[strongSwan] PATCH: Payload order for aggressive mode

Martin Willi martin at strongswan.org
Tue Sep 10 11:00:15 CEST 2013

Hi Gerald,
> I discovered that the watchguard expects the HASH_V1 before the NAT
> payload in the third message.

Thanks for your patch, I finally had a chance to take a closer look at
this issue.

> Doing a quick search I didn’t found any order requirements in the RFC’s
> (did I miss something?).

While there is no specific text about the payload order, general
consensus is that the message/payload diagrams in the RFC define the
payload order. For aggressive mode (RFC 3947, section 4), this is:

>    UDP(4500,4500) HDR*#, [CERT, ],
>        NAT-D, NAT-D,
>        SIG_I -->

While a signature payload is used here, I take this as a clear
indication to insert the NAT payloads before the SIG/HASH payload.

I'm skeptical about changing the payload order to something "less
correct", as it is likely to break interoperability with other

Kind Regards

More information about the Users mailing list