Are you using the charon daemon with the socket-raw plugin which filters and processes IKE major version 2 only or the socket-default plugin which processes all IKE packets irrespective of the major version? ipsec statusall shows which plugin is loaded.
Regards Andreas On 30.06.2012 20:05, gowrishankar wrote: > Hi Andreas, > > I tested in strongswan-5.0.0rc1 as well, but same problem. > I'll debug some more and post here updates. > > Thanks, > Gowri Shankar > > On Saturday 30 June 2012 08:38 PM, Andreas Steffen wrote: >> Hi Gowri, >> >> have a look at the following piece of code in the git repository >> >> http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/network/receiver.c;h=f0cb0b2d17d153205e97f880e7daa0fdea89f974;hb=HEAD#l409 >> >> >> which is the basis of today's strongSwan 5.0.0 release. >> >> Regards >> >> Andreas >> >> On 06/30/2012 09:13 AM, gowrishankar wrote: >>> strongswan: charon not reacting for higher major version in IKE header >>> >>> strongswan libcharon is found to be not reacting for invalid (or >>> higher) major version in IKE header of received packet. >>> >>> As per RFC 4306 Section 2.5: >>> If an endpoint receives a message with a higher major version >>> number, >>> it MUST drop the message and SHOULD send an unauthenticated >>> notification message containing the highest version number it >>> supports. >>> >>> and RFC 5996 Section 2.5 clarifies the notification message type as >>> "INVALID_MAJOR_VERSION". Though current implementation shows >>> portion of code libcharon/network/receiver.c, but it is not executing >>> while sending IKE_SA_INIT request with invalid major version (and >>> I am not seeing any debug info in charon.log for received packet >>> by net or enc threads). >>> >>> I tested with strongswan based on 4.6. >>> >>> Can some one have a look on this ? >>> >>> Thanks, >>> Gowri Shankar ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
