you could simply store best_natt_ext on
private_isakmp_vendor_t and then use that to send the proper NAT-T VID).


[1] http://wiki.strongswan.org/projects/strongswan/wiki/Contributions

More information about the Dev mailing list