Hi,
Besides the misbehavior of the TN under main mode SGW which I reported
before, I found some problems in aggressive mode:
(My platform is FreeBSD-7.0, and the test script is IKE_Self_Test_1-0-5)
#29 cerficiate payload format, #30 implementation of Aggressive mode
with RSA signature, #166 cerficiate payload format:
The ISAKMP packet sent by TN does not carry Certificate Request
payload, and thus our device won't respond with a certificate payload.
The test item in main mode will carry Certificate Request, however.
#144 Transform Payload Format, #154 Multiple Transform Payload:
The ID payload carried by the TN is strange: it is supposed to be
the IP address which solicits the negotiation. In the packet dump, the
ID payload carries
policy source address. Even this is the case, the remote configuration
does not notify the ID content information, and that would result in the
failure.
The attached file is the tarball for the related dump.
Also I want to know if there's any progress towards my previous
questions about IKE testing.
Thanks.
BR,
Yi-Wen
647_2.gz