none
default IPSEC stack dropping ESP packets RRS feed

  • Question

  • Hi,
    I am getting problem while sending ESP packets in a VPN solution.
    We are sending ESP by using RAW sockets.
    On inbound connection the windows default stack is dropping packets and it is increasing BadSPIPkt count.
    by using wfpdiag i could see that the following default IPSEC wfp layers are registered.
    <aggregateDropPacketStatistics>
    <invalidSpisOnInbound>12</invalidSpisOnInbound>
    Further I could see 
    <calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V4</calloutKey>
    <calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V4</calloutKey>
    <calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_INBOUND_TUNNEL_V6</calloutKey>
    <calloutKey>FWPM_CALLOUT_IPSEC_FORWARD_OUTBOUND_TUNNEL_V6</calloutKey>
    If anyone can suggest that how can I bypass this it will be helpfull.
    I tried disabling firewall but it does not help.
    Here netsh show the statistics.
    IPsec Statistics
    ----------------
    Active Assoc                : 0
    Offload SAs                 : 0
    Pending Key                 : 0
    Key Adds                    : 0
    Key Deletes                 : 0
    ReKeys                      : 0
    Active Tunnels              : 0
    Bad SPI Pkts                : 616
    Pkts not Decrypted          : 0
    Pkts not Authenticated      : 0
    Pkts with Replay Detection  : 0
    Confidential Bytes Sent     : 0
    Confidential Bytes Received : 0
    Authenticated Bytes Sent    : 0
    Authenticated Bytes Received: 0
    Transport Bytes Sent        : 0
    Transport Bytes Received    : 0
    Bytes Sent In Tunnels       : 0
    Bytes Received In Tunnels   : 0
    Offloaded Bytes Sent        : 0

    Offloaded Bytes Received    : 0

    Monday, June 6, 2016 12:18 PM