diff options
| author | Martin Willi <martin@revosec.ch> | 2013-05-16 13:32:48 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-06-11 15:54:25 +0200 |
| commit | 44d9970f4c1205afa280fcb5f90897a512f90c62 (patch) | |
| tree | 5cc2b824caeef4c8e5442010e12231a581328180 /src | |
| parent | f5f7053bcdb5b25b412a87f5853b4a6d94b8abe8 (diff) | |
| download | strongswan-44d9970f4c1205afa280fcb5f90897a512f90c62.tar.bz2 strongswan-44d9970f4c1205afa280fcb5f90897a512f90c62.tar.xz | |
Allow IPComp on NATed connections, both for IKEv1 and IKEv2
While this was problematic in earlier releases, it seems that it works just
fine the way we handle compression now. So there is no need to disable it over
NATed connections or when using forceencaps.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/quick_mode.c | 36 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/child_create.c | 7 |
2 files changed, 10 insertions, 33 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 7a0fb5788..47c844e5f 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -774,19 +774,11 @@ METHOD(task_t, build_i, status_t, if (this->config->use_ipcomp(this->config)) { - if (this->udp) + this->cpi_i = this->child_sa->alloc_cpi(this->child_sa); + if (!this->cpi_i) { - DBG1(DBG_IKE, "IPComp is not supported if either peer is " - "natted, IPComp disabled"); - } - else - { - this->cpi_i = this->child_sa->alloc_cpi(this->child_sa); - if (!this->cpi_i) - { - DBG1(DBG_IKE, "unable to allocate a CPI from kernel, " - "IPComp disabled"); - } + DBG1(DBG_IKE, "unable to allocate a CPI from kernel, " + "IPComp disabled"); } } @@ -1009,21 +1001,13 @@ METHOD(task_t, process_r, status_t, if (this->config->use_ipcomp(this->config)) { - if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) - { - DBG1(DBG_IKE, "IPComp is not supported if either peer is " - "natted, IPComp disabled"); - } - else + list = sa_payload->get_ipcomp_proposals(sa_payload, + &this->cpi_i); + if (!list->get_count(list)) { - list = sa_payload->get_ipcomp_proposals(sa_payload, - &this->cpi_i); - if (!list->get_count(list)) - { - DBG1(DBG_IKE, "expected IPComp proposal but peer did " - "not send one, IPComp disabled"); - this->cpi_i = 0; - } + DBG1(DBG_IKE, "expected IPComp proposal but peer did " + "not send one, IPComp disabled"); + this->cpi_i = 0; } } if (!list || !list->get_count(list)) diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 5a2c05d99..4e66c3f29 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -678,13 +678,6 @@ static void build_payloads(private_child_create_t *this, message_t *message) static void add_ipcomp_notify(private_child_create_t *this, message_t *message, u_int8_t ipcomp) { - if (this->ike_sa->has_condition(this->ike_sa, COND_NAT_ANY)) - { - DBG1(DBG_IKE, "IPComp is not supported if either peer is natted, " - "IPComp disabled"); - return; - } - this->my_cpi = this->child_sa->alloc_cpi(this->child_sa); if (this->my_cpi) { |