[strongSwan] ikev2: Tunnel established inspite of different phase 2 DH group

Makarand Pradhan MakarandPradhan at is5com.com
Thu Apr 2 17:57:21 CEST 2020


Tx Tobias.

Kind rgds,
Makarand Pradhan
Senior Software Engineer.
iS5 Communications Inc.
5895 Ambler Dr,
Mississauga, Ontario
L4W 5B7
Main Line: +1-844-520-0588 Ext. 129
Direct Line: +1-289-724-2296
Cell: +1-226-501-5666
Fax:+1-289-401-5206
Email: makarandpradhan at is5com.com
Website: www.iS5Com.com

 
Confidentiality Notice: 
This message is intended only for the named recipients. This message may contain information that is confidential and/or exempt from disclosure under applicable law. Any dissemination or copying of this message by anyone other than a named recipient is strictly prohibited. If you are not a named recipient or an employee or agent responsible for delivering this message to a named recipient, please notify us immediately, and permanently destroy this message and any copies you may have. Warning: Email may not be secure unless properly encrypted.

-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org> 
Sent: April 2, 2020 11:55 AM
To: Makarand Pradhan <MakarandPradhan at is5com.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] ikev2: Tunnel established inspite of different phase 2 DH group

Hi Makarand,

> Is there a way I can force a CHILD_SA delete when the Proposal mismatch occurs?

No, but plugins can listen for alerts of type ALERT_PROPOSAL_MISMATCH_CHILD, which is also possible via error-notify plugin [1].

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/ErrorNotifyPlugin


More information about the Users mailing list