Re: [strongSwan] rekeying IKEv2 SA
Hi Mike, > ikelifetime=6m > margintime=3m Not ideal as that, depending on rekeyfuzz and the randomization, could result in rekeying getting disabled (see the formula on the ExpiryRekey page). > If I change reauth=yes to reauth=no You definitely have to disable reauth to use rekeying, otherwise the IKE_SA is reauthenticated. > then it gets worse and periodically > Charon sends an empty (no payloads) CREATE_CHILD_SA packet which > the othe IKE naturally rejects as invalid syntax. Check the logs. > I tried to follow > https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey. > But I find it somewhat confusing about what goes where. What did you find confusing? Regards, Tobias
Re: [strongSwan] IKEv1 and identifiers
Hi Emeric, > To sum up, for compatibility reason, as soon as there is something other than > an IP address, we have to activate the > "i_dont_care_about_security_and_use_aggressive_mode_psk" option? The charon daemon, since 5.5.2, does a config lookup based on the IP addresses and then searches for PSKs based on the configured identities, only if that does not yield a secret will the PSK lookup be based on the IPs, see [1]. So you could use identities other than IPs, at least if the configs can be matched properly (e.g. based on the IPs or hostnames there). Otherwise, you will have to use aggressive mode. But before you do that you should rather switch to certificates or even IKEv2. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev1/phase1.c;h=adce59f7ed21b7dccd2b2fb7b39f0163b1e27135;hb=HEAD#l147
Re: [strongSwan] rekeying IKEv2 SA
Hi Mike, > It says "configured DH group CURVE_25519 not supported". But of course it > does > not have this error upon initially establishing the IKEv2 SA and all works > well until > it is time to rekey. Very odd. The code path there is the same initially and during the rekeying. So it either should fail both times, or not at all (at least if it uses curve25519 initially too, which should get rejected by the server with an INVALID_KE_PAYLOAD notify, and modp1024 should then be used). No idea why it suddenly would fail to create such an instance. > Again, the end result is that if I decrypt the packets with Wireshark I see > that > StrongSwan sends an empty (except for padding) CREATE_CHILD_SA > request when it attempts to rekey and I guess that is obviously due to the > error with the DH > group. Yes, the exchange is not aborted (the ike_rekey task currently ignores the result of the ike_init task's build() method). Regards, Tobias
Re: [strongSwan] What the blankety-blank-blank is Win10 doing? (now Android and ECDSA certs)
Hi Karl, > But now, when that certificate is selected, StrongSwan doesn't seem to > want to *find* the certificate, even though it *does* verify as ok > against the CA that issued it, and it's in the "certs" directory. No need to put it there unless you actually reference it explicitly in your config. It seems the certificate received from the client can't be parsed: > Jul 1 15:19:25 NewFS charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi CERT > N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA > TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) > N(MSG_ID_SYN_SUP) ] > Jul 1 15:19:25 NewFS charon: 16[IKE] received cert request for "C=US, > ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA, E=Cuda > Systems LLC CA" > Jul 1 15:19:25 NewFS charon: 16[LIB] building CRED_CERTIFICATE - X509 > failed, tried 3 builders Do you have the openssl plugin enabled and loaded? That's required to use ECDSA with strongSwan. Regards, Tobias
Re: [strongSwan] New Android update option - how to best exploit?
Hi Karl, > What would be the /least /traffic-generating option for its use? In > other words /exactly what either has to be on the client -- or sent from > the server -- for that switch to work?/ The least traffic you get if you import the server certificate into the app and configure `leftsendcert=ifasked` (the default, `never` also works) on the server and then either disable the new option or explicitly select the server certificate as trusted certificate in the profile (that already worked in the older versions of the app). Then no certificate request or certificate will be exchanged at all (unless you use client certs and the server sent a certificate request). If you want to use the CA certificate instead of the server certificate on the client (in that case the server certificate has to be transmitted) either select that CA certificate in the profile (only one certificate request for that particular CA is then sent) or configure `leftsendcert=always` on the server and disable the new option in the profile then you don't have to select the CA cert (you still can to only trust that CA) and no certificate requests will be sent. > Scratch that -- I don't know exactly how I got traffic to route down the > VPN in the past from a tethered client, but it's not doing it now. so > unless I can figure that out again the second part of the query is worthless. As far as I know tethering on Android does not work with VPNs unless you manually (or with an app) change the routing/firewall rules, which only works on rooted devices. Regards, Tobias
Re: [strongSwan] New Android update option - how to best exploit?
Hi Karl, > Except that I can't install the server's certificate into Android's > storage (whether from the base "Security" tab or in the StrongSwan > client); it refuses and says there's no certificate it can import. If you tried the import option in the CA certificate view of the app and it doesn't show up, the mime-type is probably not set correctly (if it is set correctly the strongSwan app should actually show up when trying to open that file e.g. in the Downloads app). If it does show up in the file browser but the import fails, the file might be corrupt. > There's no "trusted" certificate option that I can find either in the > VPN setup on the StrongSwan Android client -- just the selection for > which CA cert to use (either automatic selection or you can pick from > the installed and trusted certificates.) That's the one. After you imported the server cert into the app you can select it as a "CA certificate" (you basically set the certificate to use as trust anchor during authentication). > Going to ECDSA > from an RSA certificate cut the fragments to 2 from 3, but I can't get > it to "1", which would remove the fragmentation problem with connection > setup. Are you talking about IKE or IP fragments? How big is the IKE_AUTH response? > Then of course there's the base Windows VPN > security issues to start with (e.g. the proposals it supports and such > -- or more to the point, the ones it doesn't) which, frankly leave me in > awe that our government appears at first blush to use it for > rather-secure things (or do they?) There is a registry key you can enable so it proposes a slightly better DH group [1]. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
Re: [strongSwan] ip address allocation .. same ip for different machines
Hi Alex, > Everything works except when i connect to SSWan from multiple apple > devices with same .mobielconfig each remote client gets the same ip > address assigned. > > Currently sitting with connection from iOS 10 and macos 10.12 both with > same ip address assigned. > > I'm guessing its to do with the client id being used ? Yes, IPs are assigned based on the remote identity. If an existing lease for an identity is found, which is not currently assigned to a client, it will be reused. Regards, Tobias
Re: [strongSwan] cipher choice causing issue
Hi Jamie, > Server is Ubuntu 17, Client LEDE trunk. Authentication happens, but I think > client and server cannot agree on an algorithm? They do, but the chosen algorithm (probably AES-GCM) apparently is not supported by the client's kernel: > 16[KNL] received netlink error: Function not implemented (89) > 16[KNL] unable to add SAD entry with SPI c09ec43d (FAILED) > 16[KNL] received netlink error: Function not implemented (89) > 16[KNL] unable to add SAD entry with SPI ca9fa951 (FAILED) Either change the kernel or include a supported algorithm in the ESP proposal (e.g. esp=aes256gcm16-aes256-sha256! on the server and esp=aes256-sha256! on the client to use AES in CBC mode). Regards, Tobias
Re: [strongSwan] New Android update option - how to best exploit?
Hi Karl, > BTW is the OCSP check failure due to lack of "curl" support in the > Android client? No, it's because the revocation plugin can't build an OCSP request (only the x509 plugin can do so but on Android we use the openssl plugin to parse certificates so that plugin isnt' enabled). I guess we could just disable OCSP verification in the revocation plugin until that's supported. > In any event the failure there appears to be wrong as the "CN" has to be > set differently to the RSA's CN or the cert won't certify by the CA (due > to being a duplicate); the SAN DNS field IS correct (genesis.denninger.net) > > X509v3 Subject Alternative Name: > email:postmas...@denninger.net, DNS:genesis.denninger.net > X509v3 Extended Key Usage: > TLS Web Server Authentication Have you set a server identity in the VPN profile? Could you send me the cert so I can have a look at it? > I will try it with the RSA certificate: > > Uh, nope. Same problem with the same log entry from the client. Did that work before? Does it work if you select the CA certificate instead of the server certificate in the profile? Regards, Tobias
Re: [strongSwan] New Android update option - how to best exploit?
