Re: [strongSwan] configured DH group CURVE_25519 not supported

[Gyula Kovács]

Hi All,

Thank you for your time and help.
Based on your ideas / advices, I checked the SW deployment on the target 
and found that libstrongswan-curve25519.so was missing from 
/usr/lib/ipsec/plugins/ directory.

So, I had a simple deployment (more precisely: bitbake recipe) error.
After fixing the recipe, the target worked again.
So the problem is solved. Thank you again.

Best regards,
Gyula

Re: [strongSwan] configured DH group CURVE_25519 not supported

[Gyula Kovács]

Hi Eric,

I tried both variants.
First, without --disable-curve25519, which means that the plugin is 
enabled (https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf).

After that, I added --disable-curve25519 to ./configure options.
But both builds produced the same error message.

Best regards,
Gyula

[strongSwan] configured DH group CURVE_25519 not supported

[Gyula Kovács]

Hi All,

I've just updated strongSwan from 5.5.1 to 5.6.0.
After the update, I got the "configured DH group CURVE_25519 not 
supported" error message.
The target was working fine before the update, the configuration files 
were not changed during the update.
I found some information on the internet, so I know that Curve25519 
support was introduced in 5.5.2.
I checked the build configuration options, and disabled the curve25519 
support (--disable-curve25519), but it did not help.

I have no idea what might cause the problem.
Any help would be appreciated.

Best regards,
Gyula Kovacs

I added the technical details here.

Target system:
- Linux 3.18.31 #1 PREEMPT Tue Aug 29 12:27:09 CEST 2017 armv7l GNU/Linux
- OpenSSL 1.0.2l  25 May 2017
- strongSwan configuration options:
  --build=x86_64-linux --host=arm-oe-linux-gnueabi 
--target=arm-oe-linux-gnueabi

  --prefix=/usr --exec_prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin
  --libexecdir=/usr/lib/strongswan --datadir=/usr/share --sysconfdir=/etc
  --sharedstatedir=/com --localstatedir=/var --libdir=/usr/lib 
--includedir=/usr/include
  --oldincludedir=/usr/include --infodir=/usr/share/info 
--mandir=/usr/share/man
  --disable-silent-rules --disable-dependency-tracking 
--with-libtool-sysroot=/oe-core/build/tmp-glibc/sysroots/
  --without-lib-prefix --without-systemdsystemunitdir --disable-aesni 
--enable-charon --enable-curl --disable-curve25519
  --enable-gmp --disable-ldap --disable-mysql --enable-openssl 
--disable-scepclient --disable-soup --enable-sqlite

  --enable-stroke --disable-swanctl --disable-systemd

Opponent:
- Linux 3.16.0-4-586 #1 Debian 3.16.43-2 (2017-04-30) i686 GNU/Linux
- OpenSSL 1.0.1t  3 May 2016
- strongSwan configuration options:
  ./configure --prefix=/usr --sysconfdir=/etc --disable-curve25519

Error message:
root@mdm9640:~# ipsec up host-host-psk-lan
initiating IKE_SA host-host-psk-lan[1] to 160.48.99.124
configured DH group CURVE_25519 not supported
tried to checkin and delete nonexisting IKE_SA
establishing connection 'host-host-psk-lan' failed
root@mdm9640:~#

root@mdm9640:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.0, Linux 3.18.31, armv7l):
  uptime: 13 seconds, since Jan 01 00:01:30 1970
  malloc: sbrk 540672, mmap 0, used 229400, free 311272
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, 
scheduled: 0
  loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey 
pem openssl gmp xcbc cmac hmac curl sqlite attr kernel-netlink resolve 
socket-default stroke vici updown xauth-generic

Listening IP addresses:
  160.48.99.98
  160.48.199.98
Connections:
host-host-psk-lan:  160.48.99.98...160.48.99.124  IKEv2
host-host-psk-lan:   local:  [160.48.99.98] uses pre-shared key 
authentication
host-host-psk-lan:   remote: [160.48.99.124] uses pre-shared key 
authentication

host-host-psk-lan:   child:  dynamic === dynamic TRANSPORT
Security Associations (0 up, 0 connecting):
  none
root@mdm9640:~#

Log files:
root@mdm9640:~# cat /var/log/charon.log
Jan  1 00:03:35 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, 
Linux 3.18.31, armv7l)

