The problem is that the last message comes from the initiator, and if this
message
got lost, the initiator never knew about it it unless the responder
retransmits the response
to the very first message from the initiator. It's an immanent feature of
IKEv1
caused by odd number of messages in these exchanges. It can't be solved.
I'm confused? Why does it matter if the initial aggressive mode request
is lost or the initial aggresside mode response is lost? to the
initiator, both look the same, so it should re-transmit its original
packet?
Aggressive Mode (and Quick Mode) consist of 3 messages.
If the initial message from initiator or (the response to it from responder)
get lost, that initiator can detect it (it doesn't receive the response)
and retransmit its initial message. But once it receives
response it sends the third (the last) message to the responder.
At this point the exchange is successfully completed from initiator's
point of view (and from its point of view there is no reason to restransmit
that last message). However, if that last message get lost, then the
exchange remains unfinished from responder's point of view.
The only thing the responder can do is to retransmit its response
to the initiator's initial message to force it to retransmit its last message.
In some cases workarounds are possible. For example,
the initiator may always retransmit its last message N times.
Another workaround is the following. In most cases Quic Mode
immediately follows Aggresive Mode. Since in case the last message
from initiator get lost the IKE SA is not created yet from responder's
point of view, it most likely won't reply at all or will reply with some error
like INVALID_MESSAGE_ID. So, no response or error response on initial
Quick Mode message immediately followed the last Aggressive Mode
message could be an indication for initiator that it must retransmit
not only that initial Quick Mode message, but also the last
message of Aggressive Mode.
But these are plain hacks. If Aggressive Mode happens alone
(e.g. when user pressed CONNECT button), then the only way to deal
with the possibility of the last message from initiator to get lost is to make
a responder to retransmit its response to the initial message.
And besides the possibility of amplification attack, IKEv1 has so many
problems, that the only reason it is still used is maintaining
interoperability
with older products.
It does have a cryptographically stronger PSK :)
That's true. However, it is almost impossible to use this feature
unless peers have fixed IP.
Regards,
Valery.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
