locked
Windows 10 IKEEXT IKEv2 tunnel not working RRS feed

  • Question

  • Hi.

    I am trying to bring up IPSec tunnel using IKEv2 on Windows with IKEEXT.

    I have setup WFP filter so that when there is a data traffic to a certain destination, Windows triggers IKE negotiation.

    However, as soon as the IKE negotiation is initiated, it fails<g class="gr_ gr_508 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Style replaceWithoutSep" data-gr-id="508" id="508">.(</g>Nothing happens from the user or <g class="gr_ gr_503 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling" data-gr-id="503" id="503">eventview</g> point of view. goes silent).

    I had captured trace and found out that following line.

    <Data Name="Function">IkeProcessAcquireDispatch</Data>
    <Data Name="ErrorCode">0x35F4</Data>

    which is "Negotiation request sat in Queue too long."

    Request initiation time was <TimeCreated SystemTime="2018-10-25T10:32:14.055553800-07:00" />

    and it fails at <TimeCreated SystemTime="2018-10-25T10:32:14.057093200-07:00" />

    Withing less than 1 second it fails right away?

    I strongly believe this is a bug in windows.

    I am attaching two consecutive events here.

    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1023</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2018-10-25T10:32:14.055553800-07:00" />
    <Correlation ActivityID="{000008b4-0000-0000-0000-000000000000}" />
    <Execution ProcessID="3576" ThreadID="4136" ProcessorID="0" KernelTime="0" UserTime="15" />
    <Channel>Microsoft-Windows-IKEDBG/Debug</Channel>
    <Computer />
    </System>
    <EventData>
    <Data Name="KeyingModule">IKEv2</Data>
    <Data Name="AcquireContext">3</Data>
    <Data Name="LocalAddressLength">      16</Data>
    <Data Name="LocalAddress">192.168.41.171</Data>
    <Data Name="RemoteAddressLength">      16</Data>
    <Data Name="RemoteAddress">64.95.137.20</Data>
    <Data Name="Mode">Tunnel Mode</Data>
    <Data Name="FilterId">9223372036854775896</Data>
    <Data Name="IPProtocol">       0</Data>
    <Data Name="InterfaceLuid">1689399632855040</Data>
    <Data Name="ProfileId">       1</Data>
    <Data Name="LocalUdpEncapPort">0</Data>
    <Data Name="RemoteUdpEncapPort">0</Data>
    <Data Name="MMTargetName">NULL</Data>
    <Data Name="EMTargetName">NULL</Data>
    <Data Name="NumTokens">       2</Data>
    <Data Name="Token1Type">Impersonation</Data>
    <Data Name="Token1Principal">Local</Data>
    <Data Name="Token1Mode">Main</Data>
    <Data Name="Token1">1004</Data>
    <Data Name="Token2Type">Impersonation</Data>
    <Data Name="Token2Principal">Local</Data>
    <Data Name="Token2Mode">Extended</Data>
    <Data Name="Token2">1004</Data>
    <Data Name="Token3Type">NULL</Data>
    <Data Name="Token3Principal">NULL</Data>
    <Data Name="Token3Mode">NULL</Data>
    <Data Name="Token3">0</Data>
    <Data Name="Token4Type">NULL</Data>
    <Data Name="Token4Principal">NULL</Data>
    <Data Name="Token4Mode">NULL</Data>
    <Data Name="Token4">0</Data>
    <Data Name="VirtualIfTunnelId">0x0</Data>
    <Data Name="TrafficSelectorId">0x0</Data>
    <Data Name="Flags">0x0</Data>
    <Data Name="RekeySPI">       0</Data>
    <Data Name="OrigVirtualIfTunnelId">0x0</Data>
    <Data Name="PacketLocalAddressLength">      16</Data>
    <Data Name="PacketLocalAddress">192.168.41.171:8</Data>
    <Data Name="PacketRemoteAddressLength">      16</Data>
    <Data Name="PacketRemoteAddress">10.100.2.1</Data>
    <Data Name="PacketIPProtocol">       1</Data>
    <Data Name="PacketInterfaceLuid">1689399632855040</Data>
    <Data Name="PacketProfileId">       1</Data>
    </EventData>
    <RenderingInfo Culture="en-US">
    <Level>Information </Level>
    <Opcode>Info </Opcode>
    <Keywords>
    <Keyword>ut:SendPath</Keyword>
    </Keywords>
    <Message>IPsec: Negotiation Request Initiated </Message>
    <Channel>Microsoft-Windows-IKEDBG/Debug</Channel>
    </RenderingInfo>
    </Event>
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider />
    <EventID>0</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>0</Task>
    <Opcode>32</Opcode>
    <Keywords>0x0</Keywords>
    <TimeCreated SystemTime="2018-10-25T10:32:14.057093200-07:00" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessID="3576" ThreadID="7652" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel />
    <Computer />
    </System>
    <BinaryEventData>5B8C470C5103B1418C584A6737DA32E3000000000000000000000000000000000204001304000000000000008000001000000000C6000000F20000001601000054010000000000006A0100007C01000000000000A801000004010000000000000000000002000000020000000100000000000000A00000000200010000000000010000000000000000000000B200000008001E00000000000100040000000000460075006E006300740069006F006E0000004500720072006F00720043006F006400650000004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D005700460050000000770069006E003A0049006E0066006F0072006D006100740069006F006E0061006C0000004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0049004B0045004400420047002F00440065006200750067000000750074003A0047006C006F00620061006C0000000000770069006E003A0049006E0066006F0000005700460050003A002000550073006500720020004D006F006400650020004500720072006F007200200000000F01010001FFFFA0000000448209004500760065006E007400440061007400610000000241FFFF3B0000008A6F04004400610074006100000023000000064B9504004E0061006D006500000005010800460075006E006300740069006F006E00020D0000020441FFFF3D0000008A6F04004400610074006100000025000000064B9504004E0061006D0065000000050109004500720072006F00720043006F0064006500020D01000804040000000000020100000000000000000000E0E9000000000000081E00000000000000000000F8E9000018000000460075006E006300740069006F006E0000000000180000004500720072006F00720043006F00640065000000</BinaryEventData>
    <ExtendedTracingInfo xmlns="http://schemas.microsoft.com/win/2004/08/events/trace">
    <EventGuid>{bbccf6c1-6cd1-48c4-80ff-839482e37671}</EventGuid>
    </ExtendedTracingInfo>
    </Event>
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2018-10-25T10:32:14.057093200-07:00" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessID="3576" ThreadID="7652" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel>Microsoft-Windows-IKEDBG/Debug</Channel>
    <Computer />
    </System>
    <EventData>
    <Data Name="Function">IkeProcessAcquireDispatch</Data>
    <Data Name="ErrorCode">0x35F4</Data>
    </EventData>
    <RenderingInfo Culture="en-US">
    <Level>Information </Level>
    <Opcode>Info </Opcode>
    <Keywords>
    <Keyword>ut:Global</Keyword>
    </Keywords>
    <Message>WFP: User Mode Error </Message>
    <Channel>Microsoft-Windows-IKEDBG/Debug</Channel>
    </RenderingInfo>
    </Event>

    Friday, October 26, 2018 4:50 PM