[strongSwan] Allow more than five NAT-D-V1 payload fields

Timm Böttger timmb.08 at googlemail.com
Mon Mar 18 19:39:10 CET 2013


just trying to use strongSwan 5.0.1 in conjuntion with an AVM FritzBox 
in IKEv1 aggressive mode. Connection attemps fail due to use of nat-t 
here because the FritzBox sends back 6 paylpad packets of type NAT-D-V1 
wheres strongSwan expects only a maximum of 5 of these packets.

payload of type NAT_D_V1 more than 5 times (6) occurred in current message
message verification failed
generating INFORMATIONAL_V1 request 4092990044 [ N(PLD_MAL) ]

I'm kind of confused as I can't find a passage in the RFCs stating the 
maximum allowed number of five here. Anyone similiar experiences?


More information about the Users mailing list