Jan  1 00:03:35 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan  1 00:03:35 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan  1 00:03:35 00[CFG] loading ocsp signer certificates from 
'/etc/ipsec.d/ocspcerts'
Jan  1 00:03:35 00[CFG] loading attribute certificates from 
'/etc/ipsec.d/acerts'

Jan  1 00:03:35 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan  1 00:03:35 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan  1 00:03:35 00[CFG]   loaded IKE secret for 160.48.99.124
Jan  1 00:03:35 00[CFG]   loaded IKE secret for 160.48.199.124
Jan  1 00:03:35 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/ATM-02_IPsec-internal.key'
Jan  1 00:03:35 00[CFG]   loaded RSA private key from 
'/etc/ipsec.d/private/ATM-02_IPsec-internal.key'
Jan  1 00:03:35 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 
random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 
pgp dnskey sshkey pem openssl gmp xcbc cmac hmac curl sqlite attr 
kernel-netlink resolve socket-default stroke vici updown xauth-generic

Jan  1 00:03:35 00[JOB] spawning 16 worker threads
Jan  1 00:03:35 05[CFG] received stroke: add connection 'host-host-psk-lan'
Jan  1 00:03:35 05[CFG] added configuration 'host-host-psk-lan'
Jan  1 00:03:54 07[CFG] received stroke: initiate 'host-host-psk-lan'
Jan  1 00:03:54 09[IKE]  initiating IKE_SA 
host-host-psk-lan[1] to 160.48.99.124
Jan  1 00:03:54 09[IKE]  configured DH group 
CURVE_25519 not supported
Jan  1 00:03:54 09[MGR]  tried to checkin and 
delete nonexisting IKE_SA

Jan  1 00:04:02 00[DMN] signal of type SIGINT received. Shutting down
root@mdm9640:~#

Aug 30 10:12:51 mgu charon: 00[DMN] Starting IKE charon daemon 
(strongSwan 

Re: [strongSwan] AH Transport AES CMAC PSK

[Gyula Kovács]

Hi Andreas,

I checked the loaded plugins and it contains cmac.
Nonetheless, setting up the connection fails:
root@atm:/etc/ipsec.d/examples# ipsec up host-host
establishing CHILD_SA host-host
generating CREATE_CHILD_SA request 0 [ N(USE_TRANSP) SA No TSi TSr ]
sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] 
(192 bytes)
received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] 
(80 bytes)

parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
failed to establish CHILD_SA, keeping IKE_SA
establishing connection 'host-host' failed
root@atm:/etc/ipsec.d/examples#
The log file is the same, what has been attached to my first mail. I 
have no idea.


Best regards,
Gyula

root@atm:/etc/strongswan.d# ipsec listplugins

List of loaded Plugins:

