[strongSwan] PATCH: Payload order for aggressive mode
Gerald Richter - ECOS
richter at ecos.de
Thu Sep 12 06:40:33 CEST 2013
Hi Martin,
>
> While there is no specific text about the payload order, general consensus is
> that the message/payload diagrams in the RFC define the payload order. For
> aggressive mode (RFC 3947, section 4), this is:
>
> > UDP(4500,4500) HDR*#, [CERT, ],
> > NAT-D, NAT-D,
> > SIG_I -->
>
> While a signature payload is used here, I take this as a clear indication to
> insert the NAT payloads before the SIG/HASH payload.
>
> I'm skeptical about changing the payload order to something "less correct",
> as it is likely to break interoperability with other implementations.
>
Also I can understand your doubts changing the order, I see a huge benefit if the interoperability of strongswan to other venders can be enhanced.
So maybe, we can make this an option in strongswan.conf?
Regards
Gerald
More information about the Users
mailing list