Bug #752: With fragmentation=yes ikev2 rekeying fails - strongSwan

Bug #752

With fragmentation=yes ikev2 rekeying fails

Added by Volker Rümelin about 6 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

libcharon

Target version:

5.2.2

Start date:

28.10.2014

Due date:

Estimated time:

Affected version:

5.2.1

Resolution:

Fixed

Description

Hi Tobias,

strongswan 5.2.1 ikev2 rekeying fails if the CREATE_CHILD_SA request is sent as fragments.

ipsec.conf:
conn home-online
        keyexchange=ikev2
        keyingtries=%forever
        dpdaction=restart
        leftsubnet=87.x.x.x/32,2001:x:x:0::/64
        right=212.x.x.x
        rightsubnet=212.x.x.x/32,2001:x:x:10::/64
        rightid="@sun.example.com" 
        ike=aes256-sha2_256-modp2048,aes128-sha1-modp2048!
        esp=aes256-sha2_256-modp2048,aes128-sha1-modp2048!
        mobike=no
        fragmentation=yes
        auto=start

Initiator log:
Oct 27 22:42:36 srv charon: 09[KNL] creating rekey job for ESP CHILD_SA with SPI cb3091e1 and reqid {5}
Oct 27 22:42:36 srv charon: 09[IKE] establishing CHILD_SA home-online{5}
Oct 27 22:42:36 srv charon: 09[ENC] generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) SA No KE TSi TSr ]
Oct 27 22:42:36 srv charon: 09[ENC] splitting IKE message with length of 608 bytes into 2 fragments
Oct 27 22:42:36 srv charon: 09[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in CREATE_CHILD_SA request
Oct 27 22:42:36 srv charon: 09[ENC] generating CREATE_CHILD_SA request 2 [ EF ]
Oct 27 22:42:36 srv charon: 09[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in CREATE_CHILD_SA request
Oct 27 22:42:36 srv charon: 09[ENC] generating CREATE_CHILD_SA request 2 [ EF ]
Oct 27 22:42:36 srv charon: 09[NET] sending packet: from 87.x.x.x[500] to 212.x.x.x[500] (548 bytes)
Oct 27 22:42:36 srv charon: 09[NET] sending packet: from 87.x.x.x[500] to 212.x.x.x[500] (132 bytes)
Oct 27 22:42:36 srv charon: 11[NET] received packet: from 212.x.x.x[500] to 87.x.x.x[500] (80 bytes)
Oct 27 22:42:36 srv charon: 11[ENC] parsed CREATE_CHILD_SA response 2 [ N(INVAL_SYN) ]
Oct 27 22:42:36 srv charon: 11[IKE] received INVALID_SYNTAX notify error
Oct 27 22:42:36 srv charon: 11[IKE] CHILD_SA rekeying failed, trying again in 15 seconds
Oct 27 22:42:36 srv charon: 08[NET] received packet: from 212.x.x.x[500] to 87.x.x.x[500] (80 bytes)
Oct 27 22:42:36 srv charon: 08[ENC] parsed CREATE_CHILD_SA response 2 [ N(INVAL_SYN) ]
Oct 27 22:42:36 srv charon: 08[IKE] received message ID 2, expected 3. Ignored

Responder log:
Oct 27 22:42:36 sun charon: 10[NET] received packet: from 87.x.x.x[500] to 212.x.x.x[500] (548 bytes)
Oct 27 22:42:36 sun charon: 10[ENC] payload of type SECURITY_ASSOCIATION not occurred 1 times (0)
Oct 27 22:42:36 sun charon: 10[IKE] message verification failed
Oct 27 22:42:36 sun charon: 10[ENC] generating CREATE_CHILD_SA response 2 [ N(INVAL_SYN) ]
Oct 27 22:42:36 sun charon: 10[NET] sending packet: from 212.x.x.x[500] to 87.x.x.x[500] (80 bytes)
Oct 27 22:42:36 sun charon: 10[IKE] CREATE_CHILD_SA request with message ID 2 processing failed
Oct 27 22:42:36 sun charon: 03[NET] received packet: from 87.x.x.x[500] to 212.x.x.x[500] (132 bytes)
Oct 27 22:42:36 sun charon: 03[ENC] payload of type SECURITY_ASSOCIATION not occurred 1 times (0)
Oct 27 22:42:36 sun charon: 03[IKE] message verification failed
Oct 27 22:42:36 sun charon: 03[ENC] generating CREATE_CHILD_SA response 2 [ N(INVAL_SYN) ]
Oct 27 22:42:36 sun charon: 03[NET] sending packet: from 212.x.x.x[500] to 87.x.x.x[500] (80 bytes)
Oct 27 22:42:36 sun charon: 03[IKE] CREATE_CHILD_SA request with message ID 2 processing failed

Regards,
Volker

Associated revisions

Revision b0891697 (diff)
Added by Tobias Brunner about 6 years ago

message: Include encrypted fragment payload in payload (order) rules

Otherwise fragmented CREATE_CHILD_SA exchanges won't get accepted
because they don't contain an SA payload.

It also prevents a warning when ordering payloads.

Fixes #752.

History

#1 Updated by Tobias Brunner about 6 years ago

Status changed from New to Feedback
Assignee set to Tobias Brunner
Target version set to 5.2.2

Thanks for the report.

While encrypted fragment payloads are mostly handled like encrypted payloads, they are in some cases treated like regular payloads. Unfortunately, I missed to update the arrays that define the payload ordering and the allowed payloads for each exchange. This isn't a problem for IKE_AUTH as it has no mandatory payloads defined (the only issue there is the warning regarding payload ordering, which I never noticed for some reason). On the other hand, we require certain payloads in a CREATE_CHILD_SA exchange and therefore processing fails if the only payload found is an encrypted fragment. The patch in the frag-rekey branch should fix the problem.

#2 Updated by Volker Rümelin about 6 years ago

Yes, your patch fixes the problem.

#3 Updated by Tobias Brunner about 6 years ago

Status changed from Feedback to Closed
Resolution set to Fixed

#4 Updated by Tobias Brunner about 6 years ago

Thanks for testing!

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

New issues