[Openswan Users] Re: Wierd ISAKMP message
Shaheen Ali
ali at smallmoon.com
Fri Jan 14 09:01:51 CET 2005
> On Thu, 13 Jan 2005, Shaheen Ali wrote:
>
>> Our testers have come up with a really wierd IPSEC security association
message. It has two proposals in it, both for the same protocol
ISAKMP.
>>
>> In each proposal is the exact same transform, 3des and sha1.
>>
>> I think pluto (openswan-1.0.7) rejects the message with a notification
malformed payload.
>
> What version of openswan is generating these packets? If it is 2.2.x
then this is a known bug and has been fixed.
>
> Paul
>
Sorry to confuse you. The strangely formed packet was from a simulator,
it was generated intentionally. My question is whether or not that is a
legit packet. I may not have mentioned that this was the first message in
a main mode phase 1 negotiation.
I did a little RFC digging and 2409, section 5 seems to say that you
cannot have two proposals just many transforms in one proposal.
Shaheen
More information about the Users
mailing list