[strongSwan-dev] [StrongSwan]: Tunnels establishment in case of IKE version mismatch
Andreas Steffen
andreas.steffen at strongswan.org
Fri Nov 23 08:27:38 CET 2012
Hi Jegathesh,
as a principle, an IKEv1 peer cannot talk to an IKEv2 peer at all
and vice versa but a responder could support both IKEv1 and
IKEv2 at the same time. Starting with strongSwan 5.0 this is the
case with the default setting
keyexchange=ike
as shown in the following example scenario:
http://www.strongswan.org/uml/testresults5dr/ike/rw-cert/
whereas a responder with
keyexchange=ikev1
will react to IKEv1 initiators only and with
keyexchange=ikev2
to IKEv2 initiators only.
Regards
Andreas
On 11/23/2012 08:11 AM, jegathesh malaiyappan wrote:
> Hi All,
>
> I have observed the tunnels are getting established incase of IKE
> version mismatch.
>
> Option 1:
> =========
> Initiator : IKEv1
> Responder: IKEv2
>
> *Result:* Tunnels are not establised
>
> Option 2:
> =========
> Initiator : IKEv2
> Responder: IKEv1
>
> *Result:* Tunnels are establised
> Why it's happening? Is this correct behavior or not?
>
> Thanks.
>
> - Jegathesh,
>
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Dev
mailing list