[strongSwan] ikev2 strongswan IKE_SA_INIT not have RFC 3947 Specification Vendor ID payload
Emeric POUPON
emeric.poupon at stormshield.eu
Mon Mar 16 18:31:51 CET 2015
Hello,
Not sure this RFC is the correct one for IKEv2 implementations.
You should read this one: https://tools.ietf.org/html/rfc5996#section-2.23
You will find what you have read in the strongswan's wiki.
Regards,
----- Mail original -----
De: "Deepak Khandelwal" <dazz.87 at gmail.com>
À: users at lists.strongswan.org
Envoyé: Lundi 16 Mars 2015 18:06:36
Objet: [strongSwan] ikev2 strongswan IKE_SA_INIT not have RFC 3947 Specification Vendor ID payload
Hi All,
During our testing with IKEv2, we found that the 1 st packet(IKE_SA_INIT) does not have any information on vendor ID payload which is a MUST criteria as per the RFC.
As per the RFC 3947.
“ In the first two messages of Phase 1, the vendor id payload for this
specification MUST be sent if supported (and it MUST be received by both
sides) for the NAT- Traversal probe to continue. The content of
the payload is the MD5 hash of RFC 3947"
i checked strongswan wiki docs and here in below link
https://wiki.strongswan.org/projects/strongswan/wiki/NatTraversal
" The NAT_DETECTION_SOURCE/DESTINATION_IP notifications included in the IKE_SA_INIT exchange indicate the peers NAT-T capability and if a NAT situation is detected, UDP encapsulation is activated for IPsec."
Does this mean ikev2 first exchange message(s) does not need to have any information on vendor ID payload for RFC 3947 specification.
or is there any config option to enable this setting ?
thanks !
best Regards,
Deepak
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list