Hi Karl, > Yes. If the frag-eating monster does not get me BOTH certificates work > (when sent from the server with the switch turned on.) OK, I see what the problem is. If no certificate is exchanged the used certificate does not end up in the remote auth-cfg in a way currently used when trying to check the configured identity (hostname here) against the subjectAlternativeName extension of the certificate (only received certificates are currently considered there). I changed that in the local-cert-san-check branch. As a workaround you could either change the identity the server uses (leftid) to genesis.denninger.net, or set the server identity in the client profile to the one the server actually uses, which is currently the full subject DN of the certificate. Regards, Tobias
Re: [strongSwan] eap_identity=%identity option support using VICI ?
Hi, > My problem is that I don't see how to keep the necessary "eap_identity = > %identity" line in the vici configuration. Set eap_id to %any in the corresponding remote* section. Regards, Tobias
Re: [strongSwan] Test scenario's for Mac OSX app
Hi Nicolas, > My problem is that on the Mac app client I get the error: > > ``` > constraint check failed: identity ’[server ip]' required > ``` I've added this to the FAQs [1]. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#constraint-check-failed-identity-required
Re: [strongSwan] cipher choice causing issue
Hi Jamie, > One other issue - the client is actually a router, and NATed clients behind > it can’t seem to access the internet, although the client itself can. > Any thoughts? What do you mean? Access the Internet via VPN or locally? Perhaps [1] has some pointers for you. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
Re: [strongSwan] Not using libsoup
Hi Nicolas, > And I get the error > > ./configure: line 19934: syntax error near unexpected token `soup,' > ./configure: line 19934: `PKG_CHECK_MODULES(soup, libsoup-2.4)' Sounds like you were missing pkg-config when you called ./autogen.sh. The built configure script should not contain the macro anymore. Regards, Tobias
Re: [strongSwan] Not using libsoup
Hi Nicolas, > Correct, the brew version of pkg-config was insufficient using `sudo port > install pkgconfig` worked The brew version works fine if you also use libraries installed via brew, but you have to heed the console output that brew spits out when it installs libraries (i.e. to use it correctly you have to define several environment variables before or when calling configure, see e.g. [1]). Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=blob;f=scripts/test.sh;h=22e74033e276388545aeafbe7c941ea30fe72de9;hb=HEAD#l106
Re: [strongSwan] Charon-xpc build "success"
Hi Nicolas, > When trying to build charon-xpc for use in the Mac OS X app, I get the > following error > *00[LIB] plugin 'openssl' failed to load: > dlopen(/usr/local/lib/ipsec/plugins/libstrongswan-openssl.so, 130): > Symbol not found: _enumerator_enumerate_default* > *00[LIB] Referenced from: > /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so* So you decided to ignore the README.md file for the macOS app [1]? > Why does Xcode report build successful if it exits with this code and > this error chain occurs? Because these are runtime errors when the plugins are loaded dynamically (which shouldn't be the case if you followed the README). Regards, Tobias [1] https://github.com/strongswan/strongswan/tree/master/src/frontends/osx
Re: [strongSwan] fail using PSK shared key
Hi Marcos, > Config A > ... > leftid=MyPublicIPA > ... > rightid=MyPublicIPB > ... > Config B: > ... > leftid=10.0.1.5 > ... > rightid=MyPublicIPA > ... > Jul 13 15:30:06 vpnserver charon: 05[CFG] looking for peer configs > matching 10.0.1.5[MyPublicIPB]...MyPublicIPA[MyPublicIPA] > Jul 13 15:30:06 vpnserver charon: 05[CFG] no matching peer config found Read these log messages. Compare with your left|rightid configuration above. Notice your mistake. Then adjust the config accordingly and try again. Regards, Tobias
Re: [strongSwan] Traffic selector modification ignored when rekeying SA
Hi, > Is there a way to force TS modification at rekeying time ? No. Regards, Tobias
Re: [strongSwan] "auto = try_again_later" on DNS problems?
Hi Harald, > I tried both "auto = start" You could set charon.retry_initiate_interval, then initiation will be tried again if the DNS resolution failed. > and "auto = route". I pushed a change to the child-sa-rekeying branch that addresses this. Unless %dynamic is used in the remote traffic selector (the default if rightsubnet is not set) no remote address is needed when the trap policy is installed during startup of the daemon. However, later the remote address has obviously to be known to actually establish the SAs (if the remote is not resolvable, the option above could again be enabled, but with trap policies new acquires will be triggered anyway later when traffic matches). Regards, Tobias
Re: [strongSwan] xauth-pam and ip address
Hi Mike, > (The problem) > /var/log/secure > 2017-07-14T18:13:46.537632+00:00 transit-pvd-tunnel-2 charon: > pam_console(ipsec:session): getpwnam failed for 192.168.0.149 > 2017-07-14T18:13:46.537793+00:00 transit-pvd-tunnel-2 charon: > pam_unix(ipsec:session): session closed for user 192.168.0.149 I don't think that's directly related to the error here: > 2017-07-14T18:23:19.681129+00:00 transit-pvd-tunnel-2 charon: 06[IKE] > XAuth pam_authenticate for 'losapio' failed: Authentication failure > 2017-07-14T18:23:19.681588+00:00 transit-pvd-tunnel-2 charon: 06[IKE] > XAuth authentication of 'losapio' failed As the log message says this is logged because pam_authenticate() failed. At that point the user name that's logged is used, together with the received password. So either of these things are incorrect (or your PAM setup). The error above might be logged when the IKE_SA is destroyed with a call to pam_close_session(). As the XAuth user name has never been set (no successful authentication) the previous identity will be used here, which is the client's IP address used during the PSK authentication. Regards, Tobias
Re: [strongSwan] make before break and default activation
Hi Emeric, > To be more specific: > - what happens exactly if it is enabled only on one side? It only has an effect on the peer that initiates the reauthentication. Enabling it on a host that's always responder has no effect at all. > - what happens with other IKEv2 implementations? That's the big question and the reason it is disabled by default (well, actually that old strongSwan version don't support it). It only works if the responder can handle this properly so you have to experiment. strongSwan only does so since 5.3.0 (e.g. in regards to duplicate policies/reqids, virtual IP handling etc.). But only recently (#2373) an issue in the farp plugin was found that also affects responders of make-before-break reauthentications. Regards, Tobias
Re: [strongSwan] Strongswan and TPM
Hi John, > and I conclude from this example, that private key stored in TPM is > loaded to program memory the same way as if it was stored in a file (log > message: "...charon-systemd[21165]: loaded RSA private key from token"). > Am I correct? No, that's only the generic log message that you'll see for any private key loaded by the configuration backend, whether that private key is actually loaded into memory or it's just a reference to a key (as is the case here). Private keys on PKCS#11 tokens or in a TPM can't be accessed directly, so they never end up in memory. Regards, Tobias
Re: [strongSwan] make before break and default activation
>>> - what happens with other IKEv2 implementations? >> >> That's the big question and the reason it is disabled by default (well, >> actually that old strongSwan version don't support it). It only works >> if the responder can handle this properly so you have to experiment. > > Do you mean that strongSwan version <5.3.0 cannot interoperate with > strongSwan version>=5.3.0 if make before break is enabled? Yep (unless you use rekeying and not reauthentication). Regards, Tobias
Re: [strongSwan] make before break and default activation
Hi Emeric, >>> To be more specific: >>> - what happens exactly if it is enabled only on one side? >> >> It only has an effect on the peer that initiates the reauthentication. >> Enabling it on a host that's always responder has no effect at all. > > What happens on strongSwan>=5.3.0 if the peer that has the make-before-break > option set initiates the reauthentication first? I don't understand the question. Regards, Tobias
Re: [strongSwan] make before break and default activation
Hi Emeric, > Two peers try to renegotiate an IKE SA, they both use strongSwan >=5.3.0 > The first peer has the make-before-break authentication enabled > The second peer does not have the make-before-break authentication enabled > > What happens if the first peer initiates first? What's unclear about that? Regards, Tobias
Re: [strongSwan] Accepting cert of unknown source
Hi John, > We would like to have tunnel > established even if responder send us a certificate which is signed by > unknown root ca. Is this possible to achieve that in strongswan? Not without code changes. Regards, Tobias
Re: [strongSwan] Strongswan VPN Profile for Android.
