diff options
| author | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-04-13 07:04:10 +0000 |
|---|---|---|
| committer | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-04-13 07:04:10 +0000 |
| commit | 6370a5ccd60fbe7c6a6a804f6f4ccc77dc2dde81 (patch) | |
| tree | a68d93628ee47c4722dc2f0ee1bc586142d06810 /sbin/iked/ikev2_pld.c | |
| parent | f9008673f7067d35956794a87d8185a8c8628749 (diff) | |
Add a NAT-T keepalive timer in case we are behind a NAT gateway.
See RFC 5996, section 2.23, NAT Traversal:
In the case of a mismatching NAT_DETECTION_DESTINATION_IP hash, it
means that the system receiving the NAT_DETECTION_DESTINATION_IP
payload is behind a NAT and that system SHOULD start sending
keepalive packets as defined in [UDPENCAPS].
With markus@, ok reyk@
Diffstat (limited to 'sbin/iked/ikev2_pld.c')
| -rw-r--r-- | sbin/iked/ikev2_pld.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 86086e56ca4..5724520f696 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.61 2017/03/27 17:17:49 mikeb Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.62 2017/04/13 07:04:09 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -1148,6 +1148,9 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, */ if (msg->msg_sa != NULL) msg->msg_sa->sa_udpencap = 1; + /* Send keepalive, since we are behind a NAT-gw */ + if (type == IKEV2_N_NAT_DETECTION_DESTINATION_IP) + msg->msg_sa->sa_usekeepalive = 1; } print_hex(md, 0, sizeof(md)); break; |