Thanks Martin for the inputs. I'll get back to you on your queries. > 4) How provoke 'UNSUPPORTED_CRITICAL_PAYLOAD' from the DUT. Here we want to know how the peer sec-GW can provoke the strongswan on our device to send the 'UNSUPPORTED_CRITICAL_PAYLOAD'
BR, Shashidhar -----Original Message----- From: ext Martin Willi [mailto:[email protected]] Sent: Friday, March 15, 2013 2:18 PM To: Patil, Shashidhar 1. (NSN - IN/Bangalore) Cc: [email protected] Subject: Re: [strongSwan] Some queries on behavior with respect to "NO_ADDITIONAL_SAS" & "UNSUPPORTED_CRITICAL_PAYLOAD" Hi, > 1) A second IKE created by Strong Swan, even if there is only one IKE at the > DUT configured. > A REAUTH is initiated by DUT (Strong Swan) with an INFORMATIONAL message. > The remote end (a IKEv2 emulator) sends the response with a delay of roughly > 22 s > In-between the Strong swan is sending a new IKE_SA_INIT request for a second > IKE_SA Do you see in the log why strongSwan sends this second request for a new IKE_SA? Is it a retransmit? I couldn't reproduce this here, at least not with the latests strongSwan version. > 2) An existing CHILD is not rekeyed, if there are two CHILDS at the rekey > queue. > conn1[1]: Tasks queued: CHILD_REKEY CHILD_REKEY CHILD_REKEY > CHILD_REKEY [...] I remember that I recently fixed a bug that fixes queueing many rekey tasks, likely that it fixes this issue. I haven't found the related commit in a quick search, though. > 3) An REAUTH is not immediately initiated, even an rekey of an existing CHILD > is rejected with 'NO_ADDITONAL_SAS'. > 4) How provoke 'UNSUPPORTED_CRITICAL_PAYLOAD' from the DUT. strongSwan 4.5.3 is now almost two years old and many changes and fixes are gone in since then. To avoid fixing things twice, I'd recommend you to run your test suite against the latest release, it is likely that one or the other issue has been fixed. Those fixes can be back-ported if you require the 4.5.3 version. For those not fixed we can take a closer look what the issue is and if it must be fixed. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
