vpnc at unix-ag
Nov 8, 2011, 7:52 AM
Post #1 of 1
(156 views)
Permalink
|
|
svn commit: vpnc r466 - /branches/vpnc-nortel/vpnc.c
|
|
Author: Antonio Borneo
Date: Tue Nov 8 16:52:27 2011
New Revision: 466
Log:
Stefan Seyfried <seife+obs [at] b1-systems>
Florian Echtler <floe [at] butterbrot>
Add support for draft-ietf-ipsec-nat-t-ike-03, which is
required by the Fritz!Box series of home routers.
This is one part of the changes needed to make the Fritz!Box
vpn server happy.
This patch is partly taken from Florian Echtlers patch from
June 8: http://permalink.gmane.org/gmane.network.vpnc.devel/3435
Modified:
branches/vpnc-nortel/vpnc.c
Modified: branches/vpnc-nortel/vpnc.c
==============================================================================
--- branches/vpnc-nortel/vpnc.c (original)
+++ branches/vpnc-nortel/vpnc.c Tue Nov 8 16:52:27 2011
@@ -89,6 +89,10 @@
0x90, 0xCB, 0x80, 0x91, 0x3E, 0xBB, 0x69, 0x6E,
0x08, 0x63, 0x81, 0xB5, 0xEC, 0x42, 0x7B, 0x1F
};
+const unsigned char VID_NATT_03[] = { /* "draft-ietf-ipsec-nat-t-ike-03" */
+ 0x7d, 0x94, 0x19, 0xa6, 0x53, 0x10, 0xca, 0x6f,
+ 0x2c, 0x17, 0x9d, 0x92, 0x15, 0x52, 0x9d, 0x56
+};
const unsigned char VID_NATT_RFC[] = { /* "RFC 3947" */
0x4A, 0x13, 0x1C, 0x81, 0x07, 0x03, 0x58, 0x45,
0x5C, 0x57, 0x28, 0xF2, 0x0E, 0x95, 0x45, 0x2F
@@ -151,6 +155,7 @@
{ VID_NATT_01, sizeof(VID_NATT_01), "Nat-T 01" },
{ VID_NATT_02, sizeof(VID_NATT_02), "Nat-T 02" },
{ VID_NATT_02N, sizeof(VID_NATT_02N), "Nat-T 02N" },
+ { VID_NATT_03, sizeof(VID_NATT_03), "Nat-T 03" },
{ VID_NATT_RFC, sizeof(VID_NATT_RFC), "Nat-T RFC" },
{ VID_DWR, sizeof(VID_DWR), "Delete With Reason" },
{ VID_CISCO_FRAG, sizeof(VID_CISCO_FRAG), "Cisco Fragmentation" },
@@ -1333,6 +1338,8 @@
if ((opt_natt_mode == NATT_NORMAL) || (opt_natt_mode == NATT_FORCE)) {
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_RFC, sizeof(VID_NATT_RFC));
+ l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
+ VID_NATT_03, sizeof(VID_NATT_03));
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
VID_NATT_02N, sizeof(VID_NATT_02N));
l = l->next = new_isakmp_data_payload(ISAKMP_PAYLOAD_VID,
@@ -1571,6 +1578,12 @@
seen_natt_vid = 1;
if (natt_draft < 1) natt_draft = 2;
DEBUG(2, printf("peer is NAT-T capable (RFC 3947)\n"));
+ } else if (rp->u.vid.length == sizeof(VID_NATT_03)
+ && memcmp(rp->u.vid.data, VID_NATT_03,
+ sizeof(VID_NATT_03)) == 0) {
+ seen_natt_vid = 1;
+ if (natt_draft < 1) natt_draft = 2;
+ DEBUG(2, printf("peer is NAT-T capable (draft-03)\n"));
} else if (rp->u.vid.length == sizeof(VID_NATT_02N)
&& memcmp(rp->u.vid.data, VID_NATT_02N,
sizeof(VID_NATT_02N)) == 0) {
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
