Hi Daniel, I don't know if 1) this private Notification Message can be disabled on the Juniper Box and if yes 2) you can influence that. On my side I will have a look if strongSwan could easily be changed to ignore unknown messages in Quick Mode. This currently is the case in Main Mode.
Regards Andreas [email protected] wrote: > Hi Andreas, > > I understand this is a problem where I can't do nothing ? > > Best regards > > Daniel > > [email protected] schrieb: ----- > > An: [email protected] > Von: Andreas Steffen <[email protected]> > Gesendet von: [email protected] > Datum: 04.11.2009 16:29 > Kopie: [email protected] > Betreff: Re: [strongSwan] Strongswan and Juniper SRX does not work ? > > Hi Daniel, > > the problem is a private Notification Message contained in the > Quick Mode response: > > "JUNIPER-DUS" #2: Notify Message Type of ISAKMP Notification Payload has > an unknown value: 40001 > "JUNIPER-DUS" #2: malformed payload in packet > > The message content is "00 01 00 04 0a 0a 64 04" which carries the > internal address 10.10.100.4 already defined in the Quick Mode > identification payload. > > Instead of aborting the negotiation strongSwan should rather > ignore the private notification message. Unfortunately the FreeS/WAN > forefathers were rather strict about proprietary extensions ;-) > > Regards > > Andreas ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
