Issue #2705
Updated by Tobias Brunner about 7 years ago
Hi,
We have a requirement to send configuration payload in create child sa, But strwongswan doesnt send even when leftsource ip is correctly specified, These are the steps
Strongswan as Inititor:
1) Configure strongwan with unsupported esp algorithms , observe IKE_SA gets established
<pre>
conn pluto
left=192.168.83.83
leftprotoport=%any
leftsourceip=%config
leftauth=psk
leftid=1234567890123456
eap_identity=1234567890123456
keyingtries=2
leftsubnet=20.2.0.0/16
right=192.168.107.170
rightid=%any
rightsubnet=172.16.16.1/16
rightauth=%any
auto=add
ike=aes-sha1-md5-modp1024
esp=blowfish-sha1-md5-modp1024!
keyexchange=ikev2
ikelifetime=3700s
type=tunnel
lifetime=600s
margintime=1s
rekey=yes
dpddelay=60s
dpdaction=restart
modeconfig=pull
</pre>
2) After step 1, NO_PROPOSAL_CHOSEN is observed
Now esp is modified to "esp=aes-sha1-md5-modp1024 "
Reload, Reestablish tunnel. Observe Create_Childsa request is sent with out configuration payload.
could you please let us kow how to send CP in Create_ChildSa request
Thanks,
Ravisankar
We have a requirement to send configuration payload in create child sa, But strwongswan doesnt send even when leftsource ip is correctly specified, These are the steps
Strongswan as Inititor:
1) Configure strongwan with unsupported esp algorithms , observe IKE_SA gets established
<pre>
conn pluto
left=192.168.83.83
leftprotoport=%any
leftsourceip=%config
leftauth=psk
leftid=1234567890123456
eap_identity=1234567890123456
keyingtries=2
leftsubnet=20.2.0.0/16
right=192.168.107.170
rightid=%any
rightsubnet=172.16.16.1/16
rightauth=%any
auto=add
ike=aes-sha1-md5-modp1024
esp=blowfish-sha1-md5-modp1024!
keyexchange=ikev2
ikelifetime=3700s
type=tunnel
lifetime=600s
margintime=1s
rekey=yes
dpddelay=60s
dpdaction=restart
modeconfig=pull
</pre>
2) After step 1, NO_PROPOSAL_CHOSEN is observed
Now esp is modified to "esp=aes-sha1-md5-modp1024 "
Reload, Reestablish tunnel. Observe Create_Childsa request is sent with out configuration payload.
could you please let us kow how to send CP in Create_ChildSa request
Thanks,
Ravisankar