[Swan-commit] Changes to ref refs/heads/master
Paul Wouters
paul at vault.libreswan.fi
Sat May 31 02:26:00 EEST 2014
New commits:
commit 598bd550ab452826935658488ee94b40f8bf5afa
Author: Paul Wouters <pwouters at redhat.com>
Date: Fri May 30 19:23:31 2014 -0400
IKEv1: ignore incoming ISAKMP_NEXT_SAK (AKA ISAKMP_NEXT_NATD_BADDRAFTS)
We don't support SAK (group doi) and this VID is used by old cisco
devies as a NAT traversal payload. However, the method does not support
NAT-OA and we do not support that anymore. It is recommended to update
the Cisco firmware or device that sent this.
(It this turns out to be a bigger issue, we will need to re-instate a lot
of complexity with NAT_T_WITH_NATD_BADDRAFT_VALUES)
More information about the Swan-commit
mailing list