Hello all, I have some compatibility issue between Racoon & Charon. Let say you setup a working phase 1 between Racoon and Charon as well as a working phase 2. The tunnel goes up and everything works fine. You add a phase 2 to Charon but unknown to Racoon and try to initiate it. A Quick Mode exchange is started by Charon but Racoon drops it since the traffic selectors are unknown. However Racoon does not send any Informational Exchange message mostly because I think it is not mandatory according to the RFC. Charon re-transmits the message 4 times and deems the remote peer dead (dpdaction is hold and closeaction is none). The working phase 1 and 2 are deleted and the phase 1 is reestablished with the previous Quick Mode task reactivated for the unknown phase 2 leading to a new series of re-transmitted messages, dead peer and reestablished phase 1.
A first solution would be make Racoon sends an Informational Exchange message with a notify payload of type INVALID-ID-INFORMATION. It works and the phase 1 is not put down by Charon but compatibility wise it is not the optimal solution I guess. Another solution would be to allow Charon to do nothing after 4 re-transmissions or maybe check the use time of phase 2 or launch some DPD. Any ideas on this problem ? Thank you. Jean-François Hren
