[strongSwan] CHILD_SA Not Getting Deleted After Sending Informational Delete Response

AVISHEK GANGULY aganguly14 at gmail.com
Sat Sep 8 13:12:08 CEST 2012


Hi,

I am using an application which is checking the ipsec stack on ubuntu.
Now When strongswan sends a Informational Delete request my application
sends the response.
But when my application sends an encrypted packet using that CHILD_SA to
verify the deletion Strongswan send the message back.Where as my
application expects strongswan not to send the message.

Can anybody please tell me what is the issue here?

Informational respose:-

ETHER: ---- Ethernet Header ----
ETHER:
ETHER: Destination = 00:0F:FE:6F:39:28
ETHER: Source      = 00:10:18:B1:40:63
ETHER: Type        = 0x0800 (DOD IP)
ETHER:
IP: ---- IP Packet ----
IP:
IP: Version                = 4
IP: Internet Header Length = 5 (20 bytes)
IP: Type Of Service        = 0x00
IP:  |01234567
IP:  |000.....             = Precedence (Routine)
IP:  |...0....             = Normal Delay
IP:  |....0...             = Normal Throughput
IP:  |.....0..             = Normal Reliability
IP:  |......0.             = Normal Monetary Cost
IP:  |.......0             = Must Be Zero
IP: Total Length           = 88 bytes
IP: Identification         = 0x0005 (5)
IP: Flags                  = 0
IP:  |012
IP:  |0..                  = Reserved
IP:  |.0.                  = May Fragment
IP:  |..0                  = Last Fragment
IP: Fragment Offset        = 0x0000 (0 bytes)
IP: Time to Live           = 64
IP: Protocol               = UDP (17)
IP: Header Checksum        = 0x6449 (Correct)
IP: Source Address         = 10.1.1.50
IP: Destination Address    = 10.1.1.20
------------------------------------------------->strongswan's ip
IP:
UDP: ---- UDP Packet ----
UDP:
UDP: Source Port      = 500 (500)
UDP: Destination Port = 500 (500)
UDP: Length           = 68
UDP: Checksum         = 0x0000
UDP:
IKEV2:
IKEV2: ---- IKEV2 HEADER ----
IKEV2: --- Initiator SPI [8 bytes] ---
IKEV2:  00 00 16 AF 00 00 16 AF                           ........
IKEV2: --- Initiator SPI End ---
IKEV2:
IKEV2: --- Responder SPI [8 bytes] ---
IKEV2:  4B 4F 7E A7 EE 52 DD 1A                           KO~..R..
IKEV2: --- Responder SPI End ---
IKEV2:
IKEV2: Next Payload             = Encrypted Payload
IKEV2: Major Version            = 2
IKEV2: Minor Version            = 0
IKEV2: Exchange Type            = 37 (Informational Exchange)
IKEV2: Flags                    = 0x28 (40)
IKEV2:  |01234567
IKEV2:  |000.....                       = Reserved Bits
IKEV2:  |...1....                       = Initiator
IKEV2:  |....0...                       = Version Bit is Not Set
IKEV2:  |.....1..                       = Response
IKEV2:  |......00                       = Reserved Bits

IKEV2: Message Id               = 0x1
IKEV2: Length                   = 60 bytes
IKEV2:
IKEV2: ---- IKEV2 Encrypted Payload ----
IKEV2:
IKEV2: Next Payload             = Payload NONE
IKEV2: Critical Payload         = 0
IKEV2: RESERVED                 = 0
IKEV2: Payload Length           = 32 bytes
IKEV2: --- IV Data [8 bytes] ---
IKEV2:  23 7C 52 01 1E B7 65 99                           #|R...e.
IKEV2: --- IV Data End ---

IKEV2: Padding Length           = 7
IKEV2: --- Padding Data [7 bytes] ---
IKEV2:  01 02 03 04 05 06 07                              .......
IKEV2: --- Padding Data End ---
IKEV2: --- Auth Data [12 bytes] ---
IKEV2:  9C 14 87 08 1F 5F A8 E1 46 4E 30 1A               ....._..FN0.
IKEV2: --- Auth Data End ---
IKEV2: ---- End IKEV2 Encrypted Payload ----
IKEV2:

Thanks in advance.

Regards
Avishek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120908/0c4cbbfc/attachment.html>


More information about the Users mailing list