diff --git a/vpnc-0.5.2r394.tar.bz2 b/vpnc-0.5.2r394.tar.bz2
deleted file mode 100644
index d7c0f1e..0000000
--- a/vpnc-0.5.2r394.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7982f92fe0f69de3ab49b9e7b9256ca86fc668d92c1b2df4cf788be625be3ae0
-size 82846
diff --git a/vpnc-0.5.3r449.tar.bz2 b/vpnc-0.5.3r449.tar.bz2
new file mode 100644
index 0000000..bd3da0e
--- /dev/null
+++ b/vpnc-0.5.3r449.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:778e7816ba937f958107d6bdc092a28fd87a54143355351970e0092e83027640
+size 109545
diff --git a/vpnc-nortel-attributes.diff b/vpnc-nortel-attributes.diff
deleted file mode 100644
index 26ad535..0000000
--- a/vpnc-nortel-attributes.diff
+++ /dev/null
@@ -1,61 +0,0 @@
-Index: b/isakmp-pkt.c
-===================================================================
---- a/isakmp-pkt.c
-+++ b/isakmp-pkt.c
-@@ -637,10 +637,24 @@ static struct isakmp_attribute *parse_is
- 				hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
- 				hex_dump("t.attributes.u.acl.protocol", &r->u.acl.acl_ent[i].protocol, DUMP_UINT16, NULL);
- 				hex_dump("t.attributes.u.acl.sport", &r->u.acl.acl_ent[i].sport, DUMP_UINT16, NULL);
- 				hex_dump("t.attributes.u.acl.dport", &r->u.acl.acl_ent[i].dport, DUMP_UINT16, NULL);
- 			}
-+		} else if (r->type == ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC) {
-+			r->af = isakmp_attr_acl;
-+			r->u.acl.count = length / (4 + 4);
-+			if (r->u.acl.count * (4 + 4) != length) {
-+				*reject = ISAKMP_N_PAYLOAD_MALFORMED;
-+				return r;
-+			}
-+			r->u.acl.acl_ent = xallocc(r->u.acl.count * sizeof(struct acl_ent_s));
-+			for (i = 0; i < r->u.acl.count; i++) {
-+				fetchn(&r->u.acl.acl_ent[i].addr.s_addr, 4);
-+				fetchn(&r->u.acl.acl_ent[i].mask.s_addr, 4);
-+				hex_dump("t.attributes.u.acl.addr", &r->u.acl.acl_ent[i].addr.s_addr, 4, NULL);
-+				hex_dump("t.attributes.u.acl.mask", &r->u.acl.acl_ent[i].mask.s_addr, 4, NULL);
-+			}
- 		} else {
- 			r->u.lots.data = xallocc(length);
- 			fetchn(r->u.lots.data, length);
- 			if ((((ISAKMP_XAUTH_06_ATTRIB_TYPE < type)
- 				&& (type <= ISAKMP_XAUTH_06_ATTRIB_ANSWER)
-Index: b/isakmp.h
-===================================================================
---- a/isakmp.h
-+++ b/isakmp.h
-@@ -456,10 +456,11 @@ enum isakmp_modecfg_attrib_enum {
- 	ISAKMP_XAUTH_02_ATTRIB_DOMAIN,
- 	ISAKMP_XAUTH_02_ATTRIB_STATUS,
- 	ISAKMP_XAUTH_02_ATTRIB_NEXT_PIN,
- 	ISAKMP_XAUTH_02_ATTRIB_ANSWER, /* TYPE .. ANSWER is excluded from dump */
- 
-+	ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC = 0x4000,
- 	ISAKMP_MODECFG_ATTRIB_NORTEL_UNKNOWN_4011 = 0x4011,
- 	ISAKMP_MODECFG_ATTRIB_NORTEL_CLIENT_ID = 0x4012,
- 
- 	ISAKMP_XAUTH_06_ATTRIB_TYPE = 0x4088,
- 	ISAKMP_XAUTH_06_ATTRIB_USER_NAME,
-Index: b/vpnc.c
-===================================================================
---- a/vpnc.c
-+++ b/vpnc.c