Hi Aanand, > Does the Strongswan client for Mac also have this capability? No, the only overlap between the macOS and the Android client is that they are both using the IKEv2 implementation provided by libcharon. But their GUI, architecture and config interface is completely different. Regards, Tobias
Re: [strongSwan] Data transfer stops
Hi Yuri, > After the connection is successfully established, I begin to send data > using iperf. After about 300 s. data transfer stops. There are next > records in log files: The IKE_SA is deleted by the initiator for some reason. Unclear why from the log, which is also due to several issues with your logs: They are incomplete, there are no timestamps, the log level is too high (1 should be enough, maybe 2 for IKE, CHD and MGR). See [1] for some hints. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Re: [strongSwan] Data transfer stops
Hi Yuri, > I changed logging settings as you suggested. Full logs are in attachments. Thanks. What lifetimes did you configure now? It seems the CHILD_SAs are rekeyed immediately after they got established (i.e. the settings you mentioned in your first email can't be in use here). Anyway, I think I see what the problem is. With the new rekeying code the old inbound IPsec SA will remain in the kernel for a few seconds in order to process delayed packets (the default is 5 seconds, which can be configured via charon.delete_rekeyed_delay). During that time the CHILD_SA object remains in state CHILD_DELETING. However, CHILD_SAs in that state will prevent the IKE_SA from getting reauthenticated ("unable to reauthenticate in CHILD_SA DELETING state, delaying for Xs" is logged). Because with your rekey lifetimes there is always a CHILD_SA in state CHILD_DELETING (actually multiple, as they are rekeyed immediately after establishing) the IKE_SA is never replaced until it finally is destroyed due to the hard lifetime. I'd say with normal rekey timings this shouldn't be a problem (i.e. when there is enough time to retry the reauthentication before the IKE_SA is terminated if such a collision should occur). It's also no issue if you use IKE rekeying (reauth=no) as CHILD_SAs are then migrated. Regards, Tobias
Re: [strongSwan] Data transfer stops
Hi Yuri, > I've used lifetimes from my first mail. That seems unlikely as the last logs show that the two peers rekey the CHILD_SAs immediately after they got established. With lifetime=2m and margintime=20s, and the default rekeyfuzz=100% the rekeyings should happen randomly between 80 and 100 seconds after a CHILD_SA got established (see [1]). Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#ipsecconf-Formula
Re: [strongSwan] Wrong traffic selecting on local side.
Hi Jaehong, > This is the charon.log with debug level 2, when the problem happens. > At the end of selecting ts for us, it picks tcp_udp_4001 instead of > selecting icmp_any. > Is this a bug? Not really. The tcp_udp_4001 connection allows any protocol, so when the peer proposes ICMP that's perfectly acceptable. The port 4001 is interpreted as ICMP type and code in the upper and lower bytes, i.e. 15 and 161, respectively. And this type of narrowing is perfectly fine. Regards, Tobias
Re: [strongSwan] Wrong traffic selecting on local side.
Hi Jaehong, > And if I do udp iperf3 testing on port 4001, from client to server > > Somehow the all the SA is up and TCP control packets flows but not the > UDP data traffic. Why should there be TCP control packets if you do UDP testing? At least iperf doesn't do that. Are you sure you don't use the tool incorrectly? Regards, Tobias
Re: [strongSwan] disable lease time of address pool
Hi Nimo, > How can I set the timeout zero ? or could you please tell me how to > connect Win-C quickly ? Use a larger pool? Use SQL to set a lower timeout? (While the pool tool only allows configuration in hours, the timeout is actually stored in seconds). Regards, Tobias
Re: [strongSwan] is it stongswan or local firewall ?
Hi, > What should I be looking at? Start with reading [1], which also links to [2]. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests [2] https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling
Re: [strongSwan] disable lease time of address pool
Hi, > Is it okay to use one second for timeout ? Sure. While a lease is actively used by a client the timeout has no effect. It is only used to reserve an IP address for a specific identity after it got released, so a client gets the same IP again if it reconnects within that time frame. Regards, Tobias
Re: [strongSwan] executing updown script when IKE is created and deleted
Hi, > Is there anything way to execute external script when IKE is created and > deleted ? The updown script is/was intended to install firewall rules that go with the IPsec SAs so the script is tied to the lifecycle of CHILD_SAs (but is not called when CHILD_SAs are rekeyed as the original information usually doesn't change). For more options, have a look at the events exposed via VICI [1] (look for "Server-issued events" in README.md), or write a custom plugin. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/Vici
Re: [strongSwan] Data transfer stops
Hi Yuri, > I reproduced situation with our normal lifetimes > > ikelifetime=60m > lifetime=20m > margintime=3m Something is just not right on your system(s) regarding the timings. For instance, on the initiator, the CHILD_SA test1{4339} is established: > Fri, 2017-08-18 13:44 15[IKE] CHILD_SA test1{4339} established with > SPIs c0d6fa14_i c76d59f9_o and TS 10.0.0.1/32 192.168.22.0/24 === 10.0.1.1/32 > 192.168.23.0/24 And then the rekeying is triggered pretty much instantly: > Fri, 2017-08-18 13:44 05[KNL] creating rekey job for CHILD_SA > ESP/0xc76d59f9/10.76.7.129 > ... > Fri, 2017-08-18 13:44 10[CHD] CHILD_SA test1{4339} state change: > INSTALLED => REKEYING So it seems something is either not configured properly, or there is a problem with the time functions used here (in the kernel or userland). Maybe an issue with your ancient kernel (2.6.54)? Regards, Tobias
Re: [strongSwan] Traffic selector modification ignored when rekeying SA
Hi, > So as of today, the only way to update traffic selector list for a given > connexion with strongswan is to wait for the next reauthentication, > meaning potential packet drops during the process. If the remote end's config allows it, you can create a new CHILD_SA with new TS and remove the old one. Regard, Tobias
Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185
Hi Karthik, > * I have increased the priory of gmp plugin, but openssl is loaded at > the last. I am thinking whichever is loaded last will override ? It's the other way around: The first implementation registered will be used. Unless it fails to load the key, then the next registered implementation will be considered. The latter could also happen if you load a private key without specific type and don't have the pkcs1 plugin loaded, only the openssl plugin can load such keys directly, the others need the pkcs1 plugin to detect the type (or even to pre-parse the key). > * when both plugins have priority = 1 (load = yes) openssl is loaded > first and then gmp. That's due to the default plugin list (built by the configure script), which is used to order the plugins if they have the same priority. Regards, Tobias
Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185
Hi Karthik, > (/almost/ because rare case of openssl can't verify signature and so gmp > takes over) Actually, it's not the verifying that will fall back to a different implementation, but the parsing of the public key. Once it is successfully parsed by an implementation that implementation will be used to verify signatures for this key. Regards, Tobias
Re: [strongSwan] Data transfer stops
Hi Yuri, > I got very high rekey rate because of low values of lifepackets and > marginpackets parameters. I see, you didn't point that out before. > I changed these parameters to > > lifepackets=65535 > marginpackets=6500 > > and decrease the rekey rate. Not enough, the CHILD_SAs are still constantly rekeyed (just search for "creating rekey job for CHILD_SA..." in the log), preventing the IKE_SA from getting reauthenticated ("unable to reauthenticate...delaying for ..."). Is there a reason you set this limit so low? (When you apparently have that much traffic on these SAs.) Packet counts are not logged when deleting SAs, but transmitted bytes, which are about 2 MiB from responder to initiator and 70-80 MiB from initiator to responder for each rekeyed SA, the latter results in packets around your packet limit. To avoid constant rekeyings you'll have to increase the packet limit, depending on your setup (link speed, MTU, algorithms etc.). Just as an example, let's assume a link with e.g. 100 MiB/s throughput via IPsec and an MTU of 1500 bytes. Let's further assume IPsec in tunnel mode with AES/SHA-256 without UDP-encap (allowing at most 1438 bytes of data to be transported per packet), and that SAs should be used for at least 60s and get rekeyed at least 10s before they expire, so with rekeyfuzz=100% we double that margin and let the SA expire at 80s and rekeying will start between 10-20s before that (see [1] for details): 104857600 / 1438 = 72919 packets/s 72919 * 10 = 729190 (=marginpackets) 72919 * 80 = 5833520 (=lifepackets) That's all very rough but should give you an idea. > I could agree with your argument about wrong timings in my systems, but > how to explain fact that old version of Strongswan (5.3) works normally > with my set-up? I already explained the differences in my second email in this thread. > My kernel is not so ancient - it corresponds version > 3.10 (or something like), 2.6.54 - it is RHEL notation. I see. Regards, Tobias [1] https://wiki.strongswan.org/projects/strongswan/wiki/ExpiryRekey#ipsecconf-Formula
Re: [strongSwan] charon RSA tunnel setup speed hints?
