Index: connections.c
===================================================================
RCS file: /datas/cvs/arkoon_v3/kernel/freeswan/pluto/connections.c,v
retrieving revision 1.12
diff -u -r1.12 connections.c
--- connections.c	2002/06/11 13:14:05	1.12
+++ connections.c	2002/07/17 08:51:19
@@ -1842,8 +1842,17 @@
 	    case CK_INSTANCE:
 		if ((subnetinsubnet(peer_net,&d->that.client) ||
 		     subnetinsubnet(&d->that.client,peer_net)) &&
-		     !same_id(&d->that.id, peer_id))
+		     !same_id(&d->that.id, peer_id)) {
+		    char buf[IDTOA_BUF];
+		    char client[SUBNETTOT_BUF];
+		    subnettot(peer_net, 0, client, sizeof(client));
+		    idtoa(&d->that.id, buf, sizeof(buf));
+		    log("Virtual IP %s is already used by '%s'",
+			client, buf);
+		    idtoa(peer_id, buf, sizeof(buf));
+			log("You ID is '%s'", buf);
 		    return TRUE; /* already used by another one */
+		}
 		break;
 	    case CK_GOING_AWAY:
 	    default:
@@ -1938,8 +1947,8 @@
 		    continue;
 #ifdef VIRTUAL_IP
 		if ((is_virtual_connection(d)) &&
-		    ( (!is_virtual_net_allowed(d, peer_net)) || (!peer_id) ||
-		      (is_virtual_net_used(peer_net, peer_id)) ))
+		    ( (!is_virtual_net_allowed(d, peer_net)) ||
+		      (is_virtual_net_used(peer_net, peer_id?peer_id:&c->that.id)) ))
 		    continue;
 #endif
 	    }
Index: nat_traversal.c
===================================================================
RCS file: /datas/cvs/arkoon_v3/kernel/freeswan/pluto/nat_traversal.c,v
retrieving revision 1.2
diff -u -r1.2 nat_traversal.c
--- nat_traversal.c	2002/06/03 17:36:48	1.2
+++ nat_traversal.c	2002/07/17 08:51:19
@@ -37,10 +37,12 @@
 #include "md5.h"
 #include "crypto.h"
 #include "vendor.h"
+#include "cookie.h"
 
 #include "nat_traversal.h"
 
 /* #define FORCE_NAT_TRAVERSAL */
+/* #define NAT_D_DEBUG */
 
 #ifndef SOL_UDP
 #define SOL_UDP 17
@@ -82,6 +84,11 @@
 {
 	union hash_ctx ctx;
 
+	if (is_zero_cookie(icookie))
+		DBG_log("_natd_hash: Warning, icookie is zero !!");
+	if (is_zero_cookie(rcookie))
+		DBG_log("_natd_hash: Warning, rcookie is zero !!");
+
 	/**
 	 * draft-ietf-ipsec-nat-t-ike-01.txt
 	 *
@@ -106,6 +113,19 @@
 	}
 	hasher->hash_update(&ctx, (const u_char *)&port, sizeof(u_int16_t));
 	hasher->hash_final(hash, &ctx);
+#ifdef NAT_D_DEBUG
+	DBG_log("_natd_hash: hasher=%p(%d)", hasher, hasher->hash_digest_len);
+	DBG_dump("_natd_hash: icookie=", icookie, COOKIE_SIZE);
+	DBG_dump("_natd_hash: rcookie=", rcookie, COOKIE_SIZE);
+	switch (addrtypeof(ip)) {
+		case AF_INET:
+			DBG_dump("_natd_hash: ip=", &ip->u.v4.sin_addr.s_addr,
+				sizeof(ip->u.v4.sin_addr.s_addr));
+			break;
+	}
+	DBG_log("_natd_hash: port=%d", port);
+	DBG_dump("_natd_hash: hash=", hash, hasher->hash_digest_len);
+#endif
 }
 
