Hi Daniel,
could you apply the following patch to strongswan-4.3.5
and check if this helps.
cd strongswan-4.3.5
patch -p1 < juniper_notification.patch
make
make install
Best regards
Andreas
[email protected] wrote:
> Hi Andreas,
>
> I understand this is a problem where I can't do nothing ?
>
> Best regards
>
> Daniel
>
> [email protected] schrieb: -----
>
> An: [email protected]
> Von: Andreas Steffen <[email protected]>
> Gesendet von: [email protected]
> Datum: 04.11.2009 16:29
> Kopie: [email protected]
> Betreff: Re: [strongSwan] Strongswan and Juniper SRX does not work ?
>
> Hi Daniel,
>
> the problem is a private Notification Message contained in the
> Quick Mode response:
>
> "JUNIPER-DUS" #2: Notify Message Type of ISAKMP Notification Payload has
> an unknown value: 40001
> "JUNIPER-DUS" #2: malformed payload in packet
>
> The message content is "00 01 00 04 0a 0a 64 04" which carries the
> internal address 10.10.100.4 already defined in the Quick Mode
> identification payload.
>
> Instead of aborting the negotiation strongSwan should rather
> ignore the private notification message. Unfortunately the FreeS/WAN
> forefathers were rather strict about proprietary extensions ;-)
>
> Regards
>
> Andreas
======================================================================
Andreas Steffen [email protected]
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 4716c6a..4721d6a 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -988,9 +988,17 @@ static const char *const notification_dpd_name[] = {
"R_U_THERE_ACK",
};
+static const char *const notification_juniper_name[] = {
+ "NS_NHTB_INFORM",
+};
+
+enum_names notification_juniper_names =
+ { NS_NHTB_INFORM, NS_NHTB_INFORM,
+ notification_juniper_name, NULL };
+
enum_names notification_dpd_names =
{ R_U_THERE, R_U_THERE_ACK,
- notification_dpd_name, NULL };
+ notification_dpd_name, ¬ification_juniper_names };
enum_names ipsec_notification_names =
{ IPSEC_RESPONDER_LIFETIME, IPSEC_INITIAL_CONTACT,
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 38fa0f2..5745036 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -1040,7 +1040,10 @@ typedef enum {
/* RFC 3706 DPD */
R_U_THERE = 36136,
- R_U_THERE_ACK = 36137
+ R_U_THERE_ACK = 36137,
+
+ /* Juniper SRX private use */
+ NS_NHTB_INFORM = 40001
} notification_t;
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
