This adds some modifications to NAT-D in case the source IP can't be
determined before generating NAT-D notifies. If this happens when using
IPv4, a local NAT is faked (UDP-encap can be disabled later via MOBIKE
if no NAT is actually detected). If it happens when using IPv6, NAT-T
is disabled completely.
It also removes the old fallbacks for source NAT-D notifies, which were
generally unused but could lead to incorrect results in the above
scenario.
projects / people / ms / strongswan.git / commit
