Hi!
After applying the patch (and removing workaround from strongswan) the AUTH
succeded with PSK ,but iked cannot install SA to the kernel...
Same happened with Cisco ASA too...
Last message:
spi=0x1f0f5d4676a54988: sa_state: cannot switch: AUTH_SUCCESS -> VALID
strongswan side:
ipsec statusall
Connections:
s2s: 192.168.56.16...192.168.56.11 IKEv2
s2s: local: [192.168.56.16] uses pre-shared key authentication
s2s: remote: [192.168.56.11] uses pre-shared key authentication
s2s: child: 192.0.2.128/25 === 192.0.2.0/25 TUNNEL
Security Associations (1 up, 0 connecting):
s2s[1]: ESTABLISHED 7 seconds ago,
192.168.56.16[192.168.56.16]...192.168.56.11[192.168.56.11]
s2s[1]: IKEv2 SPIs: 1f0f5d4676a54988_i c62d5b64d0b293fd_r*,
pre-shared key reauthentication in 56 minutes
s2s[1]: IKE proposal:
AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
s2s{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c59bfb8e_i
9672c90e_o
s2s{1}: AES_CBC_256/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o,
rekeying in 14 minutes
s2s{1}: 192.0.2.128/25 === 192.0.2.0/25
openbsd side:
ipsecctl -vsa
FLOWS:
No flows
SAD:
iked -dvv
set_policy: could not find pubkey for /etc/iked/pubkeys/ipv4/192.168.56.16
ikev2 "strongswan" active esp inet from 192.0.2.0/25 to 192.0.2.128/25
local 192.168.56.11 peer 192.168.56.16 ikesa enc aes-256 prf hmac-sha2-256
auth hmac-sha2-256 group modp2048 childsa enc aes-256 auth hmac-sha2-256
group modp2048 esn,noesn srcid 192.168.56.11 dstid 192.168.56.16 lifetime
10800 bytes 536870912 psk 0x6e65747564646d65676d696c79656e7469746b6f73
/etc/iked.conf: loaded 1 configuration rules
ca_privkey_serialize: type RSA_KEY length 1191
ca_pubkey_serialize: type RSA_KEY length 270
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1191
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
config_getpolicy: received policy
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getmobike: no mobike
config_getfragmentation: no fragmentation
config_getnattport: nattport 4500
ca_reload: local cert type RSA_KEY
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0
ikev2_init_ike_sa: initiating "strongswan"
ikev2_policy2id: srcid IPV4/192.168.56.11 length 8
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x1f0f5d4676a54988 0x0000000000000000
192.168.56.11:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x1f0f5d4676a54988
0x0000000000000000 192.168.56.16:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0x1f0f5d4676a54988 rspi 0x0000000000000000
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length
446 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0
xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length
28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length
28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
spi=0x1f0f5d4676a54988: send IKE_SA_INIT req 0 peer 192.168.56.16:500 local
192.168.56.11:500, 446 bytes
spi=0x1f0f5d4676a54988: sa_state: INIT -> SA_INIT
spi=0x1f0f5d4676a54988: recv IKE_SA_INIT res 0 peer 192.168.56.16:500 local
192.168.56.11:500, 481 bytes, policy 'strongswan'
ikev2_recv: ispi 0x1f0f5d4676a54988 rspi 0xc62d5b64d0b293fd
ikev2_recv: updated SA to peer 192.168.56.16:500 local 192.168.56.11:500
ikev2_pld_parse: header ispi 0x1f0f5d4676a54988 rspi 0xc62d5b64d0b293fd
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length
481 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0
xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length
28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x1f0f5d4676a54988 0xc62d5b64d0b293fd
192.168.56.16:500
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length
28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x1f0f5d4676a54988 0xc62d5b64d0b293fd
192.168.56.11:500
ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length
25
ikev2_pld_certreq: type X509_CERT length 20
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length
16
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_pld_notify: signature hash SHA1 (1)
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type MULTIPLE_AUTH_SUPPORTED
ikev2_policy2id: srcid IPV4/192.168.56.11 length 8
sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0008 auth)
ikev2_sa_negotiate: score 4
sa_stateok: SA_INIT flags 0x0000, require 0x0008 auth
spi=0x1f0f5d4676a54988: ikev2_sa_keys: DHSECRET with 256 bytes
ikev2_sa_keys: SKEYSEED with 32 bytes
spi=0x1f0f5d4676a54988: ikev2_sa_keys: S with 80 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_msg_auth: initiator auth data length 510
sa_stateok: SA_INIT flags 0x0008, require 0x0008 auth
ikev2_next_payload: length 12 nextpayload AUTH
ikev2_next_payload: length 40 nextpayload SA
pfkey_sa_getspi: spi 0x9672c90e
pfkey_sa_init: new spi 0x9672c90e
ikev2_add_proposals: length 48
ikev2_next_payload: length 52 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NONE
