Hi Hussaina, > strongSwan sends INVALID-ID-INFORMATION notification. However the SPI value > is set to 0, though the spi length is set to 4 in the notification payload.
I see, you were referring to the SPI in the Notify payload. That's not relevant here. Let me quote section 3.14 of RFC 2408, which should also answer the following question: > How can initiator map this notification payload to any IKE SA without the SPI > information ? SPI Size (1 octet) - Length in octets of the SPI as defined by the Protocol-Id. In the case of ISAKMP, the Initiator and Responder cookie pair from the ISAKMP Header is the ISAKMP SPI, therefore, the SPI Size is irrelevant and MAY be from zero (0) to sixteen (16). If the SPI Size is non-zero, the content of the SPI field MUST be ignored. Regards, Tobias
