[strongSwan] ikev2 strongswan IKE_SA_INIT not have RFC 3947 Specification Vendor ID payload
Martin Willi
martin at strongswan.org
Tue Mar 17 08:56:39 CET 2015
Hi,
> During our testing with IKEv2, we found that the 1st packet(IKE_SA_INIT) does
> not have any information on vendor ID payload which is a MUST criteria as
> per the RFC.
>
> As per the RFC 3947.
>
> “In the first two messages of Phase1, the vendor id payload for this
> specification MUST be sent if supported
RFC 3947 defines NAT traversal for IKEv1. The standard does not apply to
IKEv2.
In IKEv2 NAT traversal is part of the core protocol, as specified in RFC
7296. No vendor ID is required to negotiate NAT traversal, see section
2.23.
Regards
Martin
More information about the Users
mailing list