-@@ -992,10 +992,11 @@ static int do_config_to_env(struct sa_bl
- 				DEBUG(2, printf("got peer udp encapsulation port: %hu\n", s->ipsec.peer_udpencap_port));
- 			}
- 			break;
- 
- 		case ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC:
-+		case ISAKMP_MODECFG_ATTRIB_NORTEL_SPLIT_INC:
- 			if (a->af != isakmp_attr_acl) {
- 				reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
- 				break;
- 			}
- 
diff --git a/vpnc-nortel-fix-segfault.diff b/vpnc-nortel-fix-segfault.diff
deleted file mode 100644
index a3f8b77..0000000
--- a/vpnc-nortel-fix-segfault.diff
+++ /dev/null
@@ -1,17 +0,0 @@
-Index: b/vpnc.c
-===================================================================
---- a/vpnc.c
-+++ b/vpnc.c
-@@ -1712,10 +1712,12 @@ static void do_phase1(const char *key_id
- 					gcry_md_setkey(skeyid_ctx, key, key_len);
- 					gcry_md_write(skeyid_ctx, dh_shared_secret, dh_getlen(dh_grp));
- 					gcry_md_final(skeyid_ctx);
- 				} else
- 					error(1, 0, "SKEYID could not be computed: %s", "the selected authentication method is not supported");
-+				skeyid = gcry_md_read(skeyid_ctx, 0);
-+				hex_dump("skeyid", skeyid, s->ike.md_len, NULL);
- 			} else {
- 				skeyid = gcry_md_read(skeyid_ctx, 0);
- 				hex_dump("skeyid", skeyid, s->ike.md_len, NULL);
- 			}
- 			if (opt_vendor == VENDOR_NORTEL)
diff --git a/vpnc-patch_nortel_auth_394.txt.diff b/vpnc-patch_nortel_auth_394.txt.diff
deleted file mode 100644
index 7cbb3f8..0000000
--- a/vpnc-patch_nortel_auth_394.txt.diff
+++ /dev/null
@@ -1,421 +0,0 @@
-Index: isakmp.h
-===================================================================
---- isakmp.h	(revision 394)
-+++ isakmp.h	(working copy)
-@@ -486,4 +486,23 @@
- 	ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR = 0x7d88 /* strange cisco things ... need docs! */
- };
- 
-+enum isakmp_modecfg_type_enum { /* draft-ietf-ipsec-isakmp-xauth-05.txt */
-+	ISAKMP_MODECFG_TYPE_GENERIC,
-+	ISAKMP_MODECFG_TYPE_RADIUS,
-+	ISAKMP_MODECFG_TYPE_OTP,
-+	ISAKMP_MODECFG_TYPE_NTDOMAIN,
-+	ISAKMP_MODECFG_TYPE_UNIX,
-+	ISAKMP_MODECFG_TYPE_SECURID,
-+	ISAKMP_MODECFG_TYPE_AXENT,
-+	ISAKMP_MODECFG_TYPE_LEEMAH,
-+	ISAKMP_MODECFG_TYPE_ACTIVECARD,
-+	ISAKMP_MODECFG_TYPE_DESGOLD,
-+	ISAKMP_MODECFG_TYPE_TACACS,
-+	ISAKMP_MODECFG_TYPE_TACACSPLUS,
-+	ISAKMP_MODECFG_TYPE_SKEY,
-+	ISAKMP_MODECFG_TYPE_NDS,
-+	ISAKMP_MODECFG_TYPE_DIAMETER,
-+	ISAKMP_MODECFG_TYPE_LDAP
-+};
-+
- #endif
-Index: config.h
-===================================================================
---- config.h	(revision 394)
-+++ config.h	(working copy)
-@@ -49,6 +49,7 @@
- 	CONFIG_IPSEC_SECRET,
- 	CONFIG_IPSEC_SECRET_OBF,
- 	CONFIG_XAUTH_USERNAME,
-+	CONFIG_XAUTH_PIN,
- 	CONFIG_XAUTH_PASSWORD,
- 	CONFIG_XAUTH_PASSWORD_OBF,
- 	CONFIG_XAUTH_INTERACTIVE,
-@@ -87,11 +88,16 @@
- };
- 
- enum auth_mode_enum {
--	AUTH_MODE_PSK,
-+	AUTH_MODE_PSK,                  /* pre-shared key */
- 	AUTH_MODE_RSA1,
