Page MenuHomeVyOS Platform

bugfix for IKEv2 some problems.
Closed, WontfixPublicBUG



StrongSwan's charon (v4.5.2) has some problems.

1. Collision occurs at rekey, VPN keep disconnected.

when keylife is short , Collision occurs at rekey.

IKEv2 05[IKE] CHILD_SA rekey collision lost, deleting rekeyed child

I'd backport this issue.

bug report at StrongSwan
source code
bugfix in StrongSwan 5.4.0

2. Collision occurs at rekey, segmentation fault occurs with IPsec VTI

ipsec_starter[17127]: charon has died -- restart scheduled (5sec)

A null pointer is referenced and a segmentation fault occurs.
The above problems can be reproduced by bellow setting.



Test status

working fine at nifcloud VPN Gateway.

Best regards.


Difficulty level
Unknown (require assessment)
VyOS 1.1.8
Why the issue appeared?
Will be filled on close

Event Timeline

syncer triaged this task as Normal priority.May 27 2018, 9:52 AM
syncer added subscribers: dmbaturin, syncer.

@dmbaturin can i mark this as wontfix for 1.1.x?

IKEv2 is not good in Strong Swan 4.5 at all. There is incompatibility with some other clients.

It's better to force 1.2 release instead.

syncer claimed this task.

please test on 1.2 and open new task if issue still exists