Hi, In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload to enable stronger guarantees of forward secrecy. When the KEi payload is included in the CREATE_CHILD_SA request, responder should reply with the KEr payload and complete the key exchange, in accordance with the RFC.
Could you please review a patch[0] to handle request as above in ikev2 plugin? It is tested with strongSwan 5.8.2. [0] https://gerrit.fd.io/r/c/vpp/+/36879 -- Best regards, Atzm WATANABE
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21796): https://lists.fd.io/g/vpp-dev/message/21796 Mute This Topic: https://lists.fd.io/mt/92975326/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-