On Fri, 7 Jul 2017, Andrew Cagney wrote:
+parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
+received NO_PROPOSAL_CHOSEN notify error
+establishing connection 'road-eastnet-ikev2' failed
| sending 40 bytes for v2 notify through eth1:500 to 192.1.2.254:500 (using #0)
| 13 87 4a 1b 56 bd 74 ad 00 00 00 00 00 00 00 00
| 29 20 22 20 00 00 00 00 00 00 00 28 00 00 00 0a
| 00 00 00 11 00 0e 00 00
| #0 complete v2 state transition from STATE_UNDEFINED with
v2N_NO_PROPOSAL_CHOSEN
| sending a notification reply
packet from 192.1.2.254:500: sending unencrypted notification
v2N_NO_PROPOSAL_CHOSEN to 192.1.2.254:500
It should go through the state with STF_DROP, since it
already sent a reply with INVALID_KE. I'll see if I can find
out what's happening here.
it seems to be related to c4c2c62a
It does, looking at the diff:
- return STF_FAIL;
- }
+ if (ike2_match_ke_group_and_prop(md, accepted_oakley) ==
STF_FAIL) {
+ free_ikev2_proposal(&accepted_ike_proposal);
+ return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN;
}
It went from STF_FAIL to STF_FAIL + v2N_NO_PROPOSAL_CHOSEN
Paul
Andrew
PS: the log
http://testing.libreswan.org/results/v3.20-709-g8de1339-master/interop-ikev2-strongswan-11-nat-initiator/OUTPUT/east.pluto.log.bz2
shows the behaviour; look for INVALID_KE
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
