[strongSwan] UNSUPPORTED_CRITICAL_PAYLOAD
Tobias Brunner
tobias at strongswan.org
Wed Jun 13 11:05:24 CEST 2018
Hi Marco,
> parsed INFORMATIONAL_V1 request 1775796517 [ HASH N(CRIT) ]
> received UNSUPPORTED_CRITICAL_PAYLOAD error notify
This is a bit misleading as UNSUPPORTED_CRITICAL_PAYLOAD is the IKEv2
meaning/name of notify type 1. It has a different meaning in IKEv1:
INVALID-PAYLOAD-TYPE. Why exactly you'd get this as response to a Quick
Mode request I don't know.
Maybe the peer wasn't able to decrypt the message properly, or it didn't
like one of the payloads (e.g. because it was configured not to use PFS
and didn't expect a KE payload). As strongSwan is the initiator of the
exchange and the peer is a Windows 10 host I'd guess that this is a
rekeying. So it could also be because it doesn't like being responder
of a rekeying (Windows has/had the same problem with IKEv2 CHILD_SA
rekeyings, see [1]).
Regards,
Tobias
[1]
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#Rekeying-behavior
More information about the Users
mailing list