Develop Reference

Libreswan invalid peer id while connecting to ikev1 tunnel

I want to connect to a watchguard remote access vpn server. I got the following shrewsoft configuration file for that:
n:version:2
s:network-host:SERVER_IP
n:network-ike-port:500
s:client-auto-mode:pull
s:client-iface:virtual
n:client-addr-auto:1
n:network-mtu-size:1380
s:network-natt-mode:enable
n:network-natt-port:4500
n:network-natt-rate:20
s:network-frag-mode:disable
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:0
n:client-wins-used:1
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
s:auth-method:mutual-psk-xauth
b:auth-mutual-psk:SECRET
s:ident-client-type:ufqdn
s:ident-client-data:USERID
s:ident-server-type:any
s:phase1-exchange:aggressive
s:phase1-cipher:aes
n:phase1-keylen:256
s:phase1-hash:sha2-256
n:phase1-dhgroup:14
n:phase1-life-secs:86400
n:vendor-chkpt-enable:0
s:phase2-transform:esp-aes
n:phase2-keylen:256
s:phase2-hmac:sha2-256
n:phase2-pfsgroup:14
n:phase2-life-secs:28800
n:phase2-life-kbytes:0
s:ipcomp-transform:disabled
s:policy-level:unique
n:policy-nailed:0
n:policy-list-auto:0
s:policy-list-include:192.168.170.89 / 255.255.255.255
This just works fine on windows, but on linux without GUI there is a known bug that traffic to the vpn won't get routed.
So I tried using Libreswan to connect, here is my config for that:
conn VPN
authby=secret
keyexchange=ike
ikev2=no
auto=add
aggressive=yes
fragmentation=no
ike=aes256-sha2;modp2048
phase2=esp
phase2alg=aes256-sha2;modp2048
right=SERVER_IP
left=%defaultroute
leftid=#USERNAME
rightid=%any
rightnexthop=%defaultroute
rightsubnet=192.168.170.89/32
leftmodecfgclient=yes
modecfgpull=yes
nat-keepalive=yes
leftxauthclient=yes
leftxauthusername=XAUTH_USER
rightxauthserver=yes
But I get the following error in phase1:
002 "VPN" #1: initiating IKEv1 Aggressive Mode connection
110 "VPN" #1: sent Aggressive Mode request
002 "VPN" #1: Peer ID is ID_IPV4_ADDR: 'NOT_SERVER_IP'
003 "VPN" #1: Peer ID 'NOT_SERVER_IP' mismatched on first found connection and no better connection found
003 "VPN" #1: initial Aggressive Mode packet claiming to be from SERVER_IP on SERVER_IP:500 but no connection has been authorized
218 "VPN" #1: sending notification INVALID_ID_INFORMATION to SERVER_IP:500
SERVER_IP refers to the vpn gateway IP and NOT_SERVER_IP refers to some "random" ipv4
As I said, this happens only with libreswan and not with shrewsoft. Is there any common configuration missing?
I even captured the initial ISAKMP request from shrewsoft and libreswan,
libreswan
shrewsoft
really appreciate any help on this topic
I tried setting the rightip to the ip provided in the libreswan response, but than I get
received Hash Payload does not match computed value
223 "VPN" #1: sending notification INVALID_HASH_INFORMATION to SERVER_IP:500
Which should be a result of using the wrong id in the request

After HTTP Keep Alive timeout new HTTP request arrives

Our application is ExtJS 3.4 based application we are frequently getting "Communication Failure" error on UI , we have our application deployed on different domain but on some domain we get this very frequently .
Without HTTP Keep Alive we are not getting that error. :
But in different scenarios for 1 sec and 5 sec we get it quite frequently.
We have observed on Wireshark was due to high RTT (Round Trip Time) the request were taking more time than expected.
There were inconsistency in packet flow the scenario was :
If keep alive was 5 sec :
When a request is successfully served it will return 200 OK(success response) and timeout parameter of 5 sec (where server tries to say to client that server will wait for 5 sec before closing this connection).
Now as soon as 5 sec of time is elapsed Server sends a FIN Packet(Finish packet which is to close connection is sent from server to client which is browser in our case).
Now here is the catch the time taken by ACK (Acknowledge Packet) from client to close connection is high ( high RTT).
Now server has initiated close but due to high RTT before the connection is closed client sends a new HTTP request(for eg ExampleABC.do request) before server receives ACK for FINISH from client.
Because of which server was not able to handle that request since it has initiated connection close.
Setting 1 sec as keep alive meant we are reducing time the server will wait to close the connection since we wanted after 1 sec one connection is to be closed and fresh connection is setup for new request to avoid unwanted request coming after 5 sec .
Thanks in advance
This is my first post please correct me if needed.
Sorry for bad English :)
Image for communication failure :

