[strongSwan-dev] [StrongSwan]: Tunnels establishment in case of IKE version mismatch

jegathesh malaiyappan mjegakathir at gmail.com
Fri Nov 23 09:24:30 CET 2012


Hi Andreas,

Thanks lot fot your reply.

So From 5.0 Onwards,

If responder is using "keyexchange=ike" then initiator may be ikev1 or
Ikev2.

If initiator is using "keyexchange=ikev1" then responder should be ikev1.

If initiator is using "keyexchange=ikev2" then responder should be ikev2.

Please confirm whether my understanding is correct or not.

Thanks.

Regards,
Jegathesh.M


On Fri, Nov 23, 2012 at 12:57 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:

> Hi Jegathesh,
>
> as a principle, an IKEv1 peer cannot talk to an IKEv2 peer at all
> and vice versa but a responder could support both IKEv1 and
> IKEv2 at the same time. Starting with strongSwan 5.0 this is the
> case with the default setting
>
>   keyexchange=ike
>
> as shown in the following example scenario:
>
> http://www.strongswan.org/uml/**testresults5dr/ike/rw-cert/<http://www.strongswan.org/uml/testresults5dr/ike/rw-cert/>
>
> whereas a responder with
>
>   keyexchange=ikev1
>
> will react to IKEv1 initiators only and with
>
>   keyexchange=ikev2
>
> to IKEv2 initiators only.
>
> Regards
>
> Andreas
>
>
> On 11/23/2012 08:11 AM, jegathesh malaiyappan wrote:
>
>> Hi All,
>>
>> I have observed the tunnels are getting established incase of IKE
>> version mismatch.
>>
>> Option 1:
>> =========
>> Initiator : IKEv1
>> Responder: IKEv2
>>
>> *Result:* Tunnels are not establised
>>
>>
>> Option 2:
>> =========
>> Initiator : IKEv2
>> Responder: IKEv1
>>
>> *Result:* Tunnels are establised
>>
>> Why it's happening? Is this correct behavior or not?
>>
>> Thanks.
>>
>> - Jegathesh,
>>
>>  ==============================**==============================**
> ==========
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ==============================**=============================[**ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20121123/a3fae5b0/attachment.html>


More information about the Dev mailing list