Re: [strongSwan] [strongswan] davici: Fix codesonar warnings
Hi, > Fixed below codesonar warning. > isprint() is invoked here with an argument of signed type char, but > only has defined behavior for int arguments that are either > representable as unsigned char or equal to the value of macro EOF(- > 1). > > To avoid this unexpected behaviour, typecasted char type argument to > unsigned char type. Thanks for the patch, applied with some minor changes to master. Your submission is a patch for your build environment, creating a patch to davici. Please create patches against the davici git tree for future submissions, preferably using git format-patch/send-email. Regards Martin
Re: [strongSwan] Memory leak when routing internet traffic via VPN
Hi, > If I have "leftsubnet=172.30.0.0/16,0.0.0.0/0", the server leaks > memory - available memory decreases steadily until all memory+swap > are consumed and the server needs to be rebooted. No processes are > using this memory - the sum of all shared + RSS is much lower than > what htop reports as used, and nothing I can kill reclaims it. Not sure if it is related, but have a look at the following discussion: https://lore.kernel.org/netdev/CAMnf+PjGq2qsZzg=+H5Z5kO+PSQbo=R0MHW5rv1CWrqoS=b...@mail.gmail.com/ Kind regards Martin
Re: [strongSwan] Cannot compile strong-swan from git
Hi Ben, > First, maybe autogen could detect this missing gperf right at the > beginning and tell the user? ./autogen.sh is just a wrapper for autogen -i these days, so it won't help users calling that directly. Doing such a check in ./configure is no option, as gperf is not required for an ordinary build from tarball. The gperf (and other) output is part of the distribution tarball, so that users don't need non-standard tools. > confread.o: In function `load_conn': > /home/greearb/git/strongswan/src/starter/confread.c:568: undefined > reference to `in_word_set' Try "make maintainer-clean", and start from scratch with autogen and ./configure. The problem here is that the gperf rule generates an empty file if gperf is missing, and then "make" thinks the file is up to date once gperf got installed. I've tried to address this issue with [1]. Regards Martin [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=bca7571b0fa17b3b0c448187166833ad3664250c
Re: [strongSwan] Davici library configure shell?
> Where is configure shell in the git? As with most autotools based packages, ./configure is generated and therefore not part of git. When building from git sources, you'll have to generate it using autoreconf. Alternatively, use the distribution tarballs from [1], which include the generated files. Regards Martin [1] https://download.strongswan.org/davici/
Re: [strongSwan] VICI and multiple threads
Hi Anthony, > [...] and he didmention the possibility for using DAVICI. > mention the possibility for using DAVICI. The problem at the time was > Andreas lost the support person for this module. So we decided not to > take the risk. I don't think there is much of an issue here. I definitely will take care of maintaining davici, as we use that in production extensively. There is not much going on in this repo [1], but this is mostly because it is a rather simple library (and mostly complete to do what it should). Regards Martin [1]https://github.com/strongswan/davici
Re: [strongSwan] Best practices regarding monitoring
Hi Peter > So, am I correct to assume that you guys usually evaluate the output > of `ipsec statusall` Preferably I'd do that over vici [1], as it provides a much better interface for various languages to query tunnel status or re-initiate tunnels. > Do you simply send pings to remote systems "behind" the VPN? Actually out-of-sync state is quite uncommon at least with IKEv2. If your peer looses CHILD_SAs but happily answers to DPD/liveness checks on IKE, there is probably a bug somewhere. If a peer deletes a CHILD_SA, it must signal that over IKE, hence its peer should notice that. Even complex rekey collisions are actually defined, but probably not all implementations handle them correctly. Also, you might consider updating to 5.5.x, which brings some additional improvements regarding collision exchanges. > If there is no DPD that uses CHILD_SAs, there might be nothing else > that you can do. There isn't, as from a protocol level this is not needed in IKEv2 due to the strict state synchronization it provides. Of course you could use a short CHILD_SA rekeying interval to check its liveness, but that isn't an optimal solution, either. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/Vici
Re: [strongSwan] IPsec performance figures
Hi, > are there any reliable performance figures for IPsec throughput on > x86_64 Linux machines? Nothing I could reference here. > Is 10 GBit/s feasable? If yes, how? On commodity hardware, maybe, but only if/when: * using AES-GCM with AESNI/CLMUL, which can handle ~1Gbit/s/core * your NIC can separate traffic to multiple queues (8+), and each queue has assigned a core to process its traffic * you have multiple SAs and flows, so the flows can actually be separated to queues (and cores) in both directions. If you can't effectively distribute traffic over NIC queues, you should consider using pcrypt. Not sure if 10Gbit/s are possible, though. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Tunnels with dynamic IP and another route issue
