[strongSwan] IKEv2 TS narrowing

Eric_C_Johnson at Dell.com Eric_C_Johnson at Dell.com
Mon May 14 23:18:21 CEST 2012 

We are doing our best to follow section 2.9.

What I'm trying to do in the short-term is come up with a Strongswan config that would exercise narrowing so I can verify our implementation is working correctly.  Initially I want to do the following:

Initiator (Strongswan)   ---- Responder
Defined host (i.e. 10.1.1.1)  ---- defined network (I.e. 10.0.0.0\8)
Defined subnet (i.e. 10.1.1.0\24)  ---- defined network (I.e. 10.0.0.0\8)
Defined Wildcard (i.e. 0.0.0.0.0\0)  ---- defined network (I.e. 10.0.0.0\8)
Defined network (i.e. 10.0.0.0\8)  ---- defined network (I.e. 10.0.0.0\8)

I believe the first 3 scenarios would require narrowing where the last one would not.  I could use confirmation that my understanding is correct.  If so, what entries on the Strongswan host would I need to enter to make this work?

I also need to introduce similar configs for port\protocol based narrowing as well.  So I could use some insight into that as well.
-----Original Message-----
From: Vilhelm Jutvik [mailto:ville at sics.se] 
Sent: Monday, May 14, 2012 4:12 PM
To: Johnson, Eric C
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] IKEv2 TS narrowing

Hello Eric,

it's nice to read about someone else who is, just like, me using Strongswan to debug their own IKEv2 implementation. If would love to help, but I am not sure about what you're asking for. Are you taking the difficult path and implementing narrowing exactly as described in RFC 5996, section 2.9?

Sincerely,
Vilhelm Jutvik
MS Thesis Student, SICS

2012/5/14  <Eric_C_Johnson at dell.com>:
> Hi.
>
>
>
> I was wondering if I could get a little help.  I need to verify that 
> TS narrowing is working correctly on our IKEv2 implementation.  I have 
> a Strongswan host acting as an Initiator and our device as a 
> responder.  What would be the easiest way to craft a setup to verify 
> narrowing is working correctly?  I understand this is fairly generic.  
> I'm just looking for something to get started.  Thanks in advance.
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list