charon:
CUSTOM:libcharon
NONCE_GEN
CUSTOM:libcharon-sa-managers
CUSTOM:libcharon-receiver
CUSTOM:kernel-ipsec
CUSTOM:kernel-net
CUSTOM:libcharon-receiver
HASHER:HASH_SHA1
RNG:RNG_STRONG
CUSTOM:socket
CUSTOM:libcharon-sa-managers
HASHER:HASH_SHA1
RNG:RNG_WEAK
aes:
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
des:
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
rc2:
CRYPTER:RC2_CBC-0
sha2:
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
sha1:
HASHER:HASH_SHA1
PRF:PRF_KEYED_SHA1
md5:
HASHER:HASH_MD5
random:
RNG:RNG_STRONG
RNG:RNG_TRUE
nonce:
NONCE_GEN
RNG:RNG_WEAK
x509:
CERT_ENCODE:X509
HASHER:HASH_SHA1
CERT_DECODE:X509
HASHER:HASH_SHA1
PUBKEY:ANY
CERT_ENCODE:X509_AC
CERT_DECODE:X509_AC
CERT_ENCODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_ENCODE:OCSP_REQUEST
HASHER:HASH_SHA1
RNG:RNG_WEAK
CERT_DECODE:OCSP_RESPONSE
CERT_ENCODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
revocation:
CUSTOM:revocation
CERT_ENCODE:OCSP_REQUEST (soft)
CERT_DECODE:OCSP_RESPONSE (soft)
CERT_DECODE:X509_CRL (soft)
CERT_DECODE:X509 (soft)
FETCHER:(null) (soft)
constraints:
CUSTOM:constraints
CERT_DECODE:X509 (soft)
pubkey:
CERT_ENCODE:PUBKEY
CERT_DECODE:PUBKEY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
pkcs1:
PRIVKEY:ANY
PRIVKEY:RSA (soft)
PRIVKEY:ECDSA (soft)
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA (soft)
PUBKEY:ECDSA (soft)
PUBKEY:DSA (soft)
PUBKEY:RSA
pkcs7:
CONTAINER_DECODE:PKCS7
CONTAINER_ENCODE:PKCS7_DATA
CONTAINER_ENCODE:PKCS7_SIGNED_DATA
CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
PRIVKEY:ANY
PRIVKEY:RSA
PRIVKEY:ECDSA
pkcs12:
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS7
CERT_DECODE:X509 (soft)
PRIVKEY:ANY (soft)
HASHER:HASH_SHA1 (soft)
CRYPTER:3DES_CBC-24 (soft)
CRYPTER:RC2_CBC-0 (soft)
pgp:
PRIVKEY:ANY
PRIVKEY:RSA
PUBKEY:ANY
PUBKEY:RSA
CERT_DECODE:PGP
dnskey:
PUBKEY:ANY
PUBKEY:RSA
sshkey:
PUBKEY:ANY
CERT_DECODE:PUBKEY
pem:
PRIVKEY:ANY
PRIVKEY:ANY
HASHER:HASH_MD5 (soft)
PRIVKEY:RSA
PRIVKEY:RSA
HASHER:HASH_MD5 (soft)
PRIVKEY:ECDSA
PRIVKEY:ECDSA
HASHER:HASH_MD5 (soft)
PRIVKEY:DSA (not loaded)
PRIVKEY:DSA
HASHER:HASH_MD5 (soft)
PRIVKEY:BLISS (not loaded)
PRIVKEY:BLISS
PUBKEY:ANY
PUBKEY:ANY
PUBKEY:RSA
PUBKEY:RSA
PUBKEY:ECDSA
PUBKEY:ECDSA
PUBKEY:DSA (not loaded)
PUBKEY:DSA
PUBKEY:BLISS
CERT_DECODE:ANY
CERT_DECODE:X509 (soft)
CERT_DECODE:PGP (soft)
CERT_DECODE:X509
CERT_DECODE:X509
CERT_DECODE:X509_CRL
CERT_DECODE:X509_CRL
CERT_DECODE:OCSP_REQUEST (not loaded)
CERT_DECODE:OCSP_REQUEST
CERT_DECODE:OCSP_RESPONSE
CERT_DECODE:OCSP_RESPONSE
CERT_DECODE:X509_AC
CERT_DECODE:X509_AC
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PKCS10_REQUEST
CERT_DECODE:PUBKEY
CERT_DECODE:PUBKEY
CERT_DECODE:PGP
CERT_DECODE:PGP
CONTAINER_DECODE:PKCS12
CONTAINER_DECODE:PKCS12
openssl:
CUSTOM:openssl-threading
CRYPTER:AES_CBC-16
CRYPTER:AES_CBC-24
CRYPTER:AES_CBC-32
CRYPTER:CAMELLIA_CBC-16
CRYPTER:CAMELLIA_CBC-24
CRYPTER:CAMELLIA_CBC-32
CRYPTER:CAST_CBC-0
CRYPTER:BLOWFISH_CBC-0
CRYPTER:3DES_CBC-24
CRYPTER:DES_CBC-8
CRYPTER:DES_ECB-8
CRYPTER:NULL-0
HASHER:HASH_MD4
HASHER:HASH_MD5
HASHER:HASH_SHA1
HASHER:HASH_SHA224
HASHER:HASH_SHA256
HASHER:HASH_SHA384
HASHER:HASH_SHA512
PRF:PRF_KEYED_SHA1
PRF:PRF_HMAC_MD5
PRF:PRF_HMAC_SHA1
PRF:PRF_HMAC_SHA2_256
PRF:PRF_HMAC_SHA2_384
PRF:PRF_HMAC_SHA2_512

[strongSwan] AH Transport AES CMAC PSK

[Gyula Kovács]

Hello,

I tried to set up an ikev2/host2host-ah connectionwith pre-shared key.
The connection failed, when choosing aescmac as integrity algorithm.
The connection was successfully built up when choosing aesxcbc integrity 
algorithm.
I tried this scenario on two Debian 8.6 VMs (kernel 3.16.0-4-586 with 
CONFIG_CRYPTO_CMAC=m option set) with the latest StrongSwan (v5.5.1).
I checked the log files, and found "algorithm AES_CMAC_96 not supported 
by kernel!" message.
Additionally, I found that AES-CMAC-96 is not supported by StrongSwan 
(https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards).


