Hi, I am seeing a problem when a Juniper SSG sends multiple Quick Mode requests (for different tunnels) in one quick succession. Our version of strongswan is 5.1.2 with some selective fixes from later. I see the following happen
1. Juniper sends 3 Quick mode initiation messages. 2. 2 of these messages are handled by 2 separate quick mode tasks on strongswan and they respond to the peer. 3. The left over quick mode message from 1 gets handed over to a task from 2. 4. That task seems to handle this message like the 3rd message from the handshake and a Child SA is established. 5. The actual third message from the Juniper comes and is given to another quick mode task that now returns a Malformed Packet error. 6. Somewhere down the line I also see an invalid hash message and message decryption failed. I would to know if something like this is possible and has been seen by others. How is the decision to hand over a Quick mode initiation message to a task that is awaiting the third Quick mode message is made? How would I fix something like this? regards, sk
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
