Created attachment 1932466 [details]
IPsec.Conf.1.2.1.7 pcap file

Description of problem:

In response to a mismatched DH group, the NUT sends an INVALID_KE_PAYLOAD with a nonzero Responder SPI.

According to RFC 7269 Section 2.6, "In the first message of an initial IKE exchange, the initiator will not know the responder's SPI value and will therefore set that field to zero. When the IKE_SA_INIT exchange does not result in the creation of an IKE SA due to INVALID_KE_PAYLOAD, NO_PROPOSAL_CHOSEN, or COOKIE, the responder's SPI will be zero also in the response message."

Therefore, the message containing the INVALID_KE_PAYLOAD should have a Responder SPI of zero.

Version-Release number of selected component (if applicable):
libreswan-4.6-3.el9

How reproducible:
100%

Steps to Reproduce:
Please refer to IPsec.Conf.1.2.1.7: IKE_SA_INIT Exchange with INVALID_KE_PAYLOAD at https://www.ipv6ready.org/docs/IPsec_IKEv2_Conformance.pdf for the full test procedure.

Actual results:

Expected results:

Additional info: