On Thu, 22 Feb 2024 at 13:43, Paul Wouters via Swan-dev <swan-dev@lists.libreswan.org> wrote: > > On Thu, 22 Feb 2024, Andrew Cagney via Swan-commit wrote: > > > New commits: > > commit 8f2151aab6084561bdeb8c49206ee238b508eecc > > Author: Andrew Cagney <cag...@gnu.org> > > Date: Thu Feb 22 10:58:13 2024 -0500 > > > > ikev2: drop code checking for NAT during IKE_INTERMEDIATE exchange > > > > NAT happens during IKE_SA_INIT; follow-up: > > pluto: do not allow nic-offload=packet with encapsulation=yes > > I checked RFC9242 and you are correct.
Right. According to the basic IKEv2 RFC, NAT is all handled during IKE_SA_INIT. Hence, seeing changes to ikev2_ike_intermediate.[hc] caught my eye (that and that I'd previously removed remarkably similar code in ikev2_ike_auth.[hc]). _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev