When a FortiGate is configured with two dialup IPSec VPN connections using different proposals, authentication methods, and IP assignment strategies:

For example:

• Gateway A: Uses certificate-based authentication and assigns an IP from a predefined range.
• Gateway B: Uses EAP authentication and assigns an IP via DHCP.
  
  

If the FortiClient user rapidly switches between these profiles or when FortiClient attempts to connect both simultaneously, conflicts may occur, leading to tunnel instability and potential crashes in IKE negotiations.

16008: 2024-08-29 22:55:07 <06708> firmware FortiGate-201F v7.2.8,build1639b1639,240313 (GA.M) (Release)
16009: 2024-08-29 22:55:07 <06708> application iked
16010: 2024-08-29 22:55:07 <06708> *** signal 11 (Segmentation fault) received ***
16011: 2024-08-29 22:55:07 <06708> Register dump:
16012: 2024-08-29 22:55:07 <06708> RAX: 0000000000000000 RBX: 000000000b277fd0
16013: 2024-08-29 22:55:07 <06708> RCX: 0000000000000000 RDX: 0000000000000001
16014: 2024-08-29 22:55:07 <06708> R08: 0000000000000000 R09: 00000000051bda60
16015: 2024-08-29 22:55:07 <06708> R10: 00000000000002da R11: 0000000000000246
16016: 2024-08-29 22:55:07 <06708> R12: 000000000b277fc0 R13: 0000000000000000
16017: 2024-08-29 22:55:07 <06708> R14: 0000000000fe6d50 R15: 0000000002dcd4f0
16018: 2024-08-29 22:55:07 <06708> RSI: 0000000004065a0a RDI: 0000000000000000
16019: 2024-08-29 22:55:07 <06708> RBP: 00007fff86dbb450 RSP: 00007fff86dbb438
16020: 2024-08-29 22:55:07 <06708> RIP: 0000000000f7dbc0 EFLAGS: 0000000000010246
16021: 2024-08-29 22:55:07 <06708> CS: 0033 FS: 0000 GS: 0000
16022: 2024-08-29 22:55:07 <06708> Trap: 000000000000000e Error: 0000000000000004
16023: 2024-08-29 22:55:07 <06708> OldMask: 0000000000000000
16024: 2024-08-29 22:55:07 <06708> CR2: 0000000000000048
16025: 2024-08-29 22:55:07 <06708> stack: 0x7fff86dbb438 - 0x7fff86dbbf40
16026: 2024-08-29 22:55:07 <06708> Backtrace:
16027: 2024-08-29 22:55:07 <06708> [0x00f7dbc0] => /bin/iked => ike_ipv4_pool_clear at /code/daemon/ike/ike_ipv4_pool.c:72
16028: 2024-08-29 22:55:07 <06708> [0x00fe9fb3] => /bin/iked => list_del at /code/include/ulist.h:92
16029: 2024-08-29 22:55:07 <06708> [0x00fe6d84] => /bin/iked => check_expiration at /code/daemon/ike/schedule.c:152
16030: 2024-08-29 22:55:07 <06708> [0x0197a628] => /bin/iked => _fg_avl_traverse at /code/migbase/sysapi/timer/fg_avl_tree.c:46
16031: 2024-08-29 22:55:07 <06708> [0x00fe6dc1] => /bin/iked => ike_alarm_next at /code/daemon/ike/schedule.c:164
16032: 2024-08-29 22:55:07 <06708> [0x00fe728f] => /bin/iked => ike_sched_start at /code/daemon/ike/schedule.c:353
16033: 2024-08-29 22:55:07 <06708> [0x0105b4a5] => /bin/iked => ike_main at /code/daemon/ike/fortios/session.c:1872
16034: 2024-08-29 22:55:07 <06708> [0x0044be0f] => /bin/iked => fortiexecve at /code/sysinit/fortiexec.c:819
16035: 2024-08-29 22:55:07 <06708> [0x004512d8] => /bin/iked => run_initentry at /code/sysinit/init.c:979
16036: 2024-08-29 22:55:07 <06708> [0x00451a06] => /bin/iked => run_initlevel at /code/sysinit/init.c:1166
16037: 2024-08-29 22:55:07 <06708> [0x00454118] => /bin/iked => initd_mainloop at /code/sysinit/init.c:2424
16038: 2024-08-29 22:55:07 <06708> [0x00454be9] => /bin/iked => main at /code/sysinit/init.c:2892
16039: 2024-08-29 22:55:07 <06708> [0x7f32125aedeb] => /usr/lib/x86_64-linux-gnu/libc.so.6
16040: 2024-08-29 22:55:07 (__libc_start_main+0x000000eb) liboffset 00023deb
16041: 2024-08-29 22:55:07 <06708> [0x0044767a] => /bin/iked => _start at /build/glibc/glibc-2.30/csu/../sysdeps/x86_64/start.S:122
16042: 2024-08-29 22:55:07 <06708> fortidev 6.0.1.0005
16043: 2024-08-29 22:55:07 the killed daemon is /bin/iked: status=0xb
16044: 2024-08-29 23:55:07 iked crashed 1 times. The latest crash was at 2024-08-29 22:55:07.

Interesting registers:
R14: 0000000000fe6d50: check_expiration at /code/daemon/ike/schedule.c:146
RIP: 0000000000f7dbc0: ike_ipv4_pool_clear at /code/daemon/ike/ike_ipv4_pool.c:72

This issue has been resolved in v7.2.11, v7.4.8, v7.6.1.

Workaround:
Assign a different local-gateway on the IPsec tunnel.