<div dir="ltr">Hi,<br><br>using a bit old Strongswan 5.6.0 as server and iOS clients with IKEv2 and eap-radius. Following ipsec.conf:<br><br>conn ios_ikev2_with_auth<br>        keyexchange=ikev2<br>        left=%defaultroute<br>        leftid="anonymized"<br>        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br>        leftcert=server.crt<br>        leftsendcert=always<br>        right=%any<br>        rightsourceip=<a href="http://198.18.64.0/20">198.18.64.0/20</a><br>        rightreassignafter=60<br>        lifetime=80m<br>        auto=add<br>        rightauth=eap-radius<br>        eap_identity=%identity<br>        dpdaction=clear<br>        forceencaps=yes<br>        fragmentation=yes<br>        ike="aes256gcm16-prfsha1-modp1536,aes256gcm16-prfsha1-modp2048"<br>        esp="aes256gcm16,aes128gcm16"<br><br>and strongswan.conf:<br><br>charon {<br><br>        threads = 16<br><br>        interfaces_use = eth1<br><br>        process_route = no<br><br>        install_routes = no<br><br>        load_modular = yes<br><br>        plugins {<br>                attr {<br>                        load = yes<br>                        dns = anonymized<br>                }<br>                eap-radius {<br>                        load = yes<br>                        accounting = yes<br>                        servers {<br>                                primary {<br>                                        address = 127.0.0.1<br>                                        secret = anonymized<br>                                        auth_port = anonymized<br>                                        acct_port = anonymized<br>                                        sockets = 3<br>                                }<br>                        }<br>                }<br><br>                constraints {<br>                        load = yes<br>                }<br>                ctr {<br>                        load = yes<br>                }<br>                rc2 {<br>                        load = yes<br>                }<br>                md4 {<br>                        load = yes<br>                }<br>                unity {<br>                        load = yes<br>                }<br>                led {<br>                        load = yes<br>                }<br>                certexpire {<br>                        load = yes<br>                        csv {<br>                        }<br>                }<br>                gcrypt {<br>                        load = yes<br>                }<br>                random {<br>                        load = yes<br>                }<br>                revocation {<br>                        load = yes<br>                }<br>                cmac {<br>                        load = yes<br>                }<br>                x509 {<br>                        load = yes<br>                }<br>                test-vectors {<br>                        load = yes<br>                }<br>                aes {<br>                        load = yes<br>                }<br>                ccm {<br>                        load = yes<br>                }<br>                pubkey {<br>                        load = yes<br>                }<br>                error-notify {<br>                        load = yes<br>                }<br>                xcbc {<br>                        load = yes<br>                }<br>                af-alg {<br>                        load = yes<br>                }<br>                medcli {<br>                        load = yes<br>                }<br>                resolve {<br>                        load = yes<br>                        resolvconf {<br>                        }<br>                }<br>                farp {<br>                        load = yes<br>                }<br>                pkcs7 {<br>                        load = yes<br>                }<br>                hmac {<br>                        load = yes<br>                }<br>                updown {<br>                        load = yes<br>                }<br>                pkcs1 {<br>                        load = yes<br>                }<br>                pgp {<br>                        load = yes<br>                }<br>                dnskey {<br>                        load = yes<br>                }<br>                sshkey {<br>                        load = yes<br>                }<br>                xauth-generic {<br>                        load = yes<br>                }<br>                pem {<br>                        load = yes<br>                }<br>                pkcs12 {<br>                        load = yes<br>                }<br>                md5 {<br>                        load = yes<br>                }<br>                sha2 {<br>                        load = yes<br>                }<br>                nonce {<br>                        load = yes<br>                }<br>                kernel-netlink {<br>                        load = yes<br>                }<br>                gmp {<br>                        load = yes<br>                }<br>                dhcp {<br>                        load = yes<br>                }<br>                pkcs11 {<br>                        load = yes<br>                        modules {<br>                        }<br>                }<br>                tnc-tnccs {<br>                        load = yes<br>                }<br>                fips-prf {<br>                        load = yes<br>                }<br>                lookip {<br>                        load = yes<br>                }<br>                rdrand {<br>                        load = yes<br>                }<br>                openssl {<br>                        load = yes<br>                }<br>                xauth-noauth {<br>                        load = yes<br>                }<br>                gcm {<br>                        load = yes<br>                }<br>                addrblock {<br>                        load = yes<br>                }<br>                medsrv {<br>                        load = yes<br>                }<br>                curl {<br>                        load = yes<br>                }<br>                pkcs8 {<br>                        load = yes<br>                }<br>                sha1 {<br>                        load = yes<br>                }<br>                stroke {<br>                        load = yes<br>                }<br>                socket-default {<br>                        load = yes<br>                }<br>                eap-tls {<br>                        load = yes<br>                }<br>                eap-identity {<br>                        load = yes<br>                }<br>        }<br>}<br><br>Occasionally, if client is in a bad network, server side IKEv2 message request/response state machine seems to go to state where it does not respond to request it receives from client. Particularly it seems to occur if the previous request is fragmented and has been already responded and then receiving retransmission of already responded request only partially. After that Strongswan server is not responding to next request coming from client. Issue is quite hard to reproduce so providing all info mentioned in <a href="https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests">https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests</a> is a bit difficult. Managed to get following logs from the situation:<br><br>1) Server receives request 7 in 3 fragments:<br><br>2020-10-26T09:57:57.816620+00:00 test-server charon: 14[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:57:57.817118+00:00 test-server charon: 14[ENC] parsed IKE_AUTH request 7 [ EF(2/3) ]<br>2020-10-26T09:57:57.817531+00:00 test-server charon: 14[ENC] received fragment #2 of 3, waiting for complete IKE message<br>2020-10-26T09:57:57.824152+00:00 test-server charon: 15[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (140 bytes)<br>2020-10-26T09:57:57.824779+00:00 test-server charon: 15[ENC] parsed IKE_AUTH request 7 [ EF(3/3) ]<br>2020-10-26T09:57:57.825213+00:00 test-server charon: 15[ENC] received fragment #3 of 3, waiting for complete IKE message<br>2020-10-26T09:57:58.816896+00:00 test-server charon: 16[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:57:58.817497+00:00 test-server charon: 16[ENC] parsed IKE_AUTH request 7 [ EF(1/3) ]<br>2020-10-26T09:57:58.817953+00:00 test-server charon: 16[ENC] received fragment #1 of 3, reassembling fragmented IKE message<br>2020-10-26T09:57:58.818381+00:00 test-server charon: 16[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TLS ]<br>2020-10-26T09:57:58.818788+00:00 test-server charon: 16[IKE] EAP_TLS payload => 1024 bytes @ 0x7f47c4001770<br><br>2) Server sends response 7:<br><br>2020-10-26T09:57:58.847587+00:00 test-server charon: 16[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TLS ]<br>2020-10-26T09:57:58.848096+00:00 test-server charon: 16[NET] sending packet: from <anonymized server ip>[4500] to <anonymized client ip>[4500] (67 bytes)<br><br>3) Server receives request 7 again but fragment 1 is missing (server starts waiting for fragment 1 or retransmission of request 7):<br><br>2020-10-26T09:57:58.848501+00:00 test-server charon: 08[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:57:58.848902+00:00 test-server charon: 08[ENC] parsed IKE_AUTH request 7 [ EF(2/3) ]<br>2020-10-26T09:57:58.849298+00:00 test-server charon: 08[ENC] received fragment #2 of 3, waiting for complete IKE message<br>2020-10-26T09:57:58.849698+00:00 test-server charon: 08[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (140 bytes)<br>2020-10-26T09:57:58.850093+00:00 test-server charon: 08[ENC] parsed IKE_AUTH request 7 [ EF(3/3) ]<br>2020-10-26T09:57:58.850509+00:00 test-server charon: 08[ENC] received fragment #3 of 3, waiting for complete IKE message<br><br>4) Server receives request 8 which means that client received response 7. However, for some reason server is not responding to it.<br><br>2020-10-26T09:57:59.885632+00:00 test-server charon: 09[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:57:59.886200+00:00 test-server charon: 09[ENC] parsed IKE_AUTH request 8 [ EF(1/2) ]<br>2020-10-26T09:57:59.886624+00:00 test-server charon: 10[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (308 bytes)<br>2020-10-26T09:57:59.887044+00:00 test-server charon: 10[ENC] parsed IKE_AUTH request 8 [ EF(2/2) ]<br>2020-10-26T09:58:00.880421+00:00 test-server charon: 11[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:58:00.881109+00:00 test-server charon: 11[ENC] parsed IKE_AUTH request 8 [ EF(1/2) ]<br>2020-10-26T09:58:00.888986+00:00 test-server charon: 12[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (308 bytes)<br>2020-10-26T09:58:00.889507+00:00 test-server charon: 12[ENC] parsed IKE_AUTH request 8 [ EF(2/2) ]<br><br>5) Server keeps on receiving request 8 as client is resending it but server is not responding at all, finally SA is deleted as negotiation does not complete.<br><br>2020-10-26T09:58:02.890462+00:00 test-server charon: 14[ENC] parsed IKE_AUTH request 8 [ EF(1/2) ]<br>2020-10-26T09:58:06.894558+00:00 test-server charon: 07[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:58:06.895142+00:00 test-server charon: 07[ENC] parsed IKE_AUTH request 8 [ EF(1/2) ]<br>2020-10-26T09:58:06.895654+00:00 test-server charon: 09[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (308 bytes)<br>2020-10-26T09:58:06.896156+00:00 test-server charon: 09[ENC] parsed IKE_AUTH request 8 [ EF(2/2) ]<br>2020-10-26T09:58:14.894535+00:00 test-server charon: 13[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (540 bytes)<br>2020-10-26T09:58:14.895174+00:00 test-server charon: 13[ENC] parsed IKE_AUTH request 8 [ EF(1/2) ]<br>2020-10-26T09:58:14.903061+00:00 test-server charon: 14[NET] received packet: from <anonymized client ip>[4500] to <anonymized server ip>[4500] (308 bytes)<br>2020-10-26T09:58:14.903576+00:00 test-server charon: 14[ENC] parsed IKE_AUTH request 8 [ EF(2/2) ]<br>2020-10-26T09:58:17.039947+00:00 test-server charon: 06[JOB] deleting half open IKE_SA with <anonymized client ip> after timeout<br><br>According to IKEv2 spec (<a href="https://tools.ietf.org/html/rfc4306#section-2.1">https://tools.ietf.org/html/rfc4306#section-2.1</a>):<br><br>The responder MUST remember each<br>response until it receives a request whose sequence number is larger<br>than the sequence number in the response plus its window size<br><br>Not very familiar with the protocol details but based on the above spec statement, strongswan should ignore incomplete second request 7 (at step 5) as it already received the request with increased sequence number 8 (meaning that client must have received response 7).<br><br>Tried to also compare on code level Strongswan 5.9.0 and 5.6.0 differences (especially in libcharon/sa/ikev2/task_manager_v2.c and  libcharon/encoding/message.c) and possible fixes for the issue but didn't find anything which could help. <br><br>Does this look like Strongswan server issue or is iOS client doing something wrong here?<br><br>Thanks,<br>Totti<br></div>