<div>Hi,</div>
<div> </div>
<div>I am using strongswan 4.5.2 in Ubuntu 10.10 version.</div>
<div>After timing out a child SA which was previously created Strongswan sends CREATE_CHILD_SA rekey request.</div>
<div>Then My application sends CREATE_CHILD_SA Response and in turn Strongswan sends IKEv2_INFORMATIONAL_EXCHANGE with Flags 0x00</div>
<div>That is initiator and responderder bit nothing is true.</div>
<div>Please help me with this problem.Why this behaviour is seen.</div>
<div> </div>
<div>Thanks in advance.</div>
<div> </div>
<div>Here is the packet decodesent by strongswan by my application-</div>
<div> </div>
<div>ETHER: ---- Ethernet Header ----<br>ETHER:<br>ETHER: Destination = 00:10:18:B1:40:63<br>ETHER: Source = 00:0F:FE:6F:39:28<br>ETHER: Type = 0x0800 (DOD IP)<br>ETHER:<br>IP: ---- IP Packet ----<br>IP:<br>IP: Version = 4<br>
IP: Internet Header Length = 5 (20 bytes)<br>IP: Type Of Service = 0x00<br>IP: |01234567<br>IP: |000..... = Precedence (Routine)<br>IP: |...0.... = Normal Delay<br>IP: |....0... = Normal Throughput<br>
IP: |.....0.. = Normal Reliability<br>IP: |......0. = Normal Monetary Cost<br>IP: |.......0 = Must Be Zero<br>IP: Total Length = 96 bytes<br>IP: Identification = 0x0000 (0)<br>
IP: Flags = 2<br>IP: |012<br>IP: |0.. = Reserved<br>IP: |.1. = Don't Fragment<br>IP: |..0 = Last Fragment<br>IP: Fragment Offset = 0x0000 (0 bytes)<br>
IP: Time to Live = 64<br>IP: Protocol = UDP (17)<br>IP: Header Checksum = 0x2446 (Correct)<br>IP: Source Address = 10.1.1.20 ---------------------------------------------------------(IP of the interface in which strongswan is running)<br>
IP: Destination Address = 10.1.1.50 ---------------------------------------------------------(IP of the interface in which my application is running)<br>IP:<br>UDP: ---- UDP Packet ----<br>
UDP:<br>UDP: Source Port = 500 (500)<br>UDP: Destination Port = 500 (500)<br>UDP: Length = 76<br>UDP: Checksum = 0xBB9B (Correct)<br>UDP:<br>IKEV2:<br>IKEV2: ---- IKEV2 HEADER ----<br>IKEV2: --- Initiator SPI [8 bytes] ---<br>
IKEV2: 00 00 2E 66 00 00 2E 66 ...f...f<br>IKEV2: --- Initiator SPI End ---<br>IKEV2:<br>IKEV2: --- Responder SPI [8 bytes] ---<br>IKEV2: CE EE 67 98 8C 80 0F 6C ..g....l<br>
IKEV2: --- Responder SPI End ---<br>IKEV2:<br>IKEV2: Next Payload = Encrypted Payload<br>IKEV2: Major Version = 2<br>IKEV2: Minor Version = 0<br>IKEV2: Exchange Type = 37 (Informational Exchange)<br>
IKEV2: Flags = 0x00 (0)<br>IKEV2: |01234567<br>IKEV2: |000..... = Reserved Bits<br>IKEV2: |...0.... = Responder<br>IKEV2: |....0... = Version Bit is Not Set<br>
IKEV2: |.....0.. = Request<br>IKEV2: |......00 = Reserved Bits</div>
<div>IKEV2: Message Id = 0x1<br>IKEV2: Length = 68 bytes<br>IKEV2:<br>IKEV2: ---- IKEV2 Encrypted Payload ----<br>IKEV2:<br>IKEV2: Next Payload = Delete Payload<br>IKEV2: Critical Payload = 0<br>
IKEV2: RESERVED = 0<br>IKEV2: Payload Length = 40 bytes<br>IKEV2: --- IV Data [8 bytes] ---<br>IKEV2: 85 BE 5D 16 7D 13 E4 80 ..].}...<br>IKEV2: --- IV Data End ---</div>
<div>IKEV2: ---- IKEV2 Delete Payload ----<br>IKEV2:<br>IKEV2: Next Payload = Payload NONE<br>IKEV2: Critical Payload = 0<br>IKEV2: RESERVED = 0<br>IKEV2: Payload Length = 12 bytes<br>
IKEV2: Protocol-Id = 3<br>IKEV2: SPI Size = 4<br>IKEV2: Number of SPIs = 1<br>IKEV2: --- SPI [4 bytes] ---<br>IKEV2: CE E6 6C 1E ..l.<br>IKEV2: --- SPI End ---<br>
IKEV2:<br>IKEV2: ---- End IKEV2 Delete Payload ----<br>IKEV2:<br>IKEV2: Padding Length = 3<br>IKEV2: --- Padding Data [3 bytes] ---<br>IKEV2: 71 55 F1 qU.<br>IKEV2: --- Padding Data End ---<br>
IKEV2: --- Auth Data [12 bytes] ---<br>IKEV2: D7 48 58 3C C4 EC A2 2B E3 AF 1D 69 .HX<...+...i<br>IKEV2: --- Auth Data End ---<br>IKEV2: ---- End IKEV2 Encrypted Payload ----<br>IKEV2:</div>
<div> </div>
<div> </div>
<div> </div>
<div>Regards,</div>
<div>Avishek</div>