[strongSwan] INITIAL_CONTACT notification in responder mode
Martin Willi
martin at strongswan.org
Thu Jan 29 08:48:47 CET 2015
Hi Pavan,
> My question is whether INITIAL_CONTACT notification can be sent in
> IKE_AUTH response? If yes, in which condition this notification will be
> sent by responder?
Theoretically yes, but strongSwan never sends INITIAL_CONTACT as
responder, only as initiator.
While sending the notify as initiator can help to clean up any dangling
IKE_SA for that peer, that does not make that much sense as responder.
If an initiator creates a new IKE_SA, it most likely knows or could
check if there already is an IKE_SA with that peer, without relying on
the INITIAL_CONTACT from the responder.
Regards
Martin
More information about the Users
mailing list