Hi Richards, > Having looked at the code. In backend_manager.c there appears to be a > linear search through the peer table for candidates matching all the > required criteria. > > Are there any alternative search implementations for larger peer sets? No, currently not. Even for gateways handling thousands of tunnels a few of simple road-warrior configs (right=%any etc.) are usually enough, making this lookup very fast. The problem in your case is probably that you have a config for each client with rightcert= because each client has a self-signed certificate. Issuing all these certificates from a common CA would avoid this as only a single connection entry would be required to handle all clients. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] eap_mschapv2
Hi Marco, > Now, I need to use the same configuration for Linux strongswan (5.0) > client but freeradius says: Authentication failure ! > > So, I've changed the eap_mschapv2.c. Now Linux/Strangswan can > autenticate correctly but i'm not sure if the solution is correct. > > what do you think about ? You are right that there is a bug here. The problem was that the client implementation didn't calculate the length properly so that the userid was cut off somewhere in the middle if a domain was configured. This is fixed with [1]. Thanks for the report and sorry for the delay. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=11b514bf ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan+Android+Xauth
Hi Ingmar, > after my Android-VPN to Strongswan worked like a charm, I've upgrade > to strongswan 4.5.2. After that the the Android-Connection stopped > working. Perhaps you figured this out yourself already, but for the record: With 4.5.0 the default value for the keyexchange option in ipsec.conf changed from ikev1 to ikev2. This means that you have to explicitly set keyexchange=ikev1, otherwise your connection will not be known to pluto. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Routing problem (source address change)
Hi Rudolf, > So, questions are: > 1. What is the best practice to get source NAT to work. Let strongSwan handle it. With the charon IKE daemon the routes are automatically installed when an SA is setup and they are also reinstalled (since 5.0.0) when interfaces/addresses reappear. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] cannot respond to IPsec SA request because no connection is known
Hi Ben, > I'm trying to connect from behind a standard PAT style NAT to a > StrongSwan server behind a 1:1 NAT. The config I'm using worked when > I was connecting between two hosts on the local subnet. When I > deployed the new VPN server behind the firewall at our datacenter, it > would no longer work (errors included below). Any idea what I'm doing > wrong? Please try 5.0.0 as the pluto IKEv1 daemon of earlier releases has problems when it is behind a NAT (even 1:1) as responder. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Syslog configuration
Hi Ali, > But now, the question is "can I use other SYSLOG > facilities like local2 in strongswan? Not without changing the code. The facilities are hard coded and only auth (LOG_AUTHPRIV) and daemon (LOG_DAEMON) are currently supported. You could add other facilities at [1], though. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/charon/charon.c#l269 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] makefile
Hello, Your run of ./configure did not finish successfully which means that it did not create any Makefiles: > checking for nm... no > configure: error: Package requirements (NetworkManager gthread-2.0 > libnm-util libnm-glib libnm-glib-vpn) were not met: > > No package 'libnm-glib-vpn' found As mentioned here you need the libnm-glib-vpn package, and since you build from sources you'll also need the header files (provided by the libnm-glib-vpn-dev package). If you don't actually need integration into NetworkManager you can also remove the --enable-nm option when executing ./configure. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] charon RSA tunnel setup speed hints?
Hi Richard, > Is there a EAP or similar mechanism that can be used to offload RSAsig > authentication to a AAA server? If you want to use RSA EAP-TLS might be an option in combination with the EAP-RADIUS plugin on the gateway (see [1] for an example) to offload it to an AAA server. EAP methods that use username/password authentication might also be an option (or a combination of both with EAP-TTLS or EAP-PEAP). It probably depends on what your clients can actually use. > Would one of the DB back-ends be faster? Not at the moment as the SQL query there is too simple (it does not filter by identities, just enumerates all peer configs). There is a TODO in the code there, though, so I'm not sure why it was not yet implemented with a proper WHERE clause. > I'm aiming for 20,000 tunnels and 50 auth per sec (peak) on a gateway. Keeping the config simple in this case would help anyway. And the simplest is certainly to sign all client certificates by a common CA (or intermediate CA). What's the reason you don't want to do this? Regards, Tobias [1] http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tls-radius/ ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongswan with radius
Hi Steve, > Specily with the iPhone he is "looking for XAuthInitPSK config" but then > he shows "no peer config found" in the syslog entries. The configuration you added with > leftauth=pubkey > rightauth=eap-xauth is not correct. What you want to do (if you want to use XAuth/PSK) is this: leftauth=psk rightauth=psk rightauth2=xauth-eap Some clients (e.g. Mac OS X Mountain Lion) can also use hybrid authentication where the client is only authenticated with XAuth and the gateway uses pubkey authentication: leftauth=pubkey rightauth=xauth-eap The iPhone can do that too, but it does not verify the identity of the gateway against the certificate which makes it vulnerable to man-in-the-middle attacks. An alternative is to generate a single key/cert pair and use that for all clients. Then use XAuth/RSA in which case the RSA authentication is only used to verify the gateway's identity (since all clients use the same key/cert pair) while the clients then use XAuth to actually identify themselves: leftauth=pubkey rightauth=pubkey rightauth2=xauth-eap Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How to make strongswan to use loopback interface?
Hi Rudolf, > Is there a way in strongswan configuration to control this > process? No, at the moment the virtual IP address is added to the same interface that has the address that is used for IKE. You could change that, though, in ike_sa.c:set_virtual_ip() (and in child_sa.c where it could get reinstalled) or directly in the kernel_netlink_net implementation of kernel_net_t.add_ip(). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] cannot respond to IPsec SA request because no connection is known
Hi Ben, > I assume I'm still missing some vital config option. Any idea what > that might be? Try adding leftsubnet=0.0.0.0/0 and rightsubnet=0.0.0.0/0. If that doesn't work increasing the loglevel for the cfg log group to 2 (see [1]), which will give you more details about the failure at that point. > This continues until the OS X client (NAT'd behind 209.204.75.80) > gives up. No idea which version of Mac OS X you're using but with newer releases you might want to try bare IPsec (called Cisco IPsec by Apple) instead of L2TP/IPsec. See [2] for more infos. Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration [2] http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongswan VPN client on Android
Hi Nitin, > I want to explore that how this solution is working on a non rooted > device. Can anyone help me understanding how this has been done? It uses the VpnService API [1] that Google introduced with Android 4.0, which allows Apps to create TUN-Devices without having root permission. > Where can I find the source code for this apk or it's unpublished yet? The source code is in our Git repository (src/frontends/android). Regards, Tobias [1] http://developer.android.com/reference/android/net/VpnService.html ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongswan 5 IKEv1
Hi Claude, > Is there a VPN client for Windows XP and Vista (preferably opensource) > that's easier to setup than the native Windows client ? Shrew [1] works reasonably well on these systems and at least parts of it are open source [2] (not the Windows frontend apparently). Regards, Tobias [1] http://www.shrew.net/software [2] http://www.shrew.net/download/ike ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan Cilent for Android ICS
Hi, > I have the following questions: > > Is it permissible to integrate the strongswan client source code with > my application and use it to create a VPN tunnel? The code for the Android App is licensed under the GPLv2 license, as is the rest of the strongSwan project. Therefore, if your own application is also a GPL licensed open source software you are free to use the code. If that is not the case, you must not do that. But we could provide the code for the App under a commercial license, which allows you to use it in commercial, closed source applications, contact us directly if you are interested. What kind of application do you develop? Perhaps an Intent-based invocation of a configured connection in the strongSwan App might also work for your use case (the Intent could perhaps even contain the parameters needed to setup the VPN connection, so no previous configuration would be necessary). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan Cilent for Android ICS
Hi, > I tried intent based mechanism also but that launches the UI of vpn > app. I do not want UI to be launched. Correct, such an interface does not yet exist. But that could be defined and then implemented either by you (and then contributed to us) or by us (e.g. as a sponsored development). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan 5 on Mac Mountain Lion
Hi Claude, > I've tried to install strongswan on my Macbook using the howto on your > homepage : > > http://wiki.strongswan.org/projects/strongswan/wiki/MacOSX > > Strongswan complains about not finding any known IPsec stack. > > Has there something changed with Mac OS ? Do I need to set other > configure options ? No, this message was always logged. But as the last message says it can simply be ignored. It's just starter trying to (crudely) detect the available IPsec stack, which only works with the Linux NETKEY and Klips stacks - there is no code to explicitly detect the FreeBSD or Mac OS X stacks. Therefore, starter complains on these systems but due to the enabled kernel-pfkey and kernel-pfroute plugins it should still work as expected. Just as a reminder, strongSwan as a client currently has some serious limitations on BSD based systems. For instance, there is still no support for virtual IP addresses. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan 4.5.2 sending IKEv2_INFORMATIONAL_REQUEST with wrong flags
Hi Avishek, > After timing out a child SA which was previously created Strongswan > sends CREATE_CHILD_SA rekey request. Then My application sends > CREATE_CHILD_SA Response and in turn Strongswan sends > IKEv2_INFORMATIONAL_EXCHANGE with Flags 0x00 That is initiator and > responderder bit nothing is true. Please help me with this > problem. Why this behaviour is seen. What behavior? The INFORMATIONAL exchange to delete the old SA? The flags? Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan 4.5.2 sending IKEv2_INFORMATIONAL_REQUEST with wrong flags
Hi Avishek, > I am talking about the INFORMATIONAL Delete Request for the old Child SA. > The flags are all Zero i.e 0x00. What's wrong with that? It is clearly a request so the response flag is zero and if strongSwan was the initial responder (i.e. it did *not* initiate the IKE_SA) then the initiator flag must also be zero (you did not write if strongSwan was initiator or not) - this flag could only change when the IKE_SA is rekeyed (not when CHILD_SAs are rekeyed). The version flag is always zero for IKEv2 and the rest of the bits are reserved and zero too. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Problems with xauth and dpd
Hi Harald, > I've problems witch enabling dpd on the client side, while using xauth. I just pushed a fix for this problem [1]. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=bcf8cdd5 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Running dual instances of strongswan
Hi Terry, > I have 2 instances of strongswan running. What exactly is the reason for this? Did you patch one instance to use a different range for its reqids? As these are used to connect policies with SAs in the kernel you will eventually run into problems if you didn't. > After I removed the SA deletion > code from one, the other tunnel remains up. > > I wonder if this is a good workaround. Is there any resources leaked > if starter does not delete SAs when exiting? starter flushes SAs and policies mainly to clean up in case the daemon has crashed (so that a proper restart is possible as especially the policies couldn't be installed otherwise). But there should not be any resource leaks if starter does not do this, the daemon should clean up properly after itself when terminating. > Will it reuse those same SAs when it comes back up? No, that it won't do. The daemon also assumes that it has full control over the kernel, that is, if both instances tried to install the same policies you'd have a conflict that the daemon currently can't resolve. The same applies after it crashed and old policies were still installed in the kernel. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] how to configure both IPv4 and IPv6 DNS addresses together in strongswan.conf of strongswan-5.0.0 with IKEv2
Hi Zhiheng, > If I configured both IPv4 and IPv6 DNS addresses in strongswan.conf on > Moon as attr { dns = 1.2.3.4, 2002:c023:9c17:21c::1234 }, looks like > Carol is assuming that the second DNS it received should also be IPv4 You are right, the code that parses these attributes used the same attribute type for all comma separated values. I pushed a fix for it to our repository [1]. > So my question to the server side is: is this the right way to configure > both IPv4 and IPv6 DNS addresses together in strongswan.conf? Yes, that's the right way and the patch should fix it. As a workaround you could also configure it like this: charon { dns1 = 1.2.3.4 dns2 = 2002:c023:9c17:21c::1234 } > Or more general: does IKEv2 support sending different address types > (IPv4 and IPv6) in the same message for DNS or DHCP? Absolutely. But note that we only just recently added support for requesting multiple virtual IP addresses from a gateway (i.e. an IPv4 and an IPv6 address). These changes will be included in the upcoming 5.0.1 release, until then you are welcome to try the current developer release [2] (I think Andreas will release a new one later today, which should also include this patch). Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=4065e250 [2] http://www.strongswan.org/download.html ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Running dual instances of strongswan
Hi Terry, > What's this req id range issue you mentioned? > Could you elaborate more on this? The reqid is one of the key elements the Linux kernel uses to find a state (IPsec SA) based on an IPsec policy that matched a packet. If two daemons use the same reqids (charon simply starts with 1 and increases this number with each CHILD_SA, if it is not set via ipsec.conf) this could lead to conflicts. Fortunately, the reqid is not the only property the kernel compares, for instance, the source and destination IP addresses are also considered. So I may have exaggerated the issue a bit, as conflicts might only arise in very specific situations. In your case it's no problem, anyway, as only one of the instances actually interacts with the kernel. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] %prompt not working
Hi Claude, Gerald, > No it isn't supported anymore in 5.0 (see yesterday discussion about > credential plugin) That's not entirely true. %prompt is still supported but not during a simple ipsec start. You have to use ipsec rereadsecrets to get the prompt. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] %prompt not working
Hi Claude, > Is there a special reason for this ? It was always like this for the charon daemon, which has no connection to the console when the stroke plugin (which reads the secrets) is initialized during startup. When ipsec rereadsecrets is executed later stroke maintains a connection with the plugin that allows it to log error messages and prompt for passwords and PINs. I think pluto also prompted for PINs during ipsec up, but due to its multi-threaded nature and its different handling of secrets charon currently can't do this. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] deleting IKE_SA: what's the reason?