Hi, > How exactly do these kind of kind of multipath routes compare to > multiple routes with different priorities/metrics? In your case you > have multiple paths with the same weight, how is the actual > nexthop/interface chosen by the kernel? The nexthop of a multipath route is selected randomly considering its weight, based on a hash of the packet address to keep flows on the same path. With multiple routes with a priority, only the route with the lowest priority is used. When used with IPsec, these multipath routes get somewhat unpredictable; the route lookup for the unencrypted traffic yields a route, but the IPsec policy used may be configured to use the outer tunnel source address of a different interface, depending on where the tunnel was established over. In short, multipath routes won't work very well with strongSwan as-is. If you don't need load sharing, use multiple distinct routes with different priorities. If you want to share load, you may consider using policy based routing, for example using marks. But be warned, this then gets close to rocket science. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPSEC remote access routing
Hi, > > The following is my Strongswan servers routing table (default > > routes). > > nexthop via 90.225.x.x dev vlan845 weight 1 > > nexthop via 10.248.x.x dev ppp1 weight 256 > > nexthop via 85.24.x.x dev vlan847 weight 1 > > nexthop via 46.195.x.x dev ppp0 weight 1 > Please don't replace IPs with the useless text "nexthop". I assume this is a single route with multiple nexthops, a Linux multipath route. As strongSwan installs routes for negotiated tunnels, it must exclude these routes from route lookups for IKE (as IKE must not be affected by tunnel routes). This route lookup is implemented in userspace by manually parsing the routing table. This routing lookup is limited, though, and some more advanced features, such as policy based routing or multipath routes, are not supported. As alternative, you may consider falling back to kernel based route lookups using the fwmark option, briefly discussed in [1]. Also I have a patch pending [2] that uses kernel-based route lookups if tunnel route installation is disabled; likely that we can merge that for a future release. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Routing [2]https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=c41f90fd ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Maximizing throughput / kernel bottlenecks
(one of which is quite old - running a dual core netburst P4 @2.8, the other two are VMs on decent hardware, all of which have no load) are hitting walls at 300mb/s On a Netburst architecture you can't expect more; it does not have any acceleration for AES-GCM. but can hit 980mb/s unencrypted, leads me to some kind of kernel bottlneck. Encryption is that expensive. The two VMs have aesni support, or at least the aesni extension is getting passed through the hypervisor to them. AESNI is half of the story only, you'll need CLMUL instructions as well (pclmulqdq in /proc/cpuinfo). Try to run modprobe tcrypt sec=1 type=4 mode=211 and check dmesg for the benchmark results. Unfortunately no one seems to have any concrete information (asked about this previously). My testing shows that there's a bottleneck somewhere between 200-300mb/s most likely in the kernel somewhere That's not true. Saturating Gbit links is not much of a problem with AESNI/CLMUL accelerated AES-GCM. Even with the AVX2-enabled ChaCha20Poly1305 I got 700MBit/s on a single core, without pcrypt. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Maximizing throughput / kernel bottlenecks
Hi, > There is no appreaciable load on any of the systems > during throughput testing. Please note that IPsec is usually processed in soft IRQ, so have a look at the "si" field in top. If you are CPU bound, "perf" is very powerful in analyzing the bottleneck on productive systems. If you are not CPU bound, something else is probably wrong (packet loss, etc.). > I've read that aes-gcm has been built to scale to 10ge and 40ge, It has, but saturating such links definitely requires hardware support. > Does anyone else have experience with higher throughput on > their IPsec tunnels, whether or not utilizing aes-gcm? If your CPU has AESNI/CLMUL support, depending on your CPU you should at least get close to saturating a Gigabit link, even if using a single core only. If you have multiple tunnels, a NIC with multiple hardware queues can share the load to more cores; if not pcrypt is an option. With traditional algorithms you should achieve around 200-400Mbit, so you should go for AES-GCM if your hardware supports it (make sure to have rfc4106-gcm-aesni in /proc/crypto). Alternatively, you might give the newer chacha20poly1305 AEAD a try; it provides good performance in software, and even better performance with SSE2/AVX2 (since Linux 4.3). Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IKEv1 xauth-pam to IKEv2 eap-gtc?
