[Swan-dev] NAT and intermediate exchange
Andrew Cagney
andrew.cagney at gmail.com
Thu Feb 22 21:30:31 EET 2024
On Thu, 22 Feb 2024 at 13:43, Paul Wouters via Swan-dev
<swan-dev at lists.libreswan.org> wrote:
>
> On Thu, 22 Feb 2024, Andrew Cagney via Swan-commit wrote:
>
> > New commits:
> > commit 8f2151aab6084561bdeb8c49206ee238b508eecc
> > Author: Andrew Cagney <cagney at gnu.org>
> > Date: Thu Feb 22 10:58:13 2024 -0500
> >
> > ikev2: drop code checking for NAT during IKE_INTERMEDIATE exchange
> >
> > NAT happens during IKE_SA_INIT; follow-up:
> > pluto: do not allow nic-offload=packet with encapsulation=yes
>
> I checked RFC9242 and you are correct.
Right. According to the basic IKEv2 RFC, NAT is all handled during
IKE_SA_INIT. Hence, seeing changes to ikev2_ike_intermediate.[hc]
caught my eye (that and that I'd previously removed remarkably similar
code in ikev2_ike_auth.[hc]).
More information about the Swan-dev
mailing list