[strongSwan] IKE_SA_INIT response with notification data missing
Balaji Thoguluva Bapulal
balaji.thoguluva.bapulal at oracle.com
Sun Apr 15 14:59:18 CEST 2018
Dear users,
I am trying to establish a IKEv2/IPsec tunnel from a security gateway towards strongswan with strongswan acting as a responder. In response to IKE_SA_INIT request packet, strongswan sends back IKE_SA_INIT response with a Notify payload of MULTIPLE_AUTH_SUPPORTED with notification data missing. I have attached the wireshark. It would be great if someone can explain why this behavior. Also the UDP checksum in the IKE_SA_INIT response shows incorrect in the wireshark.
[IKEv2]$ ipsec --version
Linux strongSwan U5.3.0/K3.8.13-16.2.1.el6uek.x86_64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
The following is the configuration.
config setup
charondebug=all
conn %default
keyingtries=1
keyexchange=ikev2
reauth=no
conn psk
left=172.16.55.62
leftsourceip=%config%
leftfirewall=no
leftauth=psk
leftsubnet=172.16.0.0/16
right=172.16.135.192
rightid=172.16.135.192
rightsubnet=172.16.0.0/16
rightauth=psk
esp=3des-aes-sha1-md5-modp1024
ike=3des-sha1-md5-modp1024
auto=add
type=tunnel
Thanks,
Balaji
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180415/b8b23e3d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: multiple_auth_supported_notifcation_data_missing.7z
Type: application/octet-stream
Size: 365982 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180415/b8b23e3d/attachment-0001.obj>
More information about the Users
mailing list