We solved this issue by synchronizing browser timeout and server timeouts.
The fix was to make sure the TCP keepalive time and browser coincide or come at same time, causing the TCP connection to completely drop.

SignalR ServerSentEvents behaves abnormally with ARR

In my application everything with SignalR was fine until i configured ARR, after that ServerSentEvents protocol was not getting connected and displays error of timeout, I google for it than I found a solution to set "response buffer threshold" to 0 in ARR.
After that ServerSentEvents get connected but after timeout 2 to 3 time, I tried a lot to figure it out but not able to understand why its not getting connected for the very first time and my other issue is that when server push a message to client it takes about 3 to 5 seconds to receive by the client but when i push more messages in same time from server then client receives all messages immediately but it takes 3 to 5 seconds again for the last message, I don't know if signalr having some sort of queuing mechanism for serversentevent or something like that,
All these issues are after configuring of ARR
So, any help will be appreciable

Does SignalR provide message integrity mechanisms which ensure that no messages are lost during client reconnect

Abstract
Hi, I was pondering whether it is possible to loose a message with SignalR. Suppose client disconnects but eventually reconnects in a short amount of time, for example 3 seconds. Will the client get all of the messages that were sent to him while he was disconnected?
For example let's consider LongPolling transport. As far as I'm aware long polling is a simple http request that is issued in advance by the client in order to wait a server event.
As soon as server event occurs the data getting published on the http request which leads to closing connection on issued http request. After that, client issues new http request that repeats the whole loop again.
The problem
Suppose two events happened on the server, first A then B (nearly instantly). Client gets message A which results with closing http connection. Now to get message B client has to issue second http request.
Question
If the B event happened while the client was disconnected from the server and was trying to reconnect.
Will the client get the B message automatically, or I have to invent some sort of mechanisms that will ensure message integrity?
The question applies not only to long-polling but to general situation with client reconnection.
P.S.
I'm using SignalR Hubs on the server side.
EDIT:
I've found-out that the order of messages is not guaranteed, I was not able to make SignalR loose messages

The answer to this question lies in the EnqueueOperation method here...
https://github.com/SignalR/SignalR/blob/master/src/Microsoft.AspNet.SignalR.Core/Transports/TransportDisconnectBase.cs
protected virtual internal Task EnqueueOperation(Func<object, Task> writeAsync, object state)
{
if (!IsAlive)
{
return TaskAsyncHelper.Empty;
}
// Only enqueue new writes if the connection is alive
Task writeTask = WriteQueue.Enqueue(writeAsync, state);
_lastWriteTask = writeTask;
return writeTask;
}
When the server sends a message to a client it calls this method. In your example above, the server would enqueue 2 messages to be sent, then the client would reconnect after receiving the first, then the second message would be sent.
If the server queues and sends the first message and the client reconnects, there is a small window where the second message could attempt to be enqueued where the connection is not alive and the message would be dropped at the server end. Then after reconnect the client wouldn't get the second message.
Hope this helps

Newby to TcpClient Server

I have inherited a project which involves a client connection to a server which in turn connects to another server in some instances.
The client starts a transaction which is sent to Server A which in turn sends xml to Server B. Server B returns xml to server A which returns it to client.
Each transaction requires this loop to be executed 3 or 4 times depending on client selections after the first loop has completed.
Server B requires that the connection from Server A remain open for the duration of the transaction and a sessionid is assigned as part of the return xml message after the initial connection is made.
My problem comes in when another client connects to server A and therefore a new transaction is triggered between Server A and Server B and due to my lack of experience with TcpClient programming I am unable to identify which connection is linked to each individual client. Currently there are over 200 clients and there are times when there could be upto 50 transactions at differing stages of completion.
Each client sends a unique identifier with every transaction and Server B sends a unique session id with every connection, I need to figure out a way of linking the 2 on server A.