- 	AUTH_MODE_RSA2,
--	AUTH_MODE_CERT,
--	AUTH_MODE_HYBRID
-+	AUTH_MODE_CERT,                 /* Digital Certificate Authentication */
-+	AUTH_MODE_HYBRID,               /* server certificate + xauth */
-+	AUTH_MODE_NORTEL_USERNAME,      /* User Name and Password Authentication */
-+	AUTH_MODE_NORTEL_TOKEN,         /* Group Security - Response Only Token - Use Passcode */
-+	AUTH_MODE_NORTEL_PINTOKEN,      /* Group Security - Response Only Token - Use Two-Factor Card */
-+	AUTH_MODE_NORTEL_TOKENSW,       /* Group Security - Response Only Token - Use SoftID Software */
-+	AUTH_MODE_NORTEL_GPASSWORD      /* Group Security - Group Password Authentication */
- };
- 
- extern const char *config[LAST_CONFIG];
-Index: config.c
-===================================================================
---- config.c	(revision 394)
-+++ config.c	(working copy)
-@@ -159,7 +159,7 @@
- 
- static const char *config_def_auth_mode(void)
- {
--	return "psk";
-+	return "default";
- }
- 
- static const char *config_def_nortel_client_id(void)
-@@ -247,6 +247,13 @@
- 		"your username",
- 		NULL
- 	}, {
-+		CONFIG_XAUTH_PIN, 1, 0,
-+		NULL,
-+		"Xauth PIN ",
-+		"<ASCII string>",
-+		"PIN for Nortel Two-Factor Authentication",
-+		NULL
-+	}, {
- 		CONFIG_XAUTH_PASSWORD, 1, 0,
- 		NULL,
- 		"Xauth password ",
-@@ -434,11 +441,17 @@
- 		CONFIG_AUTH_MODE, 1, 1,
- 		"--auth-mode",
- 		"IKE Authmode ",
--		"<psk/cert/hybrid>",
-+		"<default/cert/psk/hybrid/username/token/PIN-token/token-SW/gpassword>",
- 		"Authentication mode:\n"
--		" * psk:    pre-shared key (default)\n"
--		" * cert:   server + client certificate (not implemented yet)\n"
--		" * hybrid: server certificate + xauth (if built with openssl support)\n",
-+		" * default:   maps to vendor specific default mode\n"
-+		" * cert:      server + client certificate (not implemented yet)\n"
-+		" * psk:       Cisco pre-shared key (default for Cisco)\n"
-+		" * hybrid:    Cisco server certificate + xauth (if built with openssl support)\n"
-+		" * username:  Nortel User Name and Password Authentication\n"
-+		" * token:     Nortel Group Security - Response Only Token - Use Passcode (default for Nortel)\n"
-+		" * PIN-token: Nortel Group Security - Response Only Token - Use Two-Factor Card\n"
-+		" * token-SW:  Nortel Group Security - Response Only Token - Use SoftID Software\n"
-+		" * gpassword: Nortel Group Security - Group Password Authentication",
- 		config_def_auth_mode
- 	}, {
- 		CONFIG_CA_FILE, 1, 1,
-@@ -703,16 +716,79 @@
- 		opt_nd = (config[CONFIG_ND]) ? 1 : 0;
- 		opt_1des = (config[CONFIG_ENABLE_1DES]) ? 1 : 0;
- 
-+		if (!strcmp(config[CONFIG_VENDOR], "cisco")) {
-+			opt_vendor = VENDOR_CISCO;
-+		} else if (!strcmp(config[CONFIG_VENDOR], "netscreen")) {
-+			opt_vendor = VENDOR_NETSCREEN;
-+		} else if (!strcmp(config[CONFIG_VENDOR], "nortel")) {
-+			opt_vendor = VENDOR_NORTEL;
-+		} else {
