[strongSwan] IKE_SA_INIT response with notification data missing

Balaji Thoguluva Bapulal balaji.thoguluva.bapulal at oracle.com
Sun Apr 15 04:42:16 CEST 2018


Dear users,

 

I am trying to establish a IKEv2/IPsec tunnel from a security gateway towards strongswan with strongswan acting as a responder. In response to IKE_SA_INIT request packet, strongswan sends back IKE_SA_INIT response with a Notify payload of MULTIPLE_AUTH_SUPPORTED with notification data missing. I have attached the wireshark. It would be great if someone can explain why this behavior.

 

[IKEv2]$ ipsec --version

Linux strongSwan U5.3.0/K3.8.13-16.2.1.el6uek.x86_64

Institute for Internet Technologies and Applications

University of Applied Sciences Rapperswil, Switzerland

See 'ipsec --copyright' for copyright information.

 

The following is the configuration.

 

config setup

        charondebug=all

 

conn %default

    keyingtries=1

    keyexchange=ikev2

    reauth=no

 

conn psk

        left=172.16.55.62

        leftsourceip=%config%

        leftfirewall=no

        leftauth=psk

        leftsubnet=172.16.0.0/16

        right=172.16.135.192

        rightid=172.16.135.192

        rightsubnet=172.16.0.0/16

        rightauth=psk

        esp=3des-aes-sha1-md5-modp1024

        ike=3des-sha1-md5-modp1024

        auto=add

        type=tunnel

 

Thanks,

Balaji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180414/b95d516e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: multiple_auth_supported_notifcation_data_missing
Type: application/octet-stream
Size: 4674036 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180414/b95d516e/attachment-0001.obj>


More information about the Users mailing list