From where comes this limitation?
Does it come from StrongSwan implementation or from Linux kernel (as 
suggested by the error message)?

Does anybody have ideas?

Best regards,
Gyula Kovacs

# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
ikelifetime=25m
keylife=10m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
authby=secret

conn host-host
left=192.168.1.211
leftfirewall=yes
right=192.168.1.212
type=transport
# ah=aesxcbc!
ah=aescmac
auto=start
closeaction=hold
dpdaction=hold
# /etc/ipsec.conf - strongSwan IPsec configuration file

config setup

conn %default
ikelifetime=25m
keylife=10m
rekeymargin=3m
keyingtries=%forever
keyexchange=ikev2
authby=secret

conn host-host
left=192.168.1.212
leftfirewall=yes
right=192.168.1.211
type=transport
# ah=aesxcbc!
ah=aescmac
auto=start
closeaction=hold
dpdaction=hold
Nov 27 11:11:08 mgu charon: 00[DMN] Starting IKE charon daemon (strongSwan 
5.5.1, Linux 3.16.0-4-586, i686)
Nov 27 11:11:08 mgu charon: 00[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Nov 27 11:11:08 mgu charon: 00[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Nov 27 11:11:08 mgu charon: 00[CFG] loading ocsp signer certificates from 
'/etc/ipsec.d/ocspcerts'
Nov 27 11:11:08 mgu charon: 00[CFG] loading attribute certificates from 
'/etc/ipsec.d/acerts'
Nov 27 11:11:08 mgu charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from 
'/var/lib/strongswan/ipsec.secrets.inc'
Nov 27 11:11:08 mgu charon: 00[CFG] loading secrets from 
'/etc/ipsec.d/examples/ipsec.secrets.mgu'
Nov 27 11:11:08 mgu charon: 00[CFG]   loaded IKE secret for %any
Nov 27 11:11:08 mgu charon: 00[LIB] loaded plugins: charon aes des rc2 sha2 
sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 
pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc cmac hmac gcm curl 
sqlite attr kernel-netlink resolve socket-default stroke vici updown 
xauth-generic
Nov 27 11:11:08 mgu charon: 00[JOB] spawning 16 worker threads
Nov 27 11:11:08 mgu charon: 05[CFG] received stroke: add connection 'host-host'
Nov 27 11:11:08 mgu charon: 05[CFG] added configuration 'host-host'
Nov 27 11:11:08 mgu charon: 09[CFG] received stroke: initiate 'host-host'
Nov 27 11:11:08 mgu charon: 09[IKE] initiating IKE_SA host-host[1] to 
192.168.1.211
Nov 27 11:11:08 mgu charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Nov 27 11:11:08 mgu charon: 09[NET] sending packet: from 192.168.1.212[500] to 
192.168.1.211[500] (1156 bytes)
Nov 27 11:11:09 mgu charon: 15[NET] received packet: from 192.168.1.211[500] to 
192.168.1.212[500] (592 bytes)
Nov 27 11:11:09 mgu charon: 15[ENC] parsed IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Nov 27 11:11:09 mgu charon: 15[IKE] authentication of '192.168.1.212' (myself) 
with pre-shared key
Nov 27 11:11:09 mgu charon: 15[IKE] establishing CHILD_SA host-host
Nov 27 11:11:09 mgu charon: 15[ENC] generating IKE_AUTH request 1 [ IDi 
N(INIT_CONTACT) IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) 
N(MULT_AUTH) N(EAP_ONLY) ]
Nov 27 11:11:09 mgu charon: 15[NET] sending packet: from 192.168.1.212[4500] to 
192.168.1.211[4500] (336 bytes)
Nov 27 11:11:09 mgu charon: 11[NET] received packet: from 192.168.1.211[4500] 
to 192.168.1.212[4500] (160 bytes)
Nov 27 11:11:09 mgu charon: 11[ENC] parsed IKE_AUTH response 1 [ IDr AUTH 
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ]
Nov 27 11:11:09 mgu charon: 11[IKE] authentication of '192.168.1.211' with 
pre-shared key successful
Nov 27 11:11:09 mgu charon: 11[IKE] IKE_SA host-host[1] established between 
192.168.1.212[192.168.1.212]...192.168.1.211[192.168.1.211]
Nov 27 11:11:09 mgu charon: 11[IKE] scheduling reauthentication in 1300s
Nov 27 11:11:09 mgu charon: 11[IKE] maximum IKE_SA lifetime 1480s
Nov 27 11:11:09 mgu charon: 11[IKE] received NO_PROPOSAL_CHOSEN notify, no 
CHILD_SA built
Nov 27 

Re: [strongSwan] AH Transport AES-128 GMAC

[Gyula Kovács]

Hi Tobias,

Thank you very much for your help and detailed description.
I checked the responder's daemon.log, and found the the same error 
messages you've mentioned.
I think, our customer will accept this fact and will choose a different 
integrity algorithm or switch to ESP.