-+			printf("%s: unknown vendor %s\nknown vendors: cisco netscreen nortel\n",
-+				argv[0], config[CONFIG_VENDOR]);
-+			exit(1);
-+		}
-+
- 		if (!strcmp(config[CONFIG_AUTH_MODE], "psk")) {
- 			opt_auth_mode = AUTH_MODE_PSK;
- 		} else if (!strcmp(config[CONFIG_AUTH_MODE], "cert")) {
- 			opt_auth_mode = AUTH_MODE_CERT;
- 		} else if (!strcmp(config[CONFIG_AUTH_MODE], "hybrid")) {
- 			opt_auth_mode = AUTH_MODE_HYBRID;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "username")) {
-+			opt_auth_mode = AUTH_MODE_NORTEL_USERNAME;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "token")) {
-+			opt_auth_mode = AUTH_MODE_NORTEL_TOKEN;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "PIN-token")) {
-+			opt_auth_mode = AUTH_MODE_NORTEL_PINTOKEN;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "token-SW")) {
-+			opt_auth_mode = AUTH_MODE_NORTEL_TOKENSW;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "gpassword")) {
-+			opt_auth_mode = AUTH_MODE_NORTEL_GPASSWORD;
-+		} else if (!strcmp(config[CONFIG_AUTH_MODE], "default")) {
-+			switch (opt_vendor) {
-+				case VENDOR_NORTEL:
-+					opt_auth_mode = AUTH_MODE_NORTEL_TOKEN;
-+					break;
-+				case VENDOR_NETSCREEN:
-+				case VENDOR_CISCO:
-+				default:
-+					opt_auth_mode = AUTH_MODE_PSK;
-+					break;
-+			}
- 		} else {
--			printf("%s: unknown authentication mode %s\nknown modes: psk cert hybrid\n", argv[0], config[CONFIG_AUTH_MODE]);
-+			printf("%s: unknown authentication mode \"%s\"\nknown modes: "
-+				"default/cert/psk/hybrid/username/token/PIN-token/token-SW/gpassword\n",
-+				argv[0], config[CONFIG_AUTH_MODE]);
- 			exit(1);
- 		}
-+
-+		if (((opt_vendor == VENDOR_NORTEL) &&
-+			((opt_auth_mode != AUTH_MODE_CERT) &&
-+			 (opt_auth_mode != AUTH_MODE_NORTEL_USERNAME) &&
-+			 (opt_auth_mode != AUTH_MODE_NORTEL_TOKEN) &&
-+			 (opt_auth_mode != AUTH_MODE_NORTEL_PINTOKEN) &&
-+			 (opt_auth_mode != AUTH_MODE_NORTEL_TOKENSW) &&
-+			 (opt_auth_mode != AUTH_MODE_NORTEL_GPASSWORD))) ||
-+		    ((opt_vendor == VENDOR_CISCO) &&
-+			((opt_auth_mode != AUTH_MODE_CERT) &&
-+			 (opt_auth_mode != AUTH_MODE_PSK) &&
-+			 (opt_auth_mode != AUTH_MODE_HYBRID))) ||
-+		    ((opt_vendor == VENDOR_NETSCREEN) &&
-+			((opt_auth_mode != AUTH_MODE_CERT) &&
-+			 (opt_auth_mode != AUTH_MODE_PSK) &&
-+			 (opt_auth_mode != AUTH_MODE_HYBRID)))) {
-+			printf("%s: Auth Mode \"%s\" not valid for Vendor \"%s\"\n",
-+				argv[0], config[CONFIG_AUTH_MODE], config[CONFIG_VENDOR]);
-+			exit(1);
-+		}
-+
-+		if (opt_auth_mode == AUTH_MODE_CERT ||
-+		    opt_auth_mode == AUTH_MODE_NORTEL_TOKENSW) {
-+			printf("%s: unimplemented Auth Mode \"%s\"\n",
-+				argv[0], config[CONFIG_AUTH_MODE]);
-+			exit(1);
-+		}
-+
- #ifndef OPENSSL_GPL_VIOLATION
- 		if (opt_auth_mode == AUTH_MODE_HYBRID ||
- 			opt_auth_mode == AUTH_MODE_CERT) {
-@@ -783,17 +859,6 @@
- 			}
