diff -Naur libreswan-3.27-orig/include/pluto_constants.h libreswan-3.27/include/pluto_constants.h

--- libreswan-3.27-orig/include/pluto_constants.h	2018-10-07 22:52:09.000000000 -0400

+++ libreswan-3.27/include/pluto_constants.h	2019-02-05 16:53:07.442895489 -0500

@@ -421,6 +421,8 @@

 	IMPAIR_SEND_PKCS7_THINGIE_IX,

+	IMPAIR_IKEv1_DEL_WITH_NOTIFY_IX,

+

 	IMPAIR_roof_IX	/* first unassigned IMPAIR */

 };

@@ -463,6 +465,7 @@

 #define IMPAIR_REPLAY_DUPLICATES 	LELEM(IMPAIR_REPLAY_DUPLICATES_IX)

 #define IMPAIR_REPLAY_FORWARD	 	LELEM(IMPAIR_REPLAY_FORWARD_IX)

 #define IMPAIR_REPLAY_BACKWARD 		LELEM(IMPAIR_REPLAY_BACKWARD_IX)

+#define IMPAIR_IKEv1_DEL_WITH_NOTIFY 	LELEM(IMPAIR_IKEv1_DEL_WITH_NOTIFY_IX)

 #define IMPAIR_REPLAY_ENCRYPTED			LELEM(IMPAIR_REPLAY_ENCRYPTED_IX)

 #define IMPAIR_CORRUPT_ENCRYPTED		LELEM(IMPAIR_CORRUPT_ENCRYPTED_IX)

@@ -478,6 +481,8 @@

 #define IMPAIR_SEND_PKCS7_THINGIE		LELEM(IMPAIR_SEND_PKCS7_THINGIE_IX)

+#define IMPAIR_IKEv1_DEL_WITH_NOTIFY           LELEM(IMPAIR_IKEv1_DEL_WITH_NOTIFY_IX)

+

 /* State of exchanges

  *

  * The name of the state describes the last message sent, not the

diff -Naur libreswan-3.27-orig/lib/libswan/impair.c libreswan-3.27/lib/libswan/impair.c

--- libreswan-3.27-orig/lib/libswan/impair.c	2018-10-07 22:52:09.000000000 -0400

+++ libreswan-3.27/lib/libswan/impair.c	2019-02-05 16:51:07.522924972 -0500

@@ -87,6 +87,7 @@

        S(IMPAIR_SUPPRESS_RETRANSMITS, "impair-suppress-retransmits", "causes pluto to never send retransmits (wait the full timeout)"),

        S(IMPAIR_TIMEOUT_ON_RETRANSMIT, "impair-timeout-on-retransmit", "causes pluto to 'retry' (switch protocol) on the first retransmit"),

        S(IMPAIR_UNKNOWN_PAYLOAD_CRITICAL, "impair-unknown-payload-critical", "mark the unknown payload as critical"),

+       S(IMPAIR_IKEv1_DEL_WITH_NOTIFY, "impair-ikev1-del-with-notify", "causes pluto to send IKE Delete with additional bogus Notify payload"),

 #undef S

 };

diff -Naur libreswan-3.27-orig/programs/pluto/ikev1_main.c libreswan-3.27/programs/pluto/ikev1_main.c

--- libreswan-3.27-orig/programs/pluto/ikev1_main.c	2018-10-07 22:52:09.000000000 -0400

+++ libreswan-3.27/programs/pluto/ikev1_main.c	2019-02-05 16:48:16.241538787 -0500

@@ -2347,12 +2347,36 @@

 				.isad_protoid = ns->proto,

 				.isad_nospi = 1,

 			};

+

+			if (DBGP(IMPAIR_IKEv1_DEL_WITH_NOTIFY))

+				isad.isad_np = ISAKMP_NEXT_N; /* Notify */

+

 			passert(out_struct(&isad, &isakmp_delete_desc, &r_hdr_pbs,

 					   &del_pbs));

 			passert(out_raw(&ns->spi, sizeof(ipsec_spi_t),

 					&del_pbs,

 					"delete payload"));

 			close_output_pbs(&del_pbs);

+

+			if (DBGP(IMPAIR_IKEv1_DEL_WITH_NOTIFY)) {

+				pb_stream cruft_pbs;

+

+				libreswan_log("IMPAIR: adding bogus Notify payload after IKE Delete payload");

+				struct isakmp_notification isan = {

+					.isan_np = ISAKMP_NEXT_NONE,

+					.isan_doi = ISAKMP_DOI_IPSEC,

+					.isan_protoid = PROTO_ISAKMP,

+					.isan_spisize = COOKIE_SIZE * 2,

+					.isan_type = INVALID_PAYLOAD_TYPE,

+				};

+

+				passert(out_struct(&isan, &isakmp_notification_desc, &r_hdr_pbs,

+					&cruft_pbs));

+				passert(out_raw(&ns->spi, sizeof(ipsec_spi_t), &cruft_pbs,

+					"notify payload"));

+				close_output_pbs(&cruft_pbs);

+			}

+

 		}

 	}

@@ -2599,7 +2623,9 @@

 					rc->policy &= ~POLICY_UP;

 					if (!shared_phase1_connection(rc)) {

 						flush_pending_by_connection(rc);

+						/* This also deletes the IKE SA, clear pointer  */

 						delete_states_by_connection(rc, FALSE);

+						md->st = NULL;

 					}

 					reset_cur_connection();

 				}