IKEv2 IPSEC VPN Issue

Hello,

I am using IKEv2 IPSEC VPN. It has been configured earlier and was working well. Since a time, it was not working anymore.
After hours of debugging I found out the the Comodo Firewall causes the problem.

The only way to make it work again was to uncheck the Comodo Internect Security Firewall Driver on the affected NIC.
This behaviour happens even when all the CIS features are disabled (FW, HIPS, etc.) or everything is allowed (app and global rules).

The most strange thing is that the CIS prevents the VPN connection from a Virtual Machine running in VMWare Workstation, using bridged NIC.

I have tried a clean reinstall on my laptop, but got the same result.

I really dont know if its a bug or just missconfiguration.
Anyone else facing this issue?

Config: Windows 7 Enterprise 64bit SP1 + latest updates, latest CIS, admin account, UAC on.

Do you have block fragmented IP traffic enabled under firewall advanced settings? Try disabling that setting to see if that helps, also try adding Windows Operating System to the application firewall rules and set the pre-defined policy of allowed application.

Hi,

block fragmented ip traffic is disabled, and I know that causes problems. Also disabled fragmentation in StrongSwan.
Windows System applications are allowed apps, and the issue persist with completely disabled firewall as well.

On the server side I see that the tunnel is established, on the Win7 client I get error 809.

Earlier versions of CIS was working, but I cannot tell which update brought it, because I did not have to debug for months.

BR,
Mihaly

Hello, I got it. Its a COMODO firewall BUG(feature?).

When the standard MTU is set on the LAN, the VPN connection works with the COMODO Firewall driver enabled.
The IKE Auth messages are fragmented into max 1514 bytes pieces. Everything OK.

When JUMBO frames are enabled on the LAN the outgoing IKE Auth packets are fragmented into 1514 bytes of pieces, but the IKE Auth response is bigger than 1514 bytes (1658) and somehow the client with COMODO Firewall driver enabled, cannot read the answer.

Disabling (unchecking) the COMODO firewall driver for that specific interface, the Client can read the IKE Auth packet larger that 1514 bytes.

It DOES NOT matter if the firewall is enabled or disable in the COMODO UI, and does not depend on any rules and options.

okay this is another issue with jumbo frames https://forums.comodo.com/format-verified-issue-reports-cis/cis-firewall-forces-mtu-to-1500-bytes-killing-jumbo-frames-m665-t99106.0.html

Cool, thanks. I hope will be fixed soon!