Hi Balaji, RFC 4739 "Multiple Authenticaton Exchanges in IKEv2"
https://tools.ietf.org/html/rfc4739#section-3.1 defines the format of the MULTIPLE_AUTH_SUPPORT Notify Payload as 3.1. MULTIPLE_AUTH_SUPPORTED Notify Payload The MULTIPLE_AUTH_SUPPORTED notification is included in the IKE_SA_INIT response or the first IKE_AUTH request to indicate that the peer supports this specification. The Notify Message Type is MULTIPLE_AUTH_SUPPORTED (16404). The Protocol ID and SPI Size fields MUST be set to zero, and there is no data associated with this Notify type. So I don't understand why you expect notification data? Regards Andreas On 15.04.2018 04:42, Balaji Thoguluva Bapulal wrote:
Dear users, I am trying to establish a IKEv2/IPsec tunnel from a security gateway towards strongswan with strongswan acting as a responder. In response to IKE_SA_INIT request packet, strongswan sends back IKE_SA_INIT response with a Notify payload of MULTIPLE_AUTH_SUPPORTED with notification data missing. I have attached the wireshark. It would be great if someone can explain why this behavior. [IKEv2]$ ipsec --version Linux strongSwan U5.3.0/K3.8.13-16.2.1.el6uek.x86_64 Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. The following is the configuration. config setup charondebug=all conn %default keyingtries=1 keyexchange=ikev2 reauth=no conn psk left=172.16.55.62 leftsourceip=%config% leftfirewall=no leftauth=psk leftsubnet=172.16.0.0/16 right=172.16.135.192 rightid=172.16.135.192 rightsubnet=172.16.0.0/16 rightauth=psk esp=3des-aes-sha1-md5-modp1024 ike=3des-sha1-md5-modp1024 auto=add type=tunnel Thanks, Balaji
-- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature