0. Timeline
0.1 Discovery: 2014.04.21
0.2 Vendor response: TPLINK SUPPORT #45142 at 2014.04.21
0.3 Vendor response: Problem is handed over to R&D at 2014.05.05
0.4 Disclosure: 2014.07.01

1. Background
TP-LINK is a global provider of SOHO&SMB networking products and the World's No.1 provider of WLAN products, with products available in over 120 countries to tens of millions customers[1]. TL-R600VPN is TP-Links VPN router product that is known for it's "High-security VPN Capabilities"[2].

2. Problems

2.1 No Random Numbers
Device has /dev/urandom, but it seems that it is not seeded properly. End result is that random numbers needed for IPsec are highly predictable. State of the /dev/urandon is known after power on. In the appendix there is an pictures of Wireshark logs of consecutive power on/off events. TL-R600VPN's IP is 192.0.2.22 and it tries to connect to 192.0.2.11. racoon log is from 192.0.2.11.

3. Affected Firmware and Hardware
1.2.1 Build 130831 Rel.63039n for hardware V1 and V2

4. References
[1] http://www.tp-link.us/about/?categoryid=102
[2] http://www.tp-link.us/products/details/?categoryid=1678&model=TL-R600VPN

5. Credit
Aivar Liimets, Martem[www.martem.ee]

6. Mitigation
Unknown

APPENDIX - Screehshots
Wireshark - ICookie, Nonce, etc

APPENDIX - racoon log at 192.0.2.11
Apr 30 13:50:41 vpn1 daemon.info racoon: INFO: ISAKMP-SA established 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:ea2c3ac00be7b6f0
Apr 30 13:50:41 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:50:42 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:50:42 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=170032748(0xa227e6c)
Apr 30 13:50:42 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=43417853(0x29680fd)
Apr 30 13:51:36 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:51:36 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:51:36 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:51:36 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:51:36 vpn1 daemon.info racoon: INFO: purging spi=43417853.
Apr 30 13:51:36 vpn1 daemon.info racoon: INFO: purging spi=170032748.
Apr 30 13:51:37 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:51:37 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:51:37 vpn1 daemon.info racoon: [192.0.2.22] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
Apr 30 13:52:30 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:52:30 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:52:30 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:52:30 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:52:32 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:52:32 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:52:32 vpn1 daemon.info racoon: [192.0.2.22] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
Apr 30 13:53:26 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:53:26 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:53:26 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:53:26 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:53:28 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:53:28 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:53:28 vpn1 daemon.info racoon: [192.0.2.22] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
Apr 30 13:54:22 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:54:22 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:54:22 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:54:22 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:54:24 vpn1 daemon.info racoon: NOTIFY: the packet is retransmitted by 192.0.2.22[500] (1).
Apr 30 13:54:24 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:54:24 vpn1 daemon.info racoon: [192.0.2.22] ERROR: failed to pre-process ph2 packet (side: 1, status: 1).
Apr 30 13:55:06 vpn1 daemon.info racoon: [192.0.2.22] INFO: DPD: remote (ISAKMP-SA spi=3f36f46827424d6f:ea2c3ac00be7b6f0) seems to be dead.
Apr 30 13:55:06 vpn1 daemon.info racoon: INFO: purging ISAKMP-SA spi=3f36f46827424d6f:ea2c3ac00be7b6f0.
Apr 30 13:55:06 vpn1 daemon.info racoon: INFO: purged ISAKMP-SA spi=3f36f46827424d6f:ea2c3ac00be7b6f0.
Apr 30 13:55:06 vpn1 daemon.info racoon: INFO: ISAKMP-SA deleted 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:ea2c3ac00be7b6f0
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: respond new phase 1 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: begin Identity Protection mode.
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: received Vendor ID: RFC 3947
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Apr 30 13:55:15 vpn1 daemon.info racoon: INFO: received Vendor ID: DPD
Apr 30 13:55:15 vpn1 daemon.info racoon: [192.0.2.22] INFO: Selected NAT-T version: RFC 3947
Apr 30 13:55:16 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:55:16 vpn1 daemon.info racoon: INFO: NAT-D payload #0 verified
Apr 30 13:55:16 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:55:16 vpn1 daemon.info racoon: INFO: NAT-D payload #1 verified
Apr 30 13:55:16 vpn1 daemon.info racoon: INFO: NAT not detected
Apr 30 13:55:16 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:55:16 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:55:16 vpn1 daemon.info racoon: INFO: Adding remote and local NAT-D payloads.
Apr 30 13:55:16 vpn1 daemon.info racoon: INFO: ISAKMP-SA established 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:510d2005afbe0f72
Apr 30 13:55:16 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:55:17 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:55:17 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=203085173(0xc1ad575)
Apr 30 13:55:17 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=43417853(0x29680fd)
Apr 30 13:56:41 vpn1 daemon.info racoon: [192.0.2.22] INFO: DPD: remote (ISAKMP-SA spi=3f36f46827424d6f:510d2005afbe0f72) seems to be dead.
Apr 30 13:56:41 vpn1 daemon.info racoon: INFO: purging ISAKMP-SA spi=3f36f46827424d6f:510d2005afbe0f72.
Apr 30 13:56:41 vpn1 daemon.info racoon: INFO: purged IPsec-SA spi=43417853.
Apr 30 13:56:41 vpn1 daemon.info racoon: INFO: purged IPsec-SA spi=203085173.
Apr 30 13:56:41 vpn1 daemon.info racoon: INFO: purged ISAKMP-SA spi=3f36f46827424d6f:510d2005afbe0f72.
Apr 30 13:56:41 vpn1 daemon.info racoon: INFO: ISAKMP-SA deleted 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:510d2005afbe0f72
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: respond new phase 1 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: begin Identity Protection mode.
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: received Vendor ID: RFC 3947
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: received Vendor ID: DPD
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.22] INFO: Selected NAT-T version: RFC 3947
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: NAT-D payload #0 verified
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: NAT-D payload #1 verified
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: NAT not detected
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: Adding remote and local NAT-D payloads.
Apr 30 13:57:08 vpn1 daemon.info racoon: INFO: ISAKMP-SA established 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:01cae87d44b2b4ad
Apr 30 13:57:08 vpn1 daemon.info racoon: [192.0.2.22] INFO: received INITIAL-CONTACT
Apr 30 13:57:10 vpn1 daemon.info racoon: INFO: respond new phase 2 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:57:10 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=159051829(0x97af035)
Apr 30 13:57:10 vpn1 daemon.info racoon: INFO: IPsec-SA established: ESP/Tunnel 192.0.2.11[500]->192.0.2.22[500] spi=43417853(0x29680fd)
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: purging ISAKMP-SA spi=3f36f46827424d6f:01cae87d44b2b4ad.
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: purged IPsec-SA spi=43417853.
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: purged IPsec-SA spi=159051829.
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: purged ISAKMP-SA spi=3f36f46827424d6f:01cae87d44b2b4ad.
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: ISAKMP-SA deleted 192.0.2.11[500]-192.0.2.22[500] spi:3f36f46827424d6f:01cae87d44b2b4ad
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: respond new phase 1 negotiation: 192.0.2.11[500]<=>192.0.2.22[500]
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: begin Identity Protection mode.
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: received Vendor ID: RFC 3947
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Apr 30 13:58:05 vpn1 daemon.info racoon: INFO: received Vendor ID: DPD
Apr 30 13:58:05 vpn1 daemon.info racoon: [192.0.2.22] INFO: Selected NAT-T version: RFC 3947
Apr 30 13:58:06 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:58:06 vpn1 daemon.info racoon: INFO: NAT-D payload #0 verified
Apr 30 13:58:06 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:58:06 vpn1 daemon.info racoon: INFO: NAT-D payload #1 verified
Apr 30 13:58:06 vpn1 daemon.info racoon: INFO: NAT not detected
Apr 30 13:58:06 vpn1 daemon.info racoon: [192.0.2.22] INFO: Hashing 192.0.2.22[500] with algo #2
Apr 30 13:58:06 vpn1 daemon.info racoon: [192.0.2.11] INFO: Hashing 192.0.2.11[500] with algo #2
Apr 30 13:58:06 vpn1 daemon.info racoon: INFO: Adding remote and local NAT-D payloads.
Apr 30 13:58:06 vpn1 daemon.info racoon: INFO: ISAKMP-SA established 192.0.2.11[500]-192.0.2.22[500] spi:08348b28e942e269:2fedf0eed3bf428b