[strongSwan] MAC Verification failed On Receipt of CREATE_CHILD_SA message.

AVISHEK GANGULY aganguly14 at gmail.com
Tue Sep 4 19:34:06 CEST 2012


I am currently facing a problem regarding one ikev2 message
CREATE_CHILD_SA. I am using a network testing application(basically it
tests conformance)

First one ikev2 child SA is eshtablished after IKE_SA_INIT an IKE_AUTH
exchanges.Now A second Child SA created by sending CREATE_CHILD_SA request.
Then this application times out the first child SA and expects a REKEY
request for the first CHILD SA.BUT when two child sa gets eshtablished the
keylife of both the Child SA's gets approximately same.And Strongswan sends
rekey request for both of them. Now this software sends one CREATE_CHILD_SA
(rekey response) message.But in Strongswan's side it shows MAC
Authentication failed( in var/log/charon.log).And it drops the packet.

I am not sure why this is happening.Is there any limitations on creating
more than two Child SAs for the same IKE SA.Or is there any known issue on
about creating more than one Child SA or rekeying.

I am very new to ike.Please help me out with any suggestion on this.I badly
need it.

Sorry for the english.

Thanks and Regards,
Avishek Ganguly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120904/9eb02c77/attachment.html>

More information about the Users mailing list