[strongSwan-dev] charon.max_ikev1_exchanges
Joy M. Latten
jmlatten at linux.vnet.ibm.com
Wed Dec 2 01:01:50 CET 2015
Hi,
I have noticed that by default only 3 quick mode exchanges are tracked
for ikev1 in version 5.3.5. I was curious as to why the default is 3?
We have a setup between an ikev1 implementation and strongswan's ikev1
(version 5.3.2)
- lifetime of phase 1 SA are 2 minutes
- lifetime of phase 2 SAs are 1 minute
Initial SAs are initiated from strongswan and all works fine. I noted
strongswan does one quick mode exchange at a time in establishing each
child_SA.
The refreshes are driven by the other side who initiates multiple quick
mode exchanges concurrently. We then begin to see the following error in
log,
charon[6390]: 15[ENC] invalid HASH_V1 payload length, decryption failed?
I saw the following sequence in strongswan's log,
QM_1 for MID=2797947468 received
QM_2 for MID=2797947468 sent
QM_1 for MID=281474316 received
QM_1 for MID=3298933230 received
QM_1 for MID=1321662356 received
QM_2 for MID=3298933230 sent
By the time MID=2797947468 receives QM_3, his last IV has been removed
from the IV list for the IKE_SA and is no longer being tracked. Thus it
seems a new IV is generated and used to decrypt message 3 resulting in
the above error.
Hopefully I have read the code and concluded correctly. Is this expected
behavior?
I noted that version 5.3.5 contained some changes such that strongswan
uses max_ikev1_exchanges to track amount of IVs and QM exchanges. So we
tried version 5.3.5 with max_ikev1_exchanges=32. This time we did not
see the above error message until much later in the log.
In 5.3.5, if the QM count for the IKE_SA exceeds max_ikev1_exchanges,
strongswan removes the least current QMexchange. Thus possible to lose
an active QM exchange... which I am guessing happens since we are
refreshing several SAs that have a lifetime=1minute, that we might
possibly have 32 ongoing QM-exchanges for the IKE_SA... thus the above
error much later in the log...
Am I correct to conclude that at some point, depending on variables like
lifetime, number of child_sa, etc... max_ikev1_exchanges can easily or
eventually be reached in strongswan if the other side does not initiate
QM exchanges one at a time?
Thanks for any clarity, help or info. It is appreciated.
regards,
Joy
More information about the Dev
mailing list