Hi Diego, > deleting IKE_SA CONN_NAME[10] between > x.x.x.x[vpn1.example.com]...x.x.x.x[vpn2.example.com] > > I wrote an script that controls the status of the tunnel using "ipsec > status". For some reason, some conns are dropped randomly. I have DPD > enabled but I don't see the message "giving up..." and I don't see the > message "received stroke..." about the connection lost and I don't see > the rekeying messages. > > Is there an aditional way to discover why Charon is deleting IKE SAs? You are probably using reauth=yes (which is the default). So instead of rekeying the IKE_SA the daemon will first delete the current instance (hence the "deleting IKE_SA..." message) and then setup a new IKE_SA from scratch. Try reauth=no to get regular IKE_SA rekeyings. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Running dual instances of strongswan
Hi Terry, > What's the best way > to turn off linux IPsec while still running strongswan? Is there a > switch somewhere,or maybe > just not adding SAs to the kernel? We still need the policies because > routing decisions still depend on them. There is an ipsec.conf option (installpolicy) to disable the installation of IPsec policies (used with MIPv6), but there is currently no option that prevents the installation of IPsec SAs. Of course, you could write your own kernel interface plugin (an implementation of the kernel_ipsec_t interface) which would handle the installation of SAs and policies just the way you require it. Have a look at the existing kernel plugins in libhydra. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Running dual instances of strongswan
Hi Terry, > It's good to know that there is the installpolicy option. Even though > I cannot use it, I can probably check > out how it is implemented. You could, but that is one of these options that requires changes all over the place (as it is connection specific). Might be easier to add an option in strongswan.conf, similar to charon.install_routes. > 1) Is my assumption correct? Do I need the policies to control > routing? I am talking about where > there are multiple subnets values in the left|rightsubnet parameters > so that packets can be routed > thru the tunnel. Not really. The kernel will first do a routing lookup for the outgoing packet, then (after possibly modifying the source address) check if it finds an IPsec policy matching the packet. If it does not, the packet is just sent out, if it does, it tries to find an IPsec SA for that policy. If one is found the packet is handled by that SA (or SA bundle) and then again sent back through the outbound processing stack, including a check if the packet has to be routed differently (which is probably the case when tunnel mode is used). If no SA is found the kernel will send an acquire to the keying daemon (in your case both instances will receive this event, but only handle it if the reqid of the policy is known and can be associated with a trap policy) which is expected to negotiate and install an SA. Until an SA is installed or the acquire times out the packet is on hold. After the timeout the next packet matching the policy will again cause an acquire being generated. Basically, you really only need policies if you also use the SA functionality of the kernel. I guess this also answers some of the other questions you had. Whether you need a separate kernel interface plugin depends on how your crypto hardware works, how you communicate with it from the daemon and how it interacts with the kernel. We might help you with this if you are interested. Just as a reminder (also for other readers of this mailing list), plugins generally fall under the GPL [1], as do, of course, other code changes. To avoid any GPL violations you might be interested in the commercial licensing we provide (if so, please contact us directly). Regards, Tobias [1] http://www.gnu.org/licenses/gpl-faq.html#GPLAndPlugins ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Prompting for Credentials with strongswan 5
Hi Gerald, Martin, >> What I would like to have, is that the user gets ask for username _and_ >> password (maybe with some default username already filled in). Is it >> possible to supply the username via the credential manager or can it >> only be changed in the config, so I have to do it upfront? > > Usually the different identities are part of the configuration. When you > use configurations from ipsec.conf, you currently can't change them > dynamically. That's not entirely true. There is a (slightly hackish) feature of stroke that allows you to set username and password for configs that are configured for EAP or XAuth (only with [1] or the upcoming 5.0.1) authentication (e.g. with leftauth=eap): ipsec stroke user-creds [] If the password is not given on the command line the user is prompted for it. The username is not optional, so you'd have to prompt the user yourself to get that (and since it uses the stroke socket, root permission is required to execute this command). And it only works if executed before the connection is started with ipsec up . Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8c19323c ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How do dump additional data during IKEv2 AUTH verification
Hi Dennis, > in charon.log i see the following: > 11[IKE] octets = message + nonce + prf(Sk_px, IDx') => 413 bytes @ > 0xaf004190 > > Is there any way for me to have strongswan dump or for me to otherwise > access the entire 413 bytes generated by strongswan here for the AUTH > signature validation? You mean you don't see output like this after the line you quoted above? 20[IKE] octets = message + nonce + prf(Sk_px, IDx') => 537 bytes @ 0x1837290 20[IKE]0: 52 01 94 08 A5 7A F6 05 47 02 DC 30 AD D3 8C 98 Rz..G..0 20[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 E5 22 00 00 30 ! " "..0 20[IKE] 32: 00 00 00 2C 01 01 00 04 03 00 00 0C 01 00 00 0C ..., Which strongSwan version do you use? On what platform do you run it? How did you configure the logging in strongswan.conf or ipsec.conf (also see [1])? Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How do dump additional data during IKEv2 AUTH verification
Hi Dennis, > Correct, i do not see the output as you show below the line I > presented. > > I'm running with strongswan 5.0.0. Ah yes, there was a bug in 5.0.0 where multi-line log messages would only get logged completely in the first registered logger. In your case with the following in strongswan.conf > filelog { > /var/log/charon.log { > ... > default = 4 > } > > stderr { > ... > ike = 4 > ... > } > } only one of these would log the complete message whereas the other only logs the first line. As a workaround, you could comment out one of these (or reduce the log level below 3 for one). Alternatively, you could either use the current developer release for 5.0.1 [1], or apply the patch at [2]. Regards, Tobias [1] http://www.strongswan.org/download.html [2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=d19f0ae3 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android VPN Client - Constraint check failed: identity required
Hi Mark, > I am trying to use the strongSwan VPN client to connect to my strongSwan > gateway and the connection fails with "constraint check failed: identity > "ip address of my gateway" required. then it says the selected pair > config is inapplicable. > > What could be causing this? The configured hostname (in your case the IP address) has to be contained as subjectAltName in the gateway's certificate. That's to prevent man-in-the-middle attacks. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Multiple connections - parameters from first conn are used?
Hi Mark, > Sometimes when a connection comes up and it is the > second connection in the ipsec.conf file, strongSwan tries to use > parameters from the first connection listed. For example if i define > the ike and esp algorithms in the second connection listed, it would > always use the ike and esp parameters listed in my first connection. The problem is that when a client connects the gateway has basically just the IP addresses available to find a matching config. So if you have more than one connection with right=%any, the ike parameters of the first one will be used. Later, the connection could be switched to an other config based on the IKE identities (left|rightid) so esp parameters could vary between such connections. > Also i think when it tries to match a config to a certificate id, if each > connection has similar parameters, it will use the first connection > it finds going from top-to-bottom. Is this normal behavior? Yes, the daemon checks each config from top-to-bottom and applies a score as to how good a match the config is based on the IP addresses and identities. If no better match is found the first config will be used. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Multiple connections - parameters from first conn are used?
Hi Mark, > This is bad news. I am trying to setup my strongSwan gateway to have > multiple connections. Some connections will be for site-to-site > configs and others will be for my mobile roadwarrior clients. > ... > Are there any tips or tricks I could use? One thing you could do is to configure the hostname or IP address of the other peer with right= for the site-to-site configs, then list the roadwarrrior config last in ipsec.conf. Also, the selected config can be switched later based on the identity of the other peer, so for site-to-site configs you can configure rightid= to force a specific config for a peer. And since the default IKE proposal includes all supported algorithms the roadwarrior config should also work for site-to-site tunnels during the first phase if you don't configure ike= and it allows the other peer to force a specific proposal by adding a ! at the end of its ike= line (e.g. ike=aes128-sha256-ecp256!). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android VPN Client - Constraint check failed: identity required
Hi Mark, > Is this set for the android client only because I have never set the > subjectAltname field for any of my certificates before, I only have > this problem with the android client. No that's also the case for other configs. But with ipsec.conf the value for rightid can explicitly be configured, and if not, it defaults to the DN of the certificate, if rightcert is configured, or to the value configured with right (i.e. to %any if right is not configured). rightid=%any is very risky for initiators as it allows any peer with a valid certificate to act as gateway, therefore, the Android app uses the configured hostname as expected rightid. If the other peer uses a different identity (e.g. the DN of the certificate, which is the default if leftcert is configured but leftid is not) the app also tries to verify this identity against all subjectAltNames contained in the certificate. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android client problems - possible bugs found