Best regards,
Gyula


On 2016.11.10. 19:08, Tobias Brunner wrote:

Hi Gyula,


I'm running the test between two identical Debian 8.6 VMs.
Both have the same version of strongSwan (v5.5.1), compiled withe the
same switches.

I was able to reproduce this in our testing environment.  On the
responder you should have seen the following messages:


[CHD] no keylength defined for AES_128_GMAC
[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel

These are caused because for AES-GMAC the key length is not explicitly
encoded in the proposal, instead each length has its own identifier
(compared to ESP with AES-GCM or NULL-AES-GMAC where there is only one
identifier and the key length is transmitted).  But when deriving keys
we currently don't map these identifiers back to the required key length.

Another issue is that the kernel-netlink plugin currently doesn't map
these identifiers to algorithm names either, so the plugin isn't able to
install the SAs after deriving the keys.

However, as it turns out, the Linux kernel can't actually be configured
to use AES-GMAC with AH, only with ESP.  So what you want to do is
currently not possible at all.

If you are not dead set on using AH you could use esp=aes128gmac
instead, to configure ESP with NULL encryption and AES-GMAC authentication.

Regards,
Tobias




___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Is it possible to force re-keying?

[Gyula Kovács]

Hi All,

Our customer has some special requirements on the ipsec solution.
One of them is to be able force re-keying in a host-host scenario.
I searched the online documentation, but didn't find any information 
about it. Is it possible?


Best regards,
Gyula Kovacs

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] AH Transport AES-128 GMAC

[Gyula Kovács]

Hi Tobias,

I'm sorry, but my test environment description was not detailed enough.
I'm running the test between two identical Debian 8.6 VMs.
Both have the same version of strongSwan (v5.5.1), compiled withe the 
same switches.
(./configure --prefix=/usr --sysconfdir=/etc --enable-openssl 
--enable-gmp --enable-charon --enable-stroke --enable-curl 
--enable-sqlite --enable-agent --enable-gcm)

---
root@atm:/etc/ipsec.d/examples# ipsec version
Linux strongSwan U5.5.1/K3.16.0-4-586
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@atm:/etc/ipsec.d/examples#
---
root@mgu:/etc/ipsec.d/examples# ipsec version
Linux strongSwan U5.5.1/K3.16.0-4-586
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@mgu:/etc/ipsec.d/examples#
---

Best regards,
Gyula


On 2016.11.07. 09:54, Tobias Brunner wrote:

Hi Gyula,


Thank you for the idea, but I'm using version 5.5.1 (see below).

I see.  The other end might not, though.

Regards,
Tobias




--
Gyula Kovács
KKB-Tech
+36 30 257 9319

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] AH Transport AES-128 GMAC

[Gyula Kovács]

Hi Tobias,

Thank you for the idea, but I'm using version 5.5.1 (see below).
---
root@atm:~# ipsec version
Linux strongSwan U5.5.1/K3.16.0-4-586
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@atm:~#
---
I compiled it on Debian 8.6 VM, after using the following configuration 
options:
./configure --prefix=/usr --sysconfdir=/etc --enable-openssl 
--enable-gmp --enable-charon --enable-stroke --enable-curl 
--enable-sqlite --enable-agent --enable-gcm


Best regards,
Gyula



On 2016.11.07. 09:35, Tobias Brunner wrote:

Hi Gyula,


Anybody have an idea what could be wrong?

That's due to a recently fixed bug that mapped the aes*gmac keywords
incorrectly for AH proposals.  You may either update to 5.5.1, which
includes the fix, or try to apply the patch at [1] (won't apply cleanly
to any older version as it is based on other changes).

Regards,
Tobias

[1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=a65a282f




--
Gyula Kovács
KKB-Tech
+36 30 257 9319

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] AH Transport AES-128 GMAC

[Gyula Kovács]

Hello,

I'm trying to set up an ikev2/host2host-ah connection according to 
https://www.strongswan.org/testing/testresults/ikev2/host2host-ah/index.html 
page.
The connection is successfully established when I'm using the aesxcbc 
integrity algorithm (as in the example).
See ipsec_listalgs__2.txt, ipsec_status__2.txt and 
ipsec_up_host-host_transport_ah_aesxcbc__2.txt files.


