[strongSwan] The reply of CREATE_CHILD_SA exchange with Notify Payload of type NO_ADDITIONAL_SAS

michalle OY michalle_oy at hotmail.com
Tue Nov 23 07:54:23 CET 2010 

Hi, all
Thank for you previous reply. 
I met an other issue. Please help to figure out the root cuase. 
According to the RFC 4306 Chatper 4 : 
A minimalimplementation MAY support the CREATE_CHILD_SA exchange only in so
   far as to recognize requests and reject them with a Notify payload of
   type NO_ADDITIONAL_SAS.
So I did a implementation which only supports to reply the CREATE_CHILD_SA with Notify Payload of type NO_ADDITIONAL_SAS.
But the strongswan doesn't seem to recognize the reply and still retransmite the CREATE_CHILD_SA request. 
I try to find the root cause from the syslog, but I don't understand the lines marked with red. What's that mean? The CREATE_CHILD_SA reply should not be encrypted.
The files of syslog and packets (captured by wireshark) are enclosed.
 
Content of the Notify Payload 
     Next Payload 33 (SA)
     Critical 0
     Reserved 0
     Payload Length 8
     Protocol ID 3 (ESP)
     SPI Size 0
     N Payload
     Notify Message Type 35(NO_ADDITIONAL_SAS)
 
Syslog 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] parsing ENCRYPTED payload, 8 bytes left 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] parsing payload from => 8 bytes @ 0xb8d821c8 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    0: 00 00 00 08 03 00 00 23                          .......# 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 0 U_INT_8 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    => 0 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 1 FLAG 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    => 0 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 2 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 3 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 4 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 5 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 6 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 7 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 8 RESERVED_BIT 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 9 PAYLOAD_LENGTH 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    => 8 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]   parsing rule 10 ENCRYPTED_DATA 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    => => 4 bytes @ 0xb8d82c78 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC]    0: 03 00 00 23                                      ...# 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] parsing ENCRYPTED payload finished 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] succesfully parsed content of encryption payload 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] payload type ENCRYPTED not allowed 
Nov 23 13:57:16 michalle-desktop charon: 08[ENC] could not decrypt payloads 
Nov 23 13:57:16 michalle-desktop charon: 08[IKE] CREATE_CHILD_SA response with message ID 2 processing failed 
 
  		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101123/ddd7be0d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CREATE_CHAILD
Type: application/octet-stream
Size: 5512 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101123/ddd7be0d/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: syslog
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101123/ddd7be0d/attachment.ksh>

More information about the Users mailing list