[Swan] ikev2 and win7

Paul Wouters paul at nohats.ca
Mon Jun 8 17:33:01 EEST 2015


On Fri, 15 May 2015, Bob Miller wrote:

> Subject: Re: [Swan] ikev2 and win7

> This also showed up here and there with apparently the same root cause:
>
> protocol ID of IKEv2 Delete Payload has an unknown value: 0
> "rw-ikev2"[2] 199.247.183.223 #15: malformed payload in packet
> "rw-ikev2"[2] 199.247.183.223 #15: sending unencrypted notification 
> v2N_INVALID_SYNTAX to 199.247.183.223:1349

So that's clearly an implementation bug:

https://tools.ietf.org/html/rfc7296#section-3.11

 	Protocol ID (1 octet) - Must be 1 for an IKE SA, 2 for AH, or 3
 	for ESP.

>>  Yes, but you will need newer than 3.12 code for that. We should have
>>  a developer release out for 3.13 in a day or two. Or you can try your
>>  luck at the github master branch.
>
> My luck has been pretty good till now, I think better to leave it that way. 
> Looking forward to the new release though...

You should try
http://download.libreswan.org/development/libreswan-3.14rc1.tar.gz

Note that it seems Windows Phone got an update today, so if using
phones, it might be worth it to re-test some things as well.

Paul


More information about the Swan mailing list