But, according to our customer's requirements, I have to use aes128gmac 
integrity algorithm.

So I changed the "ah=aesxcbc" to "ah=aes128gmac" in the ipsec.conf file.
The connection could not be established with the new setting (see 
ipsec_up_host-host_transport_ah_aes128gmac__2.txt file).


My test environment (both hosts):
- Debian 8.6 VM
- StongSwan 5.5.1 (built as Debian has StrongSwan 5.2.1 by default)

Anybody have an idea what could be wrong?

Best regards,
Gyula Kovacs

root@atm:/etc/ipsec.d/examples# ipsec listalgs

List of registered IKE algorithms:

  encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] RC2_CBC[rc2] 
CAMELLIA_CBC[openssl] CAST_CBC[openssl]
  BLOWFISH_CBC[openssl] NULL[openssl]
  integrity:  HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] 
HMAC_SHA1_128[openssl]
  HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] 
HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
  HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] 
HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
  AES_XCBC_96[xcbc] AES_CMAC_96[cmac]
  aead:   AES_GCM_16[openssl] AES_GCM_12[openssl] AES_GCM_8[openssl]
  hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] 
HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
  HASH_MD4[openssl]
  prf:PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] 
PRF_HMAC_SHA2_256[openssl]
  PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] 
PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
  PRF_CAMELLIA128_XCBC[xcbc] PRF_AES128_CMAC[cmac]
  xof:
  dh-group:   ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] 
ECP_224[openssl] ECP_192[openssl] ECP_256_BP[openssl]
  ECP_384_BP[openssl] ECP_512_BP[openssl] ECP_224_BP[openssl] 
MODP_3072[openssl] MODP_4096[openssl]
  MODP_6144[openssl] MODP_8192[openssl] MODP_2048[openssl] 
MODP_2048_224[openssl] MODP_2048_256[openssl]
  MODP_1536[openssl] MODP_1024[openssl] MODP_1024_160[openssl] 
MODP_768[openssl] MODP_CUSTOM[openssl]
  random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
  nonce-gen:  [nonce]
root@atm:/etc/ipsec.d/examples#
root@atm:/etc/ipsec.d/examples# ipsec status
Security Associations (1 up, 0 connecting):
   host-host[1]: ESTABLISHED 91 seconds ago, 
192.168.1.211[!DELETED-BECAUSE-OF-CONFIDENTIALITY!]...192.168.1.212[!DELETED-BECAUSE-OF-CONFIDENTIALITY!]
   host-host{1}:  INSTALLED, TRANSPORT, reqid 1, AH SPIs: c621bb4b_i c47a8f2e_o
   host-host{1}:   192.168.1.211/32 === 192.168.1.212/32
root@atm:/etc/ipsec.d/examples#
root@atm:/etc/ipsec.d/examples# ipsec up host-host
initiating IKE_SA host-host[1] to 192.168.1.212
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) 
N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 192.168.1.211[500] to 192.168.1.212[500] (1156 bytes)
received packet: from 192.168.1.212[500] to 192.168.1.211[500] (657 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ 
N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
received cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
sending cert request for "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
authentication of '!DELETED-BECAUSE-OF-CONFIDENTIALITY!' (myself) with 
RSA_EMSA_PKCS1_SHA2_256 successful
sending end entity cert "!DELETED-BECAUSE-OF-CONFIDENTIALITY!"
establishing CHILD_SA host-host
generating IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(USE_TRANSP) SA TSi TSr 
N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
splitting IKE message with length of 1920 bytes into 2 fragments
generating IKE_AUTH request 1 [ EF(1/2) ]
generating IKE_AUTH request 1 [ EF(2/2) ]
sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (1236 bytes)
sending packet: from 192.168.1.211[4500] to 192.168.1.212[4500] (756 bytes)
received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (1236 bytes)
parsed IKE_AUTH response 1 [ EF(1/2) ]
received fragment #1 of 2, waiting for complete IKE message
received packet: from 192.168.1.212[4500] to 192.168.1.211[4500] (548 bytes)
parsed IKE_AUTH response 1 [ EF(2/2) ]
received fragment #2 of 2, reassembling fragmented IKE message
parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) 
N(NO_ADD_ADDR) N(NO_PROP) ]
received end