 /**
@@ -156,6 +176,11 @@
 	if (!( (pbs_left(&p->pbs) == st->st_oakley.hasher->hash_digest_len) &&
 		(memcmp(p->pbs.cur, hash, st->st_oakley.hasher->hash_digest_len)==0)
 		)) {
+#ifdef NAT_D_DEBUG
+		DBG_log("NAT_TRAVERSAL_NAT_BHND_ME");
+		DBG_dump("expected NAT-D:", hash, st->st_oakley.hasher->hash_digest_len);
+		DBG_dump("received NAT-D:", p->pbs.cur, pbs_left(&p->pbs));
+#endif
 		st->nat_traversal |= LELEM(NAT_TRAVERSAL_NAT_BHND_ME);
 	}
 
@@ -172,6 +197,14 @@
 		}
 	}
 	if (!i) {
+#ifdef NAT_D_DEBUG
+		DBG_log("NAT_TRAVERSAL_NAT_BHND_PEER");
+		DBG_dump("expected NAT-D:", hash, st->st_oakley.hasher->hash_digest_len);
+		p = md->chain[ISAKMP_NEXT_NATD_R];
+		for (p = p->next, i=0 ; p != NULL; p = p->next) {
+			DBG_dump("received NAT-D:", p->pbs.cur, pbs_left(&p->pbs));
+		}
+#endif
 		st->nat_traversal |= LELEM(NAT_TRAVERSAL_NAT_BHND_PEER);
 	}
 #ifdef FORCE_NAT_TRAVERSAL
@@ -198,7 +231,8 @@
 	/**
 	 * First one with sender IP & port
 	 */
-	_natd_hash(st->st_oakley.hasher, hash, st->st_icookie, st->st_rcookie,
+	_natd_hash(st->st_oakley.hasher, hash, st->st_icookie,
+		is_zero_cookie(st->st_rcookie) ? md->hdr.isa_rcookie : st->st_rcookie,
 		&(md->sender),
 #ifdef FORCE_NAT_TRAVERSAL
 		0
@@ -213,7 +247,8 @@
 	/**
 	 * Second one with my IP & port
 	 */
-	_natd_hash(st->st_oakley.hasher, hash, st->st_icookie, st->st_rcookie,
+	_natd_hash(st->st_oakley.hasher, hash, st->st_icookie,
+		is_zero_cookie(st->st_rcookie) ? md->hdr.isa_rcookie : st->st_rcookie,
 		&(md->iface->addr),
 #ifdef FORCE_NAT_TRAVERSAL
 		0
Index: preshared.c
===================================================================
RCS file: /datas/cvs/arkoon_v3/kernel/freeswan/pluto/preshared.c,v
retrieving revision 1.4
diff -u -r1.4 preshared.c
--- preshared.c	2002/04/18 14:54:00	1.4
+++ preshared.c	2002/07/17 08:51:19
@@ -52,6 +52,10 @@
 
 #define BUF_LEN		256
 
+#ifdef NAT_TRAVERSAL
+extern bool nat_traversal_activated(void);
+#endif
+
 struct fld {
     const char *name;
     size_t offset;
@@ -274,6 +278,18 @@
 	happy(anyaddr(addrtypeof(&c->that.host_addr), &rw_id.ip_addr));
 	his_id = &rw_id;
     }
+#ifdef NAT_TRAVERSAL
+    else if ((nat_traversal_activated()) && (c->policy & POLICY_PSK) &&
+	(kind == PPK_PSK) && (
+	    ((c->kind == CK_TEMPLATE) && (c->that.id.kind == ID_NONE)) ||
+	    ((c->kind == CK_INSTANCE) && (id_is_ipaddr(&c->that.id)))))
+    {
+	/* roadwarrior: replace him with 0.0.0.0 */
+	rw_id.kind = ID_IPV4_ADDR;
+	happy(anyaddr(addrtypeof(&c->that.host_addr), &rw_id.ip_addr));
+	his_id = &rw_id;
+    }
+#endif
 
     for (s = secrets; s != NULL; s = s->next)
     {