From 19f2439cd22fbea8d619ba060be5e596dd30af2b Mon Sep 17 00:00:00 2001
From: Maxime Bizon <mbizon@freebox.fr>
Date: Wed, 17 Feb 2016 15:04:28 +0100
Subject: [PATCH 4/4] hack for windows 7/8/10

---
 src/libcharon/sa/ikev2/tasks/ike_natd.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index e1b8caa15..cbccabbe3 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -264,6 +264,22 @@ static void process_payloads(private_ike_natd_t *this, message_t *message)
 	{
 		this->ike_sa->enable_extension(this->ike_sa, EXT_NATT);
 
+		/* hack for Windows host, they use the wrong source
+		 * ipv6 address to compute the hash when using IPv6 &
+		 * privacy extensions, assume IPv6 is never NAT-Ted */
+		if (this->af == AF_INET6) {
+			if (!this->dst_matched)
+				DBG1(DBG_IKE, "ignoring not matching "
+				     "NAT_DETECTION_DESTINATION_IP hash");
+
+			if (!this->src_matched)
+				DBG1(DBG_IKE, "ignoring not matching "
+				     "NAT_DETECTION_SOURCE_IP hash");
+
+			this->dst_matched = true;
+			this->src_matched = true;
+		}
+
 		this->ike_sa->set_condition(this->ike_sa, COND_NAT_HERE,
 									!this->dst_matched);
 		this->ike_sa->set_condition(this->ike_sa, COND_NAT_THERE,
-- 
2.17.1