- 			opt_nortel_client_id = tmp;
- 		}
--
--		if (!strcmp(config[CONFIG_VENDOR], "cisco")) {
--			opt_vendor = VENDOR_CISCO;
--		} else if (!strcmp(config[CONFIG_VENDOR], "netscreen")) {
--			opt_vendor = VENDOR_NETSCREEN;
--		} else if (!strcmp(config[CONFIG_VENDOR], "nortel")) {
--			opt_vendor = VENDOR_NORTEL;
--		} else {
--			printf("%s: unknown vendor %s\nknown vendors: cisco netscreen nortel\n", argv[0], config[CONFIG_VENDOR]);
--			exit(1);
--		}
- 	}
- 
- 	if (opt_debug >= 99) {
-@@ -810,6 +875,12 @@
- 			continue;
- 		if (config[CONFIG_XAUTH_INTERACTIVE] && i == CONFIG_XAUTH_PASSWORD)
- 			continue;
-+		if (opt_auth_mode == AUTH_MODE_NORTEL_USERNAME
-+		    && (i == CONFIG_XAUTH_USERNAME || i == CONFIG_XAUTH_PASSWORD))
-+			continue;
-+		if (opt_auth_mode != AUTH_MODE_NORTEL_PINTOKEN
-+		    && i == CONFIG_XAUTH_PIN)
-+			continue;
- 
- 		s = NULL;
- 		s_len = 0;
-@@ -828,6 +899,11 @@
- 		case CONFIG_XAUTH_USERNAME:
- 			printf("Enter username for %s: ", config[CONFIG_IPSEC_GATEWAY]);
- 			break;
-+		case CONFIG_XAUTH_PIN:
-+			printf("Enter PIN for %s@%s: ",
-+				config[CONFIG_XAUTH_USERNAME],
-+				config[CONFIG_IPSEC_GATEWAY]);
-+			break;
- 		case CONFIG_XAUTH_PASSWORD:
- 			printf("Enter password for %s@%s: ",
- 				config[CONFIG_XAUTH_USERNAME],
-@@ -839,6 +915,7 @@
- 		fflush(stdout);
- 		switch (i) {
- 		case CONFIG_IPSEC_SECRET:
-+		case CONFIG_XAUTH_PIN:
- 		case CONFIG_XAUTH_PASSWORD:
- 			s = strdup(getpass(""));
- 			break;
-@@ -870,10 +947,14 @@
- 		error(1, 0, "missing IPSec ID");
- 	if (!config[CONFIG_IPSEC_SECRET])
- 		error(1, 0, "missing IPSec secret");
--	if (!config[CONFIG_XAUTH_USERNAME])
--		error(1, 0, "missing Xauth username");
--	if (!config[CONFIG_XAUTH_PASSWORD] && !config[CONFIG_XAUTH_INTERACTIVE])
--		error(1, 0, "missing Xauth password");
-+	if (opt_auth_mode != AUTH_MODE_NORTEL_USERNAME) {
-+		if (!config[CONFIG_XAUTH_USERNAME])
-+			error(1, 0, "missing Xauth username");
-+		if (!config[CONFIG_XAUTH_PASSWORD] && !config[CONFIG_XAUTH_INTERACTIVE])
-+			error(1, 0, "missing Xauth password");
-+	}
-+	if (opt_auth_mode == AUTH_MODE_NORTEL_PINTOKEN && !config[CONFIG_XAUTH_PIN])
-+		error(1, 0, "missing Xauth PIN");
- 	if (get_dh_group_ike() == NULL)
- 		error(1, 0, "IKE DH Group \"%s\" unsupported\n", config[CONFIG_IKE_DH]);
- 	if (get_dh_group_ipsec(-1) == NULL)
-Index: vpnc.c
-===================================================================
---- vpnc.c	(revision 394)
-+++ vpnc.c	(working copy)
-@@ -1110,17 +1110,10 @@
- 	r->u.sa.proposals->u.p.prot_id = ISAKMP_IPSEC_PROTO_ISAKMP;
- 
- 	if (opt_vendor == VENDOR_NORTEL) {
--	auth = 0;
-+		auth = 0;
- 		if ((opt_auth_mode == AUTH_MODE_CERT) &&
- 	        (supp_auth[auth].ike_sa_id != IKE_AUTH_RSA_SIG) &&
- 			(supp_auth[auth].ike_sa_id != IKE_AUTH_DSS)) {
--		} else if ((opt_auth_mode == AUTH_MODE_HYBRID) &&
--		    (supp_auth[auth].ike_sa_id != IKE_AUTH_HybridInitRSA) &&
