Skip to main content
ssanga
Staff & Editor
ssanga
Staff & Editor
March 13, 2025

Technical Tip: FortiGate IKED Daemon Crash Due to Simultaneous FortiClient Negotiations with Two Gateway Profiles

  • March 13, 2025
  • 0 replies
  • 749 views
Description This article describes an issue where the IKE daemon (iked) may crash on FortiGate if the FortiClient attempts to negotiate with two different gateway profiles simultaneously.
Scope FortiGate v7.2.8, v7.2.9
Solution

When a FortiGate is configured with two dialup IPSec VPN connections using different proposals, authentication methods, and IP assignment strategies:

For example:

  • Gateway A: Uses certificate-based authentication and assigns an IP from a predefined range.
  • Gateway B: Uses EAP authentication and assigns an IP via DHCP.

If the FortiClient user rapidly switches between these profiles or when FortiClient attempts to connect both simultaneously, conflicts may occur, leading to tunnel instability and potential crashes in IKE negotiations.

16008: 2024-08-29 22:55:07 <06708> firmware FortiGate-201F v7.2.8,build1639b1639,240313 (GA.M) (Release)
16009: 2024-08-29 22:55:07 <06708> application iked
16010: 2024-08-29 22:55:07 <06708> *** signal 11 (Segmentation fault) received ***
16011: 2024-08-29 22:55:07 <06708> Register dump:
16012: 2024-08-29 22:55:07 <06708> RAX: 0000000000000000 RBX: 000000000b277fd0
16013: 2024-08-29 22:55:07 <06708> RCX: 0000000000000000 RDX: 0000000000000001
16014: 2024-08-29 22:55:07 <06708> R08: 0000000000000000 R09: 00000000051bda60
16015: 2024-08-29 22:55:07 <06708> R10: 00000000000002da R11: 0000000000000246
16016: 2024-08-29 22:55:07 <06708> R12: 000000000b277fc0 R13: 0000000000000000
16017: 2024-08-29 22:55:07 <06708> R14: 0000000000fe6d50 R15: 0000000002dcd4f0
16018: 2024-08-29 22:55:07 <06708> RSI: 0000000004065a0a RDI: 0000000000000000
16019: 2024-08-29 22:55:07 <06708> RBP: 00007fff86dbb450 RSP: 00007fff86dbb438
16020: 2024-08-29 22:55:07 <06708> RIP: 0000000000f7dbc0 EFLAGS: 0000000000010246
16021: 2024-08-29 22:55:07 <06708> CS: 0033 FS: 0000 GS: 0000
16022: 2024-08-29 22:55:07 <06708> Trap: 000000000000000e Error: 0000000000000004
16023: 2024-08-29 22:55:07 <06708> OldMask: 0000000000000000
16024: 2024-08-29 22:55:07 <06708> CR2: 0000000000000048
16025: 2024-08-29 22:55:07 <06708> stack: 0x7fff86dbb438 - 0x7fff86dbbf40
16026: 2024-08-29 22:55:07 <06708> Backtrace:
16027: 2024-08-29 22:55:07 <06708> [0x00f7dbc0] => /bin/iked => ike_ipv4_pool_clear at /code/daemon/ike/ike_ipv4_pool.c:72
16028: 2024-08-29 22:55:07 <06708> [0x00fe9fb3] => /bin/iked => list_del at /code/include/ulist.h:92
16029: 2024-08-29 22:55:07 <06708> [0x00fe6d84] => /bin/iked => check_expiration at /code/daemon/ike/schedule.c:152
16030: 2024-08-29 22:55:07 <06708> [0x0197a628] => /bin/iked => _fg_avl_traverse at /code/migbase/sysapi/timer/fg_avl_tree.c:46
16031: 2024-08-29 22:55:07 <06708> [0x00fe6dc1] => /bin/iked => ike_alarm_next at /code/daemon/ike/schedule.c:164
16032: 2024-08-29 22:55:07 <06708> [0x00fe728f] => /bin/iked => ike_sched_start at /code/daemon/ike/schedule.c:353
16033: 2024-08-29 22:55:07 <06708> [0x0105b4a5] => /bin/iked => ike_main at /code/daemon/ike/fortios/session.c:1872
16034: 2024-08-29 22:55:07 <06708> [0x0044be0f] => /bin/iked => fortiexecve at /code/sysinit/fortiexec.c:819
16035: 2024-08-29 22:55:07 <06708> [0x004512d8] => /bin/iked => run_initentry at /code/sysinit/init.c:979
16036: 2024-08-29 22:55:07 <06708> [0x00451a06] => /bin/iked => run_initlevel at /code/sysinit/init.c:1166
16037: 2024-08-29 22:55:07 <06708> [0x00454118] => /bin/iked => initd_mainloop at /code/sysinit/init.c:2424
16038: 2024-08-29 22:55:07 <06708> [0x00454be9] => /bin/iked => main at /code/sysinit/init.c:2892
16039: 2024-08-29 22:55:07 <06708> [0x7f32125aedeb] => /usr/lib/x86_64-linux-gnu/libc.so.6
16040: 2024-08-29 22:55:07 (__libc_start_main+0x000000eb) liboffset 00023deb
16041: 2024-08-29 22:55:07 <06708> [0x0044767a] => /bin/iked => _start at /build/glibc/glibc-2.30/csu/../sysdeps/x86_64/start.S:122
16042: 2024-08-29 22:55:07 <06708> fortidev 6.0.1.0005
16043: 2024-08-29 22:55:07 the killed daemon is /bin/iked: status=0xb
16044: 2024-08-29 23:55:07 iked crashed 1 times. The latest crash was at 2024-08-29 22:55:07.

Interesting registers:
R14: 0000000000fe6d50: check_expiration at /code/daemon/ike/schedule.c:146
RIP: 0000000000f7dbc0: ike_ipv4_pool_clear at /code/daemon/ike/ike_ipv4_pool.c:72

This issue has been resolved in v7.2.11, v7.4.8, v7.6.1.

Workaround:
Assign a different local-gateway on the IPsec tunnel.
    Terms & ConditionsAccessibility statement