Hi Pavan, > My question is whether INITIAL_CONTACT notification can be sent in > IKE_AUTH response? If yes, in which condition this notification will be > sent by responder?
Theoretically yes, but strongSwan never sends INITIAL_CONTACT as responder, only as initiator. While sending the notify as initiator can help to clean up any dangling IKE_SA for that peer, that does not make that much sense as responder. If an initiator creates a new IKE_SA, it most likely knows or could check if there already is an IKE_SA with that peer, without relying on the INITIAL_CONTACT from the responder. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