--			(supp_auth[auth].ike_sa_id != IKE_AUTH_HybridInitDSS)) {
--		} else if (supp_auth[auth].ike_sa_id == IKE_AUTH_HybridInitRSA ||
--			supp_auth[auth].ike_sa_id == IKE_AUTH_HybridInitDSS ||
--			supp_auth[auth].ike_sa_id == IKE_AUTH_RSA_SIG ||
--			supp_auth[auth].ike_sa_id == IKE_AUTH_DSS) {
- 		} else {
- 			for (crypt = 0; supp_crypt[crypt].name != NULL; crypt++) {
- 				keylen = supp_crypt[crypt].keylen;
-@@ -1284,7 +1277,10 @@
- 		l->u.id.protocol = IPPROTO_UDP;
- 		l->u.id.port = ISAKMP_PORT; /* this must be 500, see rfc2407, 4.6.2 */
- 		if (opt_vendor == VENDOR_NORTEL) {
--			l->u.id.length = 24;
-+			if (opt_auth_mode == AUTH_MODE_NORTEL_USERNAME)
-+				l->u.id.length = 20;
-+			else
-+				l->u.id.length = 24;
- 			l->u.id.data = xallocc(l->u.id.length);
- 			gcry_md_hash_buffer(GCRY_MD_SHA1, l->u.id.data, key_id, strlen(key_id));
- 			/* memcpy(l->u.id.data, key_id, strlen(key_id)); */
-@@ -1629,7 +1625,10 @@
- 			reject = ISAKMP_N_INVALID_ID_INFORMATION;
- 
- 		/* Decide if signature or hash is expected (sig only if vpnc is initiator of hybrid-auth */
--		if (reject == 0 && opt_auth_mode == AUTH_MODE_PSK && (hash == NULL || hash->u.hash.length != s->ike.md_len))
-+		if (reject == 0 &&
-+			((opt_auth_mode == AUTH_MODE_PSK) ||
-+			 (opt_vendor == VENDOR_NORTEL && opt_auth_mode != AUTH_MODE_CERT)) &&
-+			(hash == NULL || hash->u.hash.length != s->ike.md_len))
- 			reject = ISAKMP_N_INVALID_HASH_INFORMATION;
- 		if (reject == 0 && sig == NULL &&
- 			(opt_auth_mode == AUTH_MODE_CERT ||
-@@ -1744,7 +1743,8 @@
- 			expected_hash = gcry_md_read(hm, 0);
- 			hex_dump("expected hash", expected_hash, s->ike.md_len, NULL);
- 
--			if (opt_auth_mode == AUTH_MODE_PSK) {
-+			if ((opt_auth_mode == AUTH_MODE_PSK) ||
-+				(opt_vendor == VENDOR_NORTEL && opt_auth_mode != AUTH_MODE_CERT)) {
- 				if (memcmp(expected_hash, hash->u.hash.data, s->ike.md_len) != 0)
- 					error(2, 0, "hash comparison failed: %s(%d)\ncheck group password!",
- 						val_to_string(ISAKMP_N_AUTHENTICATION_FAILED, isakmp_notify_enum_array),
-@@ -2228,7 +2228,6 @@
- 	DEBUGTOP(2, printf("S5.1 xauth_start\n"));
- 	/* This can go around for a while.  */
- 	for (loopcount = 0;; loopcount++) {
--		uint16_t xauth_type_requested = 5;
- 		struct isakmp_payload *rp;
- 		struct isakmp_attribute *a, *ap, *reply_attr;
- 		char ntop_buf[32];
-@@ -2343,6 +2342,12 @@
- 		reply_attr = NULL;
- 		for (ap = a; ap && reject == 0; ap = ap->next)
- 			switch (ap->type) {
-+			case ISAKMP_XAUTH_02_ATTRIB_TYPE:
-+				if (opt_auth_mode == AUTH_MODE_NORTEL_GPASSWORD)
-+					reply_attr = new_isakmp_attribute_16(ISAKMP_XAUTH_02_ATTRIB_TYPE, ISAKMP_MODECFG_TYPE_RADIUS, reply_attr);
-+				else
-+					reply_attr = new_isakmp_attribute_16(ISAKMP_XAUTH_02_ATTRIB_TYPE, ISAKMP_MODECFG_TYPE_SECURID, reply_attr);
-+				break;
- 			case ISAKMP_XAUTH_06_ATTRIB_DOMAIN:
- 			case ISAKMP_XAUTH_02_ATTRIB_DOMAIN:
- 				{
-@@ -2416,16 +2421,27 @@
- 					memset(pass, 0, na->u.lots.length);
- 				} else {
- 					struct isakmp_attribute *na;
--					if (opt_vendor == VENDOR_NORTEL) {
--						na = reply_attr->next = new_isakmp_attribute(ISAKMP_XAUTH_02_ATTRIB_PASSCODE, /* reply_attr */ NULL);
-+					if (opt_vendor == VENDOR_NORTEL
-+					    && opt_auth_mode != AUTH_MODE_NORTEL_GPASSWORD)
-+						na = new_isakmp_attribute(ISAKMP_XAUTH_02_ATTRIB_PASSCODE, reply_attr);
-+					else
-+						na = new_isakmp_attribute(ap->type, reply_attr);
-+					reply_attr = na;
-+					if (opt_vendor == VENDOR_NORTEL
-+					    && opt_auth_mode == AUTH_MODE_NORTEL_PINTOKEN) {
-+						int l_pin, l_pas;
-+						l_pin = strlen(config[CONFIG_XAUTH_PIN]);
-+						l_pas = strlen(config[CONFIG_XAUTH_PASSWORD]);
-+						na->u.lots.length = l_pin + l_pas;
-+						na->u.lots.data = xallocc(na->u.lots.length);
-+						memcpy(na->u.lots.data, config[CONFIG_XAUTH_PIN], l_pin);
-+						memcpy(na->u.lots.data + l_pin, config[CONFIG_XAUTH_PASSWORD], l_pas);
- 					} else {
--						na = new_isakmp_attribute(ap->type, reply_attr);
--						reply_attr = na;
-+						na->u.lots.length = strlen(config[CONFIG_XAUTH_PASSWORD]);
-+						na->u.lots.data = xallocc(na->u.lots.length);
-+						memcpy(na->u.lots.data, config[CONFIG_XAUTH_PASSWORD],
-+							na->u.lots.length);
- 					}
--					na->u.lots.length = strlen(config[CONFIG_XAUTH_PASSWORD]);
--					na->u.lots.data = xallocc(na->u.lots.length);
--					memcpy(na->u.lots.data, config[CONFIG_XAUTH_PASSWORD],
--						na->u.lots.length);
- 					passwd_used = 1; /* Provide canned password at most once */
- 				}
- 				break;
-@@ -2433,10 +2449,6 @@
- 				;
- 			}
- 
--		if (opt_vendor == VENDOR_NORTEL) {
--			reply_attr = new_isakmp_attribute_16(ISAKMP_XAUTH_02_ATTRIB_TYPE, xauth_type_requested, reply_attr);
--		}
--
- 		/* Send the response.  */
- 		rp = new_isakmp_payload(ISAKMP_PAYLOAD_MODECFG_ATTR);
- 		rp->u.modecfg.type = ISAKMP_MODECFG_CFG_REPLY;
-@@ -2551,7 +2563,8 @@
- 		rp->u.modecfg.attributes = a;
- 		sendrecv_phase2(s, rp, ISAKMP_EXCHANGE_MODECFG_TRANSACTION, msgid, 0, 0, 0, 0, 0, 0, 0);
- 	} else {
--		r_length = sendrecv(s,r_packet, sizeof(r_packet), NULL, 0, 0);
-+		if (opt_auth_mode != AUTH_MODE_NORTEL_USERNAME)
-+			r_length = sendrecv(s,r_packet, sizeof(r_packet), NULL, 0, 0);
- 	}
- 
- 	/* recv and check for notices */
-@@ -3802,18 +3815,22 @@
- 	do {
- 		DEBUGTOP(2, printf("S4 do_phase1\n"));
- 		do_phase1(group_id, config[CONFIG_IPSEC_SECRET], s);
--		DEBUGTOP(2, printf("S5 do_phase2_xauth\n"));
- 
- 		if (opt_vendor == VENDOR_NORTEL) {
--			do_load_balance = do_phase2_xauth(s);
-+			if (opt_auth_mode != AUTH_MODE_NORTEL_USERNAME) {
-+				DEBUGTOP(2, printf("S5 do_phase2_xauth\n"));
-+				do_load_balance = do_phase2_xauth(s);
-+			}
- 			DEBUGTOP(2, printf("S6 do_phase2_config\n"));