Hi Mark, > Now I have noticed some strange behavior. When i go to a website it > takes a very long time to even start loading. I setup Wireshark for my > gateway and noticed that my client sends many DNS requests for the site, > these are multiple IPv6() requests, sometimes 5-10 before the site > starts to load. I think this is the problem. Now I am not sure if this > is a problem with my phone and Verizon network or something wrong with > the strongSwan android client, any ideas? Not really. Are all queries for the same name? Do you see the response before the client sends another query? Perhaps the resolver has a very low timeout, or it is really the browser that does DNS prefetching or something. > Also, is there a way to have the client auto connect when a network > connection is present. Is that possible with any android vpn client? No currently not. On the todo list are support for roaming (e.g. from 3G to Wifi) and also a reconnect feature (e.g. if the connectivity is gone for a longer period). Not sure if an auto-connect feature is possible. Implementing auto-connect is harder as the app has to be started at least once (perhaps a widget could help here, which is another item on the todo list). Also, Android will show that confirmation dialog to allow the app to setup the VPN initially. > Also a strange thing is that it sends to the gateway requests for every > CA cert stored on the Android phone. My Galaxy S3 comes with about 120 > trusted CA certs and during the IKE it sends requests to the gateway for > each one. On my gateway log file it reads "received 119 cert requests > for an unkown CA" after that it uses the correct one. Is that some kind > of bug with the android client? That's the normal behavior if "Select automatically" is enabled under "CA certificate" for the VPN profile. As the app does not known which CA signed the gateway's certificate it loads all available CA certificates and also sends a certificate request for them. To avoid this you can disable that option and select the proper CA certificate manually. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Some weird thing
Hi Ali, > Is there anybody else who has this problem? What is the best way to > bring down a tunnel? I'm using kernel 2.6.34.1 and strongswan 5.0.0. I think that's an issue that was fixed shortly after the 5.0.0 release, see [1] for a patch. With the upcoming 5.0.1 release it's lucky that it took so long until someone reported it in the wild. Please try the release candidate at [2] which includes the fix and a bunch of other improvements. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=c9355ea4 [2] http://www.strongswan.org/download.html ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android client problems - possible bugs found
Hi Mark, > I was reading that you can send a DNS server to use with the attr > plugin. Would the android client be able to use that DNS attribute > and override the one set on the phone? Yes, absolutely. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Issue found in strongswan-5.0.1rc1
Hi Robert, > Looks like the error is being introduced in the 5.0.1rc1 code on the > client part. Or, is 5.0.1rc1 correcting 5.0.0? The error in releases before 5.0.1 was fixed with [1] (two commits after the 5.0.0 release). Earlier releases incorrectly used /0 for 0.0.0.0 despite what was actually configured as mask in ipsec.conf. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=997fdd1f0 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android client supported Cipher Suites? trouble getting aes256 to work
Hi Andreas, > in fact, very strange collection of cipher suites the > strongSwan Android client is proposing: > > received proposals: ESP: > AES_CBC_128/AES_CBC_192/AES_CBC_256/ > 3DES_CBC/BLOWFISH_CBC_256/ > HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/ > NO_EXT_SEQ > > I'm not aware that libipsec would support blowfish_cbc, 3des_cbc, > aes_xcbc, and hmac_md5_96 and sha256_128,sha384_192 and sha512_256 > are prominently missing. Tobias could you check that? That's just charon's default ESP proposal (see proposal.c). Because charon currently doesn't know which algorithms the IPsec stack actually supports this is static (unlike the dynamically constructed default IKE proposal). With kernel-pfkey we could theoretically query the kernel for its supported algorithms, libipsec would obviously support it too but kernel-netlink has no interface to do so. But I suppose we could construct a custom proposal for the Android app with the knowledge of what libipsec actually supports (which currently is AES + SHA1/SHA2). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] 5.0.1rc1 and FreeBSD
Hi David, > The first was some simple compile errors which I think I fixed in the > attached patch. Thanks, applied to master. > On startup I get the following messages: > > 00[DMN] Starting IKE charon daemon (strongSwan 5.0.1rc1, FreeBSD > 9.0-RELEASE-p4, amd64) > 00[KNL] unable to set UDP_ENCAP: Invalid argument > 00[NET] enabling UDP decapsulation failed This happens when the NAT-T IPv6 socket is opened and the daemon tries to enable UDP en-/decapsulation for that port. Linux supports this for IPv6, FreeBSD apparently not. The patch at [1] improves the error message if this fails. As long as it works for IPv4 (requires the kernel to be built with the IPSEC_NAT_T option) this should be fine. > 03[NET] received packet: from 192.168.1.201[500] to 192.168.1.1[500] > 03[KNL] 192.168.1.1 is not a local address or the interface is down > 03[NET] received packet from 192.168.1.201[500] to 192.168.1.1[500] on > ignored interface This is caused by a new check for inbound packets which together with the new options charon.interfaces_ignore and charon.interfaces_use allow one to ignore specific interfaces. Unfortunately, the map used for this check in kernel-pfroute was not properly initialized, see [2] for a patch. Actually, the patch at [3] avoids the check altogether if the above options are not used. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=45178362 [2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=9845391a [3] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2e2feffb ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Replay window weirdness with charon
Hi Guru, > My primary goal is to disable the replay protection. In > strongswan.conf, if I set the "replay_window = 0" (or any value <= > 32), I see the replay window to be stuck at 32 (when seen with setkey > -D). You couldn't configure the replay window to be below the default of 32 via strongswan.conf until now (see the patch at [1] for a fix). > But, if I set the replay_window with any value >= 32, I see the > replay window size as 0. That's a limitation of setkey and iproute2 (ip xfrm state), both these commands are not able to read the newer attributes used to configure replay windows larger than 32, which is the largest window supported by the legacy replay protection code in the kernel. They simply print the attribute used to configure that legacy replay window, which has to be zero if the new attributes are used. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a79af394 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] 5.0.1rc1 and FreeBSD
Hi Zhiheng, > I am also seeing this UDP_ENCAP error in 5.0.1rc1 on my Red Hat Enterprise > Linux 5.6 machine. > I did not see it in the 5.0.0 release, so looks like this error is new in 5.0.1 and is happening not only on the FreeBSD: > Sep 27 11:44:53 sit-iwf charon: 00[DMN] Starting IKE charon daemon > (strongSwan 5.0.1rc1, Linux 2.6.18-238.el5, x86_64) > Sep 27 11:44:53 sit-iwf charon: 00[KNL] unable to set UDP_ENCAP: Protocol not > available > Sep 27 11:44:53 sit-iwf charon: 00[NET] enabling UDP decapsulation failed Yes, absolutely. Older Linux kernel did not support UDP en-/decap for IPv6 either, so you will see that error there too. But as mentioned already it is not really a problem if you don't need that feature for IPv6 (which older strongSwan releases did not support anyway, they just didn't produce an error). It's simply that 5.0.1 will now try to enable it for both address families and that will fail if not supported by the kernel, but with the mentioned patch you should get a nicer error message that lists the address family and the port, which should help you decide if you can ignore it or not. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] incorrect notification data for critical invalid payload type
Hi Gowri, > Here, this payload is of 9 bytes as payload length also mentions > correctly. But, my doubt is on notification data which is 2D. > It is always 2D even if I set notification data on sending node (say 01). This value has nothing to do with the notification data, but with the payload type of the unsupported payload. In your case it should be 01, as can be seen here: > Sep 28 07:08:16 16[ENC] parsing (1) payload, 178 bytes left When starting to parse the unknown payload the type is just printed as number. So you are right the value (2D) is incorrect. The attached patch and [1] should fix this issue for 4.6.4 and 5.0.x, respectively. The problem was that the UNSUPPORTED_CRITICAL_PAYLOAD notify would always contain the payload type of the last payload in the message (in your case TSr) instead of the actually unsupported critical payload. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=48651d8d diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 07d1938..2e24571 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1237,6 +1237,7 @@ METHOD(ike_sa_t, process_message, status_t, DBG1(DBG_ENC, "payload type %N is not supported, " "but its critical!", payload_type_names, type); status = NOT_SUPPORTED; +break; } } enumerator->destroy(enumerator); ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongSwan 5.0.0 on OpenWrt: duplicate IKE SA and failed MOBIKE
Hi Mirko, > * Charon on OpenWrt was unable to perform the MOBIKE address update; > eventually the IKE SA was destroyed and reestablished. This issue has already been reported [1]. In your case the ongoing (but, due to unusable addresses, unsuccessful) DPD exchange blocks the MOBIKE task. Once the DPD exchange fails (after 5 retransmits) charon destroys the SA and tries to reestablish it. > * Both peers initiated an IKE SA and CHILD SAs based on these. > Why wasn't one of them deleted as a duplicate? > This issue showed up in about 50% of my experiments. If both peers initiate the same IKE_SA within a small time frame the duplicate can't be detected. Essentially, whenever the daemon processes and builds the IKE_AUTH response for the respective SAs concurrently. Regards, Tobias [1] http://wiki.strongswan.org/issues/193 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
Hi, > Oct 1 14:42:26 localhost charon: 13[ENC] parsed IKE_AUTH request 1 [ > IDi CERT CERTREQ AUTH SA TSi TSr ] > ... > Oct 1 14:42:26 localhost charon: 13[CFG] looking for peer configs > matching 35.0.0.2[%any]...35.0.0.1[] Your client seemed have sent an empty IDi payload (seen as [] above), which will not match with the config where you configured > conn site-site > ... > rightid="C=CH, O=strongswan, CN=iss" > ... What did you configure on the client? Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Qn - Strongswan IKEv2 + Transport mode + NAT
Hi Anoop, > I would like to know, is it done purpose fully, or am I doing something > wrong with the configuration? Yes, this is done on purpose. If a NAT is detected, strongSwan as client will not propose transport mode, but switch to tunnel mode instead. Likewise, strongSwan as gateway, will not accept transport mode if a NAT is detected. > Or is it like TRANSPORT Mode + NAT is not supported by IKEv2? No, it is supported, but besides security concerns (see section 5.2. in RFC 3948 [1]) and the fact that RFC 4306 did not specify how exactly it is negotiated (RFC 5996 added a detailed description of the expected behavior in section 2.23.1 [2]) there is no real use case to negotiate IPsec transport mode over a NAT with IKEv2 (whereas in times of IKEv1 it was often used in combination with L2TP). Regards, Tobias [1] http://tools.ietf.org/html/rfc3948#section-5.2 [2] http://tools.ietf.org/html/rfc5996#section-2.23.1 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How to use Strongswan 5.0.1 & Smartcard correctly?