ikev2_msg_encrypt: decrypted length 152
ikev2_msg_encrypt: padded length 160
ikev2_msg_encrypt: length 153, padding 7, output length 192
ikev2_next_payload: length 196 nextpayload IDi
ikev2_msg_integr: message length 224
ikev2_msg_integr: integrity checksum length 16
ikev2_pld_parse: header ispi 0x1f0f5d4676a54988 rspi 0xc62d5b64d0b293fd
nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 224
response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 196
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 160
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 160/160 padding 7
ikev2_pld_payloads: decrypted payload IDi nextpayload AUTH critical 0x00
length 12
ikev2_pld_id: id IPV4/192.168.56.11 length 8
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical 0x00
length 40
ikev2_pld_auth: method SHARED_KEY_MIC length 32
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
length 52
ikev2_pld_sa: more 0 reserved 0 length 48 proposal #1 protoid ESP spisize 4
xforms 4 spi 0x9672c90e
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport
65535
ikev2_pld_ts: start 192.0.2.0 end 192.0.2.127
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport
65535
ikev2_pld_ts: start 192.0.2.128 end 192.0.2.255
spi=0x1f0f5d4676a54988: send IKE_AUTH req 1 peer 192.168.56.16:500 local
192.168.56.11:500, 224 bytes
config_free_proposals: free 0x28a781f5380
ca_getreq: no valid local certificate found
ikev2_getimsgdata: imsg 22 rspi 0xc62d5b64d0b293fd ispi 0x1f0f5d4676a54988
initiator 1 sa valid type 0 data length 0
ikev2_dispatch_cert: cert type NONE length 0, ignored
spi=0x1f0f5d4676a54988: recv IKE_AUTH res 1 peer 192.168.56.16:500 local
192.168.56.11:500, 224 bytes, policy 'strongswan'
ikev2_recv: ispi 0x1f0f5d4676a54988 rspi 0xc62d5b64d0b293fd
ikev2_recv: updated SA to peer 192.168.56.16:500 local 192.168.56.11:500
ikev2_pld_parse: header ispi 0x1f0f5d4676a54988 rspi 0xc62d5b64d0b293fd
nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 224
response 1
ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 196
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 160
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 160/160 padding 3
ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00
length 12
ikev2_pld_id: id IPV4/192.168.56.16 length 8
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical 0x00
length 40
ikev2_pld_auth: method SHARED_KEY_MIC length 32
spi=0x1f0f5d4676a54988: sa_state: SA_INIT -> AUTH_REQUEST
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
length 44
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4
xforms 3 spi 0xc59bfb8e
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport
65535
ikev2_pld_ts: start 192.0.2.0 end 192.0.2.127
ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport
65535
ikev2_pld_ts: start 192.0.2.128 end 192.0.2.255
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00
length 12
ikev2_pld_notify: protoid NONE spisize 0 type AUTH_LIFETIME
ikev2_msg_auth: responder auth data length 545
ikev2_msg_authverify: method SHARED_KEY_MIC keylen 32 type NONE
ikev2_msg_authverify: authentication successful
spi=0x1f0f5d4676a54988: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
sa_stateflags: 0x000c -> 0x001c certreq,auth,authvalid (required 0x0031
cert,authvalid,sa)
ikev2_sa_negotiate: score 4
sa_stateflags: 0x001c -> 0x003c certreq,auth,authvalid,sa (required 0x0031
cert,authvalid,sa)
sa_stateok: VALID flags 0x0030, require 0x0031 cert,authvalid,sa
spi=0x1f0f5d4676a54988: sa_state: cannot switch: AUTH_SUCCESS -> VALID
config_free_proposals: free 0x28a96e88300
Tobias Heider <[email protected]> ezt írta (időpont: 2020. jan. 19.,
V, 12:27):
> On Thu, Jan 16, 2020 at 09:55:55AM +0100, csszep wrote:
> > Hi!
> >
> > Some more information:
> >
> > If i add "rightsendcert=never" to the strongswan config, it works with
> PSK.
> >
> > This is good workaround for Strongswan, but the same problem exist with
> > Cisco ASA vs Iked, but in Cisco ASA there is no "knob" for this
> > workaround.
>
> Hi,
>
> i am trying to reproduce your problem but this may take some time.
>
> Looking at your logs I think I may have found one cause for
> your problem. Below is a diff that might help.
>
> diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
> index 842e8da110f..b99fd3888da 100644
> --- a/sbin/iked/ikev2.c
> +++ b/sbin/iked/ikev2.c
> @@ -2873,7 +2873,9 @@ ikev2_handle_certreq(struct iked* env, struct
> iked_message *msg)
>
> while ((cr = SLIST_FIRST(&msg->msg_certreqs))) {
> /* Optional certreq for PSK */
> - if (sa->sa_hdr.sh_initiator)
> + if (sa->sa_hdr.sh_initiator &&
> + (msg->msg_policy->pol_auth.auth_method !=
> + IKEV2_AUTH_SHARED_KEY_MIC))
> sa->sa_stateinit |= IKED_REQ_CERT;
> else
> sa->sa_statevalid |= IKED_REQ_CERT;
>
