Bug #8304
closed
pfSense locks up when Android device connects to L2TP/IPsec VPN that uses forces SHA-256 in phase 2
0%
Description
Discovered this by trying to follow this tutorial and messing with the encryption settings.
[[https://doc.pfsense.org/index.php/L2TP/IPsec]]
It seems to be a very weird edge case where if I try to connect with my Android phone to the L2TP/IPsec VPN with only SHA-256 hashing enabled in phase 2, pfSense will lock up, spam errors to console, and get killed by the watchdog. I haven't encountered this crash before, and the crash doesn't happen with any other hash algorithms.
I'm running pfSense 2.4.2-RELEASE-p1 which has StrongSwan 5.6.0. I'm trying to connect from a phone running Android 7.0, security update December 1, 2017.
When I connect from my laptop running StrongSwan 5.6.1, the connection works fine.
The logs seem to get eaten during the crash, but I did upload the web configurator "crash report" about 20 minutes ago, and I've attached screenshots of my config. I've also attached a log from connecting with the same device, but using SHA-512 for phase 2, which doesn't crash pfSense.
Files
| ipsec-mobile clients.png (83.7 KB) ipsec-mobile clients.png | |||
| ipsec-phase 1.png (117 KB) ipsec-phase 1.png | |||
| ipsec-phase 2.png (74.4 KB) ipsec-phase 2.png | |||
| ipsec-tunnels.png (36.8 KB) ipsec-tunnels.png | |||
| sha512.log (31.8 KB) sha512.log | |||
| l2tp.PNG (70.8 KB) l2tp.PNG |
Updated by 
Updated by 
