> However, now it is not possible to peer strongswan with palo-alto devices. > Do you have a suggested workaround?
If you can't get that device to change its behavior (e.g. by enabling DPD, which would require a Phase 1 SA) you could do what SK suggested, that is, ignore DELETE payloads (always, or only if CHILD_SAs are attached). For instance, just return SUCCESS in [1]. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev1/tasks/isakmp_delete.c;hb=HEAD#l77 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
