isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates
Security Associations (SA) with a replay window of size 0 when isakmpd acts
as a responder during SA negotiation, which allows remote attackers to
replay IPSec packets and bypass the replay protection.