[strongSwan-dev] [Strongswan]: Node is replying for ISAKMP message for unconfigured connection

jegathesh malaiyappan mjegakathir at gmail.com
Mon Mar 18 05:54:13 CET 2013


Hi,

Anyone have idea on this strongswan behavior?

Thanks.

Regards,
Jegathesh.M

On Sat, Mar 16, 2013 at 4:43 PM, jegathesh malaiyappan <
mjegakathir at gmail.com> wrote:

>
> 16:11:01.349352 IP 4.1.1.1.isakmp > 4.1.1.10.isakmp: isakmp: phase
> 2/others ? #37[]
> 16:11:01.349602 IP 4.1.1.10.isakmp > 4.1.1.1.isakmp: isakmp: phase
> 2/others ? #37[]
>
> 16:11:11.349635 IP 4.1.1.1.isakmp > 4.1.1.10.isakmp: isakmp: phase
> 2/others ? #37[]
> 16:11:11.349875 IP 4.1.1.10.isakmp > 4.1.1.1.isakmp: isakmp: phase
> 2/others ? #37[]
>
>
> On Sat, Mar 16, 2013 at 4:36 PM, jegathesh malaiyappan <
> mjegakathir at gmail.com> wrote:
>
>> Hi,
>>
>>
>>
>> *Strongswan : 4.5.3 *
>>
>>
>>
>> *NODE A*  ß
>> -----------------------------------------------------------------------àNODE
>> B
>>
>> (Initiator &
>> Responder)
>> (Initiator & Responder)
>>
>>
>>
>> NODE A ---à conn403 is configured in NODE A
>>
>> NODE B  --à conn403 is not configured in NODE B
>>
>>
>>
>> NODE A is sending ISAKMP message to NODE B. This is excepted behavior.
>>
>>
>>
>> But, NODE B is responding for this un-configured connection message.
>>
>>
>>
>> Is this expected behavior in Strongswan? Please clarify me this.
>>
>>
>>
>> <snip>
>>
>> conn conn403
>>
>>   type=tunnel
>>
>>   leftsubnet=4.1.1.1/32
>>
>>   rightsubnet=40.1.1.100/24
>>
>>   left=4.1.1.1
>>
>>   right=4.1.1.10
>>
>>   keyexchange=ikev2
>>
>>  reauth=no
>>
>>   ike=aes128-sha1-modp1024,3des-sha1-modp1024!
>>
>>   ikelifetime=84395s
>>
>>   esp=aes128-sha1,3des-sha1!
>>
>>   authby=pubkey
>>
>>   rightid=%any
>>
>>   leftid="192.168.255.129"
>>
>>   keylife=86400s
>>
>>   dpdaction=restart
>>
>>   dpddelay=10
>>
>>   dpdtimeout=120
>>
>>   rekeyfuzz=50%
>>
>>   rekeymargin=180s
>>
>> </snip>
>>
>>
>> Thanks in advance.
>>
>>
>> -Jegathesh
>>
>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130318/469113e3/attachment.html>


More information about the Dev mailing list