Hi Gerald, > Do I understand right: > > 1 the certificate is selected using the first certificate that has a matching > subject compared to leftid > 2 the fingerprint of the associated public key is computed > 3 from any private key, you compute the public key and compute the > fingerprint of that public key > 4 These fingerprints from 3 are compared the fingerprint from 2 and the > matching one is selected Actually, step 3 does not happen exactly like this. When the private key is loaded (not actually the key of course as that is safely stored on the token) a public key with the same CKA_ID is searched, if none is found the private key will be destroyed, hence you should see that in the log when the secrets are loaded. There is actually a TODO in the code in regards to extracting the public key from a certificate if no public key is found [1]. Also, I think it wouldn't be that hard to introduce the ability to load a specific certificate via left|rightcert (and cacert in ca sections) similar to pluto (but with the same syntax used now in ipsec.secrets) plus an option to disable the automatic loading of certificates (which could be problematic anyway, e.g. if lots of certificates are stored on the token and, thus, starting charon will take a long time, in which case starter might kill it). Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c#l889 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Allowing only one session per client certificate
Hi, > I initially imagined the participant ID was the combined "C", "O" and > "CN" fields on the client certificate. However, that doesn't seem to > be the case.So I'm gathering participant ID then defined as "ios" > in this case? i.e. what I reerred to as the "traffic selector" above? No, if XAuth (IKEv1) or EAP (IKEv2) is used the username (or EAP-Identity) must be unique as that will be used for uniqueness checks. The IKE identity (certificate DN in your case) will be ignored. > Is there a configuration setting I can do to "clobber" (kick off) any > existing sessions from the same client certificate (based on CN). I > thought that might be "uniqueids" but based on the above it seems not. Yes, uniqueids is the right option but you will have to use different XAuth credentials for each client. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Allowing only one session per client certificate
Hi, >>> Is there a configuration setting I can do to "clobber" (kick off) any >>> existing sessions from the same client certificate (based on CN). I >>> thought that might be "uniqueids" but based on the above it seems not. >> >> Yes, uniqueids is the right option but you will have to use different >> XAuth credentials for each client. > > If I were to use rsasig rather than xauthrsasig then does the "DN" of > the client certificate become the key for uniqueness checks? Yes. > I'm wondering if IOS devices will allow rsasig over xauthrsasig. As far as I know, they don't. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Allowing only one session per client certificate
Hi, >>> I'm wondering if IOS devices will allow rsasig over xauthrsasig. >> >> As far as I know, they don't. > > That being the case ... if I wanted to still use xauthrsasig would it > be feasible for me to patch strongswan (5.0.1) to use the "DN" of the > client cert as the uniqueness check without much effort? Can you give > any pointers to accomplish this? You may revert commit 0fbfcf2a [1] to use the IKE identities in uniqueness checks. But will your clients really all use the same XAuth credentials? Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0fbfcf2a ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan Cilent for Android ICS
Hi, > We are trying to add routes on *tun0 *interface using addRoute() Api of > CharonVpnService Builder Adapter (Using Java code). > ... > When we call addRoute api before establishing the tunnel the routes are > getting added. But After establishing the tunnel the routes are not > getting added. You can't. The VpnService.Builder class (or the adapter in CharonVpnService) is just that, a builder. Once the TUN device has been created (by calling establish()) calls to any of the add... methods are ignore (the adapter internally creates a new instance of the Builder class so there the routes are stored for the next call to establish()). > Could you please suggest us the way to add route on tun0 interface after > the tunnel has established. You would have to store all the information added to the previous Builder object and then create a new TUN device when you added your routes. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Problem in android (xauth+psk) and iphone (Cisco Ipsec) with storonswan
Hi Hamid, > Oct 27 09:25:06 4 charon: 16[ENC] generating INFORMATIONAL_V1 request > 2434938569 [ N(INVAL_KE) ] There are several possible reasons why charon would respond with an INVALID_KEY_INFORMATION notify, but for most the actual reason is logged. There seems to be one scenario where this is not the case and that is if no PSK is found during IKEv1 Main Mode. The line > moon.strongswan.org %any : PSK "test123456" in your ipsec.secrets file won't match as charon does not resolve FQDNs in ipsec.secrets and moon.strongswan.org is not used as identity by your gateway. Just use > : PSK "test123456" instead. That there is no explicit log message is incorrect and should be fixed with [1]. Regards, Tobias [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=f30962de ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [Strongswan] Debugging IKEv2 messages in Strongswan
Hi, >Is there anyway to dump Session keys used for encryption and > authentication for IKEv2 messages in Debug > logs? > > I tried charondebug=all, but I could not able to find the sessions keys > in debug logs . Please have a look at [1] (there is no such thing as charondebug=all). The keys are dumped in the 'ike' log group with log level 4. Regards, Tobias [1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Android 4.2 always on VPN
Hi Mark, > Can you please look into implementing the new always on VPN feature > of Android 4.2 for the strongSwan Android client? There is not much documentation (yet) about this feature and the SDK for 4.2 is also not available yet. But what I got from news sources is that this is a system setting, that is, it might just work out of the box. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
Hi, > "strongswan(client) - Netgear(server)" I suppose you meant "strongswan(server) - Netgear(client)" because... > But according to RFC 4306, IDr payload is optional (Please use RFC 5996 for future reference) ...the IDr payload *is* optional, but only in the IKE_AUTH *request*. See page 11 of RFC 5996 for a description of the response. It starts with: "The responder asserts its identity with the IDr payload, optionally sends one or more certificates..." So, assuming you meant that the Netgear is the client and referring to your earlier logs > 13[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH SA TSi TSr ] > ... > 13[CFG] looking for peer configs matching 35.0.0.2[%any]...35.0.0.1[] the problem is that the IDi is empty ([]) the non-existence of IDr is reflected as [%any]. Since you've configured > rightid="C=CH, O=strongswan, CN=iss" there won't be a match as the empty IDi does not match that CN. So make sure you configure that CN as local ID on the Netgear device. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
> It's sending a valid IDi payload with > proper identification data and I attached IKEv2 packet dumps (strongswan > -Netgear) for your reference. The IKE_AUTH message is encrypted, please provide the encryption and authentication keys. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
Hi, Thanks for the keys. > It's sending a valid IDi payload with > proper identification data. It isn't. The encoding of the IDi payload looks like this: 25 00 00 22 09 00 00 00 43 3d 43 48 2c 20 4f 3d %.."C=CH, O= 0010 73 74 72 6f 6e 67 73 77 61 6e 2c 20 43 4e 3d 69 strongswan, CN=i 0020 73 73ss The type of the payload is ID_DER_ASN1_DN (0x09) but the encoding that follows starting with 0x43 is not a DER encoded ASN.1 DN but simply an ASCII string. The DN "C=CH, O=strongswan, CN=iss" in proper encoding would look like this: 0: 30 30 31 0B 30 09 06 03 55 04 06 13 02 43 48 31 001.0...UCH1 16: 13 30 11 06 03 55 04 0A 13 0A 73 74 72 6F 6E 67 .0...Ustrong 32: 73 77 61 6E 31 0C 30 0A 06 03 55 04 03 13 03 69 swan1.0...Ui 48: 73 73ss Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ipsec whack options
Hi Stanislav, > Is it an undocumented feature or maybe it will be removed after > sometime? Whack has been removed entirely with strongSwan 5.0.x. Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongSwan VPN Client - Unsupported devices
Hi, > Is there a list of known devices available on which this solution does > not work? Unfortunately, there isn't. But since we released the app we had only one error report due to this (from a Sony Ericsson Xperia Pro MK16i). Regards, Tobias ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users