Also the UDP checksum in the IKE_SA_INIT response shows incorrect in wireshark.
From: Balaji Thoguluva Bapulal Sent: Saturday, April 14, 2018 10:42 PM To: users@lists.strongswan.org Subject: IKE_SA_INIT response with notification data missing Dear users, I am trying to establish a IKEv2/IPsec tunnel from a security gateway towards strongswan with strongswan acting as a responder. In response to IKE_SA_INIT request packet, strongswan sends back IKE_SA_INIT response with a Notify payload of MULTIPLE_AUTH_SUPPORTED with notification data missing. I have attached the wireshark. It would be great if someone can explain why this behavior. [IKEv2]$ ipsec --version Linux strongSwan U5.3.0/K3.8.13-16.2.1.el6uek.x86_64 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. The following is the configuration. config setup charondebug=all conn %default keyingtries=1 keyexchange=ikev2 reauth=no conn psk left=172.16.55.62 leftsourceip=%config% leftfirewall=no leftauth=psk leftsubnet=172.16.0.0/16 right=172.16.135.192 rightid=172.16.135.192 rightsubnet=172.16.0.0/16 rightauth=psk esp=3des-aes-sha1-md5-modp1024 ike=3des-sha1-md5-modp1024 auto=add type=tunnel Thanks, Balaji