Hi,<div><br></div><div>I am using an application which is checking the ipsec stack on ubuntu.</div><div>Now When strongswan sends a Informational Delete request my application sends the response.</div><div>But when my application sends an encrypted packet using that CHILD_SA to verify the deletion Strongswan send the message back.Where as my application expects strongswan not to send the message.</div>
<div><br></div><div>Can anybody please tell me what is the issue here?</div><div><br></div><div>Informational respose:-</div><div><br></div><div><div>ETHER: ---- Ethernet Header ----</div><div>ETHER:</div><div>ETHER: Destination = 00:0F:FE:6F:39:28</div>
<div>ETHER: Source = 00:10:18:B1:40:63</div><div>ETHER: Type = 0x0800 (DOD IP)</div><div>ETHER:</div><div>IP: ---- IP Packet ----</div><div>IP:</div><div>IP: Version = 4</div><div>IP: Internet Header Length = 5 (20 bytes)</div>
<div>IP: Type Of Service = 0x00</div><div>IP: |01234567</div><div>IP: |000..... = Precedence (Routine)</div><div>IP: |...0.... = Normal Delay</div><div>IP: |....0... = Normal Throughput</div>
<div>IP: |.....0.. = Normal Reliability</div><div>IP: |......0. = Normal Monetary Cost</div><div>IP: |.......0 = Must Be Zero </div><div>IP: Total Length = 88 bytes</div><div>
IP: Identification = 0x0005 (5)</div><div>IP: Flags = 0</div><div>IP: |012</div><div>IP: |0.. = Reserved </div><div>IP: |.0. = May Fragment</div><div>IP: |..0 = Last Fragment</div>
<div>IP: Fragment Offset = 0x0000 (0 bytes)</div><div>IP: Time to Live = 64</div><div>IP: Protocol = UDP (17)</div><div>IP: Header Checksum = 0x6449 (Correct)</div><div>IP: Source Address = 10.1.1.50</div>
<div>IP: Destination Address = 10.1.1.20 ------------------------------------------------->strongswan's ip</div><div>IP:</div><div>UDP: ---- UDP Packet ----</div><div>UDP:</div><div>UDP: Source Port = 500 (500)</div>
<div>UDP: Destination Port = 500 (500)</div><div>UDP: Length = 68 </div><div>UDP: Checksum = 0x0000 </div><div>UDP:</div><div>IKEV2:</div><div>IKEV2: ---- IKEV2 HEADER ----</div><div>IKEV2: --- Initiator SPI [8 bytes] ---</div>
<div>IKEV2: 00 00 16 AF 00 00 16 AF ........</div><div>IKEV2: --- Initiator SPI End ---</div><div>IKEV2:</div><div>IKEV2: --- Responder SPI [8 bytes] ---</div><div>IKEV2: 4B 4F 7E A7 EE 52 DD 1A KO~..R..</div>
<div>IKEV2: --- Responder SPI End ---</div><div>IKEV2:</div><div>IKEV2: Next Payload = Encrypted Payload</div><div>IKEV2: Major Version = 2</div><div>IKEV2: Minor Version = 0</div><div>IKEV2: Exchange Type = 37 (Informational Exchange)</div>
<div>IKEV2: Flags = 0x28 (40)</div><div>IKEV2: |01234567</div><div>IKEV2: |000..... = Reserved Bits</div><div>IKEV2: |...1.... = Initiator</div><div>IKEV2: |....0... = Version Bit is Not Set</div>
<div>IKEV2: |.....1.. = Response</div><div>IKEV2: |......00 = Reserved Bits</div><div><br></div><div>IKEV2: Message Id = 0x1</div><div>IKEV2: Length = 60 bytes</div>
<div>IKEV2:</div><div>IKEV2: ---- IKEV2 Encrypted Payload ----</div><div>IKEV2:</div><div>IKEV2: Next Payload = Payload NONE</div><div>IKEV2: Critical Payload = 0</div><div>IKEV2: RESERVED = 0</div>
<div>IKEV2: Payload Length = 32 bytes</div><div>IKEV2: --- IV Data [8 bytes] ---</div><div>IKEV2: 23 7C 52 01 1E B7 65 99 #|R...e.</div><div>IKEV2: --- IV Data End ---</div><div><br></div>
<div>IKEV2: Padding Length = 7</div><div>IKEV2: --- Padding Data [7 bytes] ---</div><div>IKEV2: 01 02 03 04 05 06 07 .......</div><div>IKEV2: --- Padding Data End ---</div><div>IKEV2: --- Auth Data [12 bytes] ---</div>
<div>IKEV2: 9C 14 87 08 1F 5F A8 E1 46 4E 30 1A ....._..FN0.</div><div>IKEV2: --- Auth Data End ---</div><div>IKEV2: ---- End IKEV2 Encrypted Payload ----</div><div>IKEV2:</div></div><div><br></div><div>Thanks in advance.</div>
<div><br></div><div>Regards</div><div>Avishek</div>