Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly
On Mon, Nov 12, 2018 at 01:50:57PM +0100, Jean-Samuel Reynaud wrote: > In conclusion, for me it's look like a feature missing in racoon... A > discusion was about this on racoon ML: > > https://sourceforge.net/p/ipsec-tools/mailman/message/34146970/ Thanks. The best course of action from here is to try to get the attention of the upstream maintainers and see if we can get any traction on it. I can follow up on the mailing list when I have time, but feel free to post something sooner if you're so inclined. noah signature.asc Description: PGP signature
Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly
Hi I found a problem similar to this one. I think I understand this issue: There is a draft for hmac sha256 use on IPSEC: https://tools.ietf.org/html/draft-ietf-ipsec-ciph-sha-256-00 On this version (V 00) the truncation is 96 bits On next version (V 01) the truncation shift to 128 bits And on the RFC (https://tools.ietf.org/html/rfc4868) 128 bits were confirmed. So 96 bits version are not supposed to be used. Anyway, racoon (V 0.8.2) use 96 bits version by default (I don't find a way to for it at 128...) This is why, by changing the algo in the configuration it's work... In conclusion, for me it's look like a feature missing in racoon... A discusion was about this on racoon ML: https://sourceforge.net/p/ipsec-tools/mailman/message/34146970/
Bug#877721: [Pkg-ipsec-tools-devel] Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly
On Wed, Oct 04, 2017 at 10:05:08PM +0200, Bartek Krawczyk wrote: > In summary: 1. racoon configuration with aes128-cbc, sha256 and > pfs2048 doesn't work with MikroTik. 2. changing only sha256 to sha1 > on racoon and MikroTik solves the problem immediately. 3. MikroTik to > MikroTik and MikroTik to strongSwan works as expected. > 4. PSK is fine, phase 1 and 2 completes properly, setkey -D and setkey -DP > shows expected values but packets are dropped. Once the SA is installed, it's the kernel's responsibility to actually handle the relevant ipsec encap/decap operations. So the two likely possibilities that I see are: 1. Kernel is misbehaving due to kernel bug 2. Kernel is misbehaving due to improperly configured SA Can you provide the SA db of a working system (e.g. configured by strongswan or racoon with sha1) and that of a non-working system, for comparison? You should be able to use 'setkey' even on a system configured using strongswan, or you can use 'ip xfrm state' For what it's worth, I use the following in most of my configurations with no issues: encryption_algorithm aes 256; hash_algorithm sha512; Thanks noah signature.asc Description: PGP signature
Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly
And below you see a working strongSwan configuration with HMAC SHA256 tested on the same server also on Debian stretch with the same PSK conn VPN left=217.182.74.61 leftsubnet=4.4.4.4/32[gre] rightsubnet=2.2.2.2/32[gre] rightauth=psk leftauth=psk authby=psk auto=add dpdaction=restart dpddelay=30s dpdtimeout=120s ike=aes128-sha256-modp3072! esp=aes128-sha256-modp3072! ikelifetime=24h lifetime=4h installpolicy=yes keyexchange=ikev1 type=tunnel Regards Bartek Krawczyk
Bug#877721: racoon: IPsec tunnel with HMAC SHA256 in phase 2 is not working correctly
Package: racoon
Version: 1:0.8.2+20140711-8
Severity: normal
Dear Maintainer,
I am configuring a roadwarrior-like scenario which works however I've
encounterd a strange problem. When configuring racoon to use AES 128
CBC as encryption algorithm with SHA256 as authentication algorighm
(and PFS with DH group 2048) for SA proposal the traffic is not
correctly authenticated. The phase 1 and 2 completes successfully,
SA's are installed properly and I even see encrypted traffic leaving
the box (and arriving to it) with correct SPI's however looks like
the traffic is dropped both by my Linux server and my remote MikroTik
router. Issue goes away immediately when I change to SHA1 as an
authentication algorithm in racoon for SA proposal.
I have tested the same setup on the same server with strongSwan and there
SHA256 works fine.
If you need any more information let me know with some minor advice on how to
gather them.
In summary: 1. racoon configuration with aes128-cbc, sha256 and
pfs2048 doesn't work with MikroTik. 2. changing only sha256 to sha1
on racoon and MikroTik solves the problem immediately. 3. MikroTik to
MikroTik and MikroTik to strongSwan works as expected.
4. PSK is fine, phase 1 and 2 completes properly, setkey -D and setkey -DP
shows expected values but packets are dropped.
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages racoon depends on:
ii adduser3.115
ii debconf [debconf-2.0] 1.5.61
ii init-system-helpers1.48
ii ipsec-tools1:0.8.2+20140711-8
ii libc6 2.24-11+deb9u1
ii libcomerr2 1.43.4-2
ii libgssapi-krb5-2 1.15-1
ii libk5crypto3 1.15-1
ii libkrb5-3 1.15-1
ii libldap-2.4-2 2.4.44+dfsg-5
ii libpam0g 1.1.8-3.6
ii libssl1.0.21.0.2l-2
ii lsb-base 9.20161125
ii perl 5.24.1-3+deb9u2
racoon recommends no packages.
racoon suggests no packages.
-- Configuration Files:
/etc/racoon/psk.txt changed:
* xxx
/etc/racoon/racoon.conf changed:
log info;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
listen {
isakmp 217.182.74.61 [500];
isakmp_natt 217.182.74.61 [4500];
}
remote anonymous {
exchange_mode main,aggressive,base;
my_identifier address;
lifetime time 24 hour;
passive on;
proposal_check obey;
generate_policy require;
nat_traversal on;
dpd_delay 120;
dpd_retry 5;
dpd_maxfail 5;
proposal {
encryption_algorithm aes;
hash_algorithm sha256;
authentication_method pre_shared_key;
dh_group modp3072;
}
}
sainfo anonymous {
lifetime time 4 hours;
pfs_group modp3072;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
-- debconf information:
* racoon/config_mode: direct