- 			do_load_balance = do_phase2_config(s);
- 			DEBUGTOP(2, printf("S6 do_phase2\n"));
- 			do_phase2(s);
- 		} else {
- 			/* FIXME: Create and use a generic function in supp.[hc] */
--			if (s->ike.auth_algo >= IKE_AUTH_HybridInitRSA)
-+			if (s->ike.auth_algo >= IKE_AUTH_HybridInitRSA) {
-+				DEBUGTOP(2, printf("S5 do_phase2_xauth\n"));
- 				do_load_balance = do_phase2_xauth(s);
-+			}
- 			DEBUGTOP(2, printf("S6 do_phase2_config\n"));
- 			if ((opt_vendor == VENDOR_CISCO || opt_vendor == VENDOR_NORTEL) && (do_load_balance == 0))
- 				do_load_balance = do_phase2_config(s);
diff --git a/vpnc.changes b/vpnc.changes
index cc0f713..3bf5200 100644
--- a/vpnc.changes
+++ b/vpnc.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Sun Nov  1 12:09:54 UTC 2009 - tittiatcoke@gmail.com
+
+- Update to 0.5.3 svn 449
+  + Add support for Nortel proprietary UDP NATT.
+
+-------------------------------------------------------------------
+Fri Oct 30 19:49:47 UTC 2009 - tittiatcoke@gmail.com
+
+- Update to 0.5.3 svn 447
+  + Fix memory leak (Thanks to Bin Li)
+  + Merge in Nortel branch
+  + Extract "default domain" value and pass it to vpnc-script
+  + Implements Nortel "server side" split-tunnel
+  + Add support to main Nortel authentication modes:
+      a) "User Name and Password Authentication"
+      b) "Group Password Authentication"
+      c) "Response Only Token"
+      d) "Response Only Token" with split PIN and Token fields
+
 -------------------------------------------------------------------
 Wed Aug 26 17:52:19 CET 2009 - tittiatcoke@gmail.com
 
diff --git a/vpnc.spec b/vpnc.spec
index 1ce233a..8e8c02e 100644
--- a/vpnc.spec
+++ b/vpnc.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package vpnc (Version 0.5.2r394)
+# spec file for package vpnc (Version 0.5.3r449)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -21,16 +21,14 @@
 Name:           vpnc
 Group:          Productivity/Networking/Security
 BuildRequires:  libgcrypt-devel
-Version:        0.5.2r394
-Release:        5
+BuildRequires:  gnutls libgnutls-devel pkg-config
+Version:        0.5.3r449
+Release:        1
 License:        BSD 3-clause (or similar) ; GPL v2 or later
 AutoReqProv:    on
 Summary:        A Client for Cisco VPN concentrator
 Requires:       /usr/bin/sed /sbin/ip
 Source:         %{name}-%{version}.tar.bz2
-Patch1:         vpnc-patch_nortel_auth_394.txt.diff
-Patch2:         vpnc-nortel-attributes.diff
-Patch3:         vpnc-nortel-fix-segfault.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -54,16 +52,10 @@ Authors:
     Eduard Bloch <blade at debian dot org>
 
 %prep
-%setup -n %{name}-%{version}
-%patch1 -p0
-%patch2 -p1
-%patch3 -p1
+%setup -n %{name}
 
 %build
-%{?suse_update_config:%{suse_update_config -f}}
-%{__make} \
-	CFLAGS="$RPM_OPT_FLAGS" \
-	PREFIX=/usr
+make PREFIX=/usr
 
 %install
 mkdir -p \