[strongSwan] IKEv1 - Message-IDs during phase 1 for encrypted Notify messages

Andreas Steffen andreas.steffen at strongswan.org
Tue Apr 20 10:44:58 CEST 2010


Hello Vladimir,

the Message ID will be unique non-zero and the encryption will
be derived from the IKE Phase 1 IV.

The following link shows the function generate_msgid() which
generates a unique msgid:

http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/pluto/state.c;h=29d78fb3de18df1e7ebb0fea9351c8609d1a4830;hb=HEAD#l102

and the next link shows how send_notification() uses this function:

http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/pluto/ipsec_doi.c;h=3026ab0db44b88577d14fd074f56efba80183f43;hb=HEAD#l463

Regards

Andreas

On 20.04.2010 10:08, Владимир Подобаев wrote:
> Hello!
>
> I want to ask IKEv1 experts.
> Suppose during phase 1 - key exchange went ok. Suppose - a notification message is sent on some reason (during phase 1).
> It is encrypted (because key exchange completed).
>
> A question: What Message ID will the Notify message have? Zero or unique non-zero? I can't figure it out from RFCs.
>
> Great thanks in advance!
>
> Best regards, Vladimir Podobaev
>

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list