ikev1: Send NAT-D payloads after HASH payloads in Aggressive Mode requests
authorTobias Brunner <tobias@strongswan.org>
Thu, 4 May 2017 09:29:50 +0000 (11:29 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 19 May 2017 13:29:37 +0000 (15:29 +0200)
Some implementations seem to have problems if the third AM message
contains NAT-D payloads before the HASH payload.

Fixes #2314.

src/libcharon/encoding/message.c

index 50dab9e..6d850aa 100644 (file)
@@ -554,10 +554,10 @@ static payload_order_t aggressive_i_order[] = {
        {PLV1_CERTREQ,                                  0},
        {PLV1_NOTIFY,                                   0},
        {PLV1_VENDOR_ID,                                0},
+       {PLV1_HASH,                                             0},
        {PLV1_NAT_D,                                    0},
        {PLV1_NAT_D_DRAFT_00_03,                0},
        {PLV1_SIGNATURE,                                0},
-       {PLV1_HASH,                                             0},
        {PLV1_FRAGMENT,                                 0},
 };