[Swan] Bringing up strongSwan+Libreswan transport connection

Sun, 29 Sep 2019 14:28:36 -0700 

Please help me debug my connection problem.

I have:

1. strongSwan with public IP, acting as a server/responder.
2. Libreswan 3.29 behind NAT for a client.

I wish to establish a transport-mode connection between the two.
I use X.509 certificates for auth.

The process seems to proceed well on the strongSwan side.
Strange stuff happens with Libreswan, that's why I chose this list to report to :) 

strongSwan's ipsec.conf config:

config setup
   charondebug="ike 1, knl 1, cfg 0"
   uniqueids=no
include /var/lib/strongswan/ipsec.conf.inc
conn %default
   dpdaction=clear
   dpddelay=35s
   fragmentation=yes
   rekey=no
ike=aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024! esp=aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,aes128-aes256-sha1-sha256,aes128-sha1,3des-sha1! 
   keyexchange=ikev2
conn client-transport
   auto=add
   type=transport
   forceencaps=no
   left=%any
   leftauth=pubkey
   leftid=server.example.com
   leftcert=server.example.com.crt
   leftsendcert=always
   right=xxx.xxx.94.200
   rightauth=pubkey
   rightid="CN=client.example.com"
conn vpn
   <skipped>

Libreswan's config:

conn server
       ike=aes256-sha256
       esp=aes256-sha256
       dpdaction=restart
       dpddelay=35
       dpdtimeout=300
       fragmentation=yes
       rekey=yes
       auto=start
       type=transport
       encapsulation=auto
       ikev2=insist
       left=server.example.com
       [email protected]
       leftrsasigkey=%cert
       right=%defaultroute
       rightcert=client.example.com
       rightid=%fromcert
       rightrsasigkey=%cert
After I start the service (systemctl start ipsec) SAs seem to be well-formed on the strongSwan side and it verifies both certificates: 

$ sudo ip xfrm state
src xxx.xxx.149.202 dst xxx.xxx.94.200
       proto esp spi 0x897dcd9f reqid 1 mode transport
replay-window 0 auth-trunc hmac(sha256) 0x0f3c8733623e0c36514a6da5c3900d0eafe7299592221c64e54728f7bcb9642f 128 enc cbc(aes) 0xc86902e16750e7b66d7298edf1de9c7382e8e5225e05fae3c5bd9a85daebb5fa 
       encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
       anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
sel src xxx.xxx.149.202/32 dst xxx.xxx.94.200/32 src xxx.xxx.94.200 dst xxx.xxx.149.202 
       proto esp spi 0xcbaa7ca4 reqid 1 mode transport
replay-window 32 auth-trunc hmac(sha256) 0x4102de8f68467e88051b1a67d11b0d368646757188356fef35bc10046b03cf1e 128 enc cbc(aes) 0xc0b4a9297acdb33808ef6fe4ae48909cb5e16290c5a6c9db06f3fa6b2f7ca017 
       encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
       anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
       sel src xxx.xxx.94.200/32 dst xxx.xxx.149.202/32


However, Libreswan isn't able to finish the process:

pluto[26303]: "server" #1: initiating v2 parent SA
pluto[26303]: "server": constructed local IKE proposals for server (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 
pluto[26303]: "server" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
pluto[26303]: "server": constructed local ESP/AH proposals for server (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED pluto[26303]: "server" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 
pluto[26303]: "server" #2: loading root certificate cache
pluto[26303]: "server" #2: certificate verified OK: CN=server.example.com
pluto[26303]: "server" #2: IKEv2 mode peer ID is ID_FQDN: '@server.example.com' 
pluto[26303]: "server" #2: Authenticated using RSA
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 0.5 seconds for response pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified == NULL (in decode_certs() at x509.c:696) pluto[26303]: "server" #2: EXPECTATION FAILED: ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at ikev2_parent.c:3684) 
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 1 seconds for response pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified == NULL (in decode_certs() at x509.c:696) pluto[26303]: "server" #2: EXPECTATION FAILED: ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at ikev2_parent.c:3684) 
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 2 seconds for response pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified == NULL (in decode_certs() at x509.c:696) pluto[26303]: "server" #2: EXPECTATION FAILED: ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at ikev2_parent.c:3684) 
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked

Security associations creation is also unfinished:

$ sudo ip xfrm state show
src xxx.xxx.149.202 dst 192.168.1.2
       proto esp spi 0x9d338af9 reqid 16389 mode tunnel
replay-window 0 anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000 
       sel src xxx.xxx.149.202/32 dst 192.168.1.2/32
Since I use Gentoo here on Libreswan side, maybe I miss something in my kernel? 
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to