[strongSwan] PATCH: Payload order for aggressive mode
Gerald Richter - ECOS
richter at ecos.de
Thu Sep 12 06:40:33 CEST 2013
> While there is no specific text about the payload order, general consensus is
> that the message/payload diagrams in the RFC define the payload order. For
> aggressive mode (RFC 3947, section 4), this is:
> > UDP(4500,4500) HDR*#, [CERT, ],
> > NAT-D, NAT-D,
> > SIG_I -->
> While a signature payload is used here, I take this as a clear indication to
> insert the NAT payloads before the SIG/HASH payload.
> I'm skeptical about changing the payload order to something "less correct",
> as it is likely to break interoperability with other implementations.
Also I can understand your doubts changing the order, I see a huge benefit if the interoperability of strongswan to other venders can be enhanced.
So maybe, we can make this an option in strongswan.conf?
More information about the Users