On Sun, Nov 26, 2017 at 09:02:46PM +0100, C. L. Martinez wrote: > Hi all, > > I am testing IKEv2 for Android roadwarriors clients ... I have done a very > basic config: > > ikev2 "roadwarriors" passive esp \ > from 0.0.0.0/0 to 172.22.55.0/27 \ > peer any \ > config name-server 172.22.55.1 \ > psk "stargazer" > > Launching "iked -dvv" returns me: > > ikev2_recv: IKE_SA_INIT request from initiator 172.17.35.20:500 to > 172.17.35.9:500 policy 'roadwarriors' id 0, 652 bytes > ikev2_recv: ispi 0xe525d6e2b940fdb1 rspi 0x0000000000000000 > ikev2_policy2id: srcid FQDN/lowlands.lab.uxdom.org length 26 > ikev2_pld_parse: header ispi 0xe525d6e2b940fdb1 rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 652 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 244 > ikev2_pld_sa: more than one proposal specified > ikev2_pld_sa: more 2 reserved 0 length 136 proposal #1 protoid IKE spisize 0 > xforms 15 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id <UNKNOWN:24> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 > ikev2_pld_ke: dh group <UNKNOWN:24> reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0xe525d6e2b940fdb1 0x0000000000000000 > 172.17.35.20:500 > ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP > encapsulation > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0xe525d6e2b940fdb1 0x0000000000000000 > 172.17.35.9:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_pld_notify: signature hash SHA1 (1) > ikev2_pld_notify: signature hash SHA2_256 (2) > ikev2_pld_notify: signature hash SHA2_384 (3) > ikev2_pld_notify: signature hash SHA2_512 (4) > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > sa_state: INIT -> SA_INIT > ikev2_sa_negotiate: score 4 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > ikev2_sa_keys: SKEYSEED with 32 bytes > ikev2_sa_keys: S with 80 bytes > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: T5 with 32 bytes > ikev2_prfplus: T6 with 32 bytes > ikev2_prfplus: T7 with 32 bytes > ikev2_prfplus: Tn with 224 bytes > ikev2_sa_keys: SK_d with 32 bytes > ikev2_sa_keys: SK_ai with 32 bytes > ikev2_sa_keys: SK_ar with 32 bytes > ikev2_sa_keys: SK_ei with 32 bytes > ikev2_sa_keys: SK_er with 32 bytes > ikev2_sa_keys: SK_pi with 32 bytes > ikev2_sa_keys: SK_pr with 32 bytes > ikev2_add_proposals: length 44 > ikev2_next_payload: length 48 nextpayload KE > ikev2_next_payload: length 264 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0xe525d6e2b940fdb1 0xc417a42f151005cb > 172.17.35.9:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0xe525d6e2b940fdb1 0xc417a42f151005cb > 172.17.35.20:500 > ikev2_next_payload: length 28 nextpayload CERTREQ > ikev2_add_certreq: type RSA_KEY length 1 > ikev2_next_payload: length 5 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0xe525d6e2b940fdb1 rspi 0xc417a42f151005cb > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 451 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 > ikev2_pld_ke: dh group MODP_2048 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 5 > ikev2_pld_certreq: type RSA_KEY length 0 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_msg_send: IKE_SA_INIT response from 172.17.35.9:500 to 172.17.35.20:500 > msgid 0, 451 bytes > config_free_proposals: free 0x1ccfc4952580 > > According to this: > > sa_state: INIT -> SA_INIT > ikev2_sa_negotiate: score 4 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > > phase-1 is established, correct? but I am not sure because last message is: > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_msg_send: IKE_SA_INIT response from 172.17.35.9:500 to 172.17.35.20:500 > msgid 0, 451 bytes > config_free_proposals: free 0x1ccfc4952580 > > Android device is a Samsung Galaxy Edge S7 (Adnroid 7.0) and OpenBSD is 6.2 > with all patches ... What ma I doing wrong? > > Thanks. >
Ok, it is seems the prolem is that iked(8) does not know how to perform Diffie-Hellman group negotiation: https://marc.info/?l=openbsd-misc&m=149784529125571&w=2 https://marc.info/?l=openbsd-tech&m=151136800328145&w=2 Am I correct? What is the current status for Tim's fix? -- Greetings, C. L. Martinez