On 2022-02-18, fix...@gmail.com <fix...@gmail.com> wrote:
> On Fri, Feb 18, 2022 at 11:43 AM I wrote:
>> I recently started seeing some ipsec clients fail on newer versions of
>> MacOS and iOS. After MacOS 12.1, connecting to my head end now fails
>> with NO_PROPOSAL_CHOSEN using mod1024 in my ipsec.conf. I've also
>> tried, with no success:
>>
>> main auth "hmac-sha2" enc "aes" group modp1024
>> quick auth "hmac-sha2" enc "aes" group modp1024
>
> Doing further research shows things are just not working out.
>
> I added two different configs that should match in /etc/ipsec.conf
>
> ike passive esp transport proto udp from $public_ip to any \
> main auth "hmac-sha2-256" enc "aes-256" group "modp2048" \
> quick auth "hmac-sha2-256" enc "aes-256" group "modp2048" \
> psk "THIS_IS_MY_IPSEC_PASSPHRASE"
>
> ike passive esp transport proto udp from $public_ip to any \
> main auth "hmac-md5" enc "3des" group "modp1024" \
> quick auth "hmac-md5" enc "3des" group "modp1024" \
> psk "THIS_IS_MY_IPSEC_PASSPHRASE"
With isakmpd and ipsec.conf you can't have two proposals for the default
("to any") peer with different PFS groups, you will have to choose one
or the other. As-is the second will overwrite the first config block.
(Use ipsecctl -v to see the commands sent by ipsecctl to isakmpd;
it generates what are basically isakmpd.conf style config blocks and
sends them over the control socket).
There is a chance that by writing your own isakmpd.conf you might be
able to have two main mode (phase 1) proposals with differing groups,
but for quick mode it's a protocol limitation and it's only possible to
send one - and I don't think isakmpd can let you choose what to send in
phase 2 depending on what was used for phase 1. It will still be painful
though.
You will save yourself a lot of trouble if you can move the newer machines
to IKEv2 .. (It would not be possible to run both isakmpd and iked on a
single OpenBSD machine though). Or alternatively wireguard or openvpn
(which _can_ coexist with IKEv1) though IKEv2 generally has a simpler
client config.
> Running a packet capture on the server shows that both of these
> proposals are being sent by the client and should match in isakmpd.
> Alas, they do not.
>
> Here's the pcap -- again, thanks in advance for any assistance.
>
> server# tcpdump -nvvs 16000 -i em0 src host 100.64.10.10 and port 500
> 13:14:50.662540 64:9e:f3:XX:XX:XX 52:54:00:XX:XX:XX 0800 830:
> 100.64.10.10.63823 > 203.0.113.1.500: [udp
> sum ok] isakmp v1.0 exchange ID_PROT
> cookie: 197d16ba79870fd2->0000000000000000 msgid: 00000000 len: 788
> payload: SA len: 516 DOI: 1(IPSEC) situation: IDENTITY_ONLY
> payload: PROPOSAL len: 504 proposal: 1 proto: ISAKMP
> spisz: 0 xforms: 14
> payload: TRANSFORM len: 36
> transform: 1 ID: ISAKMP
> attribute LIFE_TYPE = SECONDS
> attribute LIFE_DURATION = 3600
> attribute ENCRYPTION_ALGORITHM = AES_CBC
> attribute KEY_LENGTH = 256
> attribute AUTHENTICATION_METHOD = PRE_SHARED
> attribute HASH_ALGORITHM = SHA2_256
> attribute GROUP_DESCRIPTION = MODP_2048
> [..]
> payload: TRANSFORM len: 32
> transform: 14 ID: ISAKMP
> attribute LIFE_TYPE = SECONDS
> attribute LIFE_DURATION = 3600
> attribute ENCRYPTION_ALGORITHM = 3DES_CBC
> attribute AUTHENTICATION_METHOD = PRE_SHARED
> attribute HASH_ALGORITHM = MD5
> attribute GROUP_DESCRIPTION = MODP_1024
> [..]
> 13:14:50.667404 52:54:00:XX:XX:XX 64:9e:f3:XX:XX:XX 0800 82:
> 203.0.113.1.500 > 100.64.10.10.63823: [bad udp cksum 1608! -> 2224]
> isakmp v1.0 exchange INFO
> cookie: 3cbfd92c4ea7626d->0000000000000000 msgid: 00000000 len: 40
> payload: NOTIFICATION len: 12
> notification: NO PROPOSAL CHOSEN (ttl 64, id 48652, len 68)
> [..]
>
>
--
Please keep replies on the mailing list.
