[strongSwan] ikev2 strongswan IKE_SA_INIT not have RFC 3947 Specification Vendor ID payload
Deepak Khandelwal
dazz.87 at gmail.com
Mon Mar 16 18:06:36 CET 2015
Hi All,
During our testing with IKEv2, we found that the 1st packet(IKE_SA_INIT) does
not have any information on vendor ID payload which is a MUST criteria as
per the RFC.
As per the RFC 3947.
“In the first two messages of Phase1, the vendor id payload for this
specification MUST be sent if supported (and it MUST be received by both
sides) for the NAT-Traversal probe to continue. The content of
the payload is the MD5 hash of RFC 3947"
i checked strongswan wiki docs and here in below link
https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal
" The NAT_DETECTION_SOURCE/DESTINATION_IP notifications included in the
IKE_SA_INIT exchange indicate the peers NAT-T capability and if a NAT
situation is detected, UDP encapsulation is activated for IPsec."
Does this mean ikev2 first exchange message(s) does not need to have any
information on vendor ID payload for RFC 3947 specification.
or is there any config option to enable this setting ?
thanks !
best Regards,
Deepak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150316/58f5f2e7/attachment.html>
More information about the Users
mailing list