Hi John, > The IKEv1 connections use pubkey & xauth-pam authentication: > Is there a migration path for IKEv2 connections that makes sense? I see > there is an eap-gtc module that supports pam but it's not clear in the > documentation how to configure this to use a specific pam_service. EAP is probably the way to go if you want password authentication with IKEv2. For PAM verification the server needs the clear text password, which can be achieved with EAP-GTC. Unfortunately, not many third party clients support it. Since 5.0.1 the eap-gtc plugin uses IKEv1 XAuth backends for password verification, see [1]. It defaults to xauth-pam, so you can continue using your IKEv1 configuration in IKEv2. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/EapGtc ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Issues with HA configuration
Hi Peter, > If the hash is on SOURCE IP then won’t it potentially hash to a > different segment depending on the direction of the message? Yes. The current code does not enforce a return path over the same segment, so a connection might return over the other node. You'll have to consider that if any (stateful) firewalling is involved. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Multiple vpn clients behind NAT support
Hi, From behind NAT only one client is able to connect at a time. If one remote access vpn in up second vpn connection is failed connect. The Windows L2TP/IPsec client uses transport mode to secure L2TP. A gateway can't distinguish two clients behind the same NAT without some tricks, as they both have the same external IP address. Given that Windows 7 supports IKEv2 and real IPsec, I highly recommend to consider switching to that superior protocol [1]. If that is not an option for you, you might have a look at the connmark plugin [2], which allows you to use Conntrack and Netfilter marks to bind connections to specific SAs. This is all not that trivial, though. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 [2]https://wiki.strongswan.org/projects/strongswan/wiki/Connmark ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Any working two-factor authentication with Windows?
Hi, I would like to know if there exist any two-factor combination where one of them is RADIUS, either IKEv1 or IKEv2, which works with Windows (Win7 and above) native VPN client. AFAIK Windows does not support RFC4739. In IKEv1 there is a proprietary extension called AuthIP in Windows, but we don't support that. What are our options for multi-factor authentication with Strongswan server and Windows client? I'm not aware of a way to use both client certificates and password authentication with the Windows Agile IKEv2 client. A practical solution without client certificates is to use a password + HOTP/TOTP. You could use EAP-MSCHAPv2 for example, but enter both the password concatenated with the token into the password field. On the AAA there are solutions that can handle this kind of authentication scheme. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Multiple proposals with different authentication types
Hi, [...] when the cisco initiates a connection with both the transforms, the RSA-SIG being first in the list, strongswan replies back with a proposal that contains RSA-SIG, because it is the first in the list, even though the connection is defined as PSK. Is this a bug and is there a way to fix this? It is a limitation in the IKEv1 proposal handling in charon. strongSwan 5.x does not honor different authentication methods in IKEv1 proposals, but uses the first one only. If you look at sa_payload.h, you can see that get_auth_method() returns a single method only. To support multiple auth methods, we'd have to return all of them (for example using a bit-set), and use these methods in main/aggressive_mode.c to select the appropriate config. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan EAP-TTLS + user/password(chap)
Hi, Is there any way that i could use user/password inside eap-ttls tunnel? windows clients are able to initiate IKE tunnel with eap-ttls and user+password as their authentication protocol and I'm trying to use Strongswan as my server side. strongSwan EAP-TTLS currently does not support tunneling plain PAP/CHAP, but only other EAP methods. If not, what do you recommend in such a solution that an authentication system with user+password is required.(CHAP alone is not secure enough). Using plain EAP-MSCHAPv2 is usually fine in IKEv2 if you terminate EAP at the IKE responder. The EAP exchange is protected by IKEv2 using the responders server certificate. If that is insufficient for you, you may EAP-TTLS- or PEAP-tunnel EAP-MSCHAPv2. That is supported by the Windows client. But from a security perspective it does not help much if you terminate EAP at the IKE responder, just complicates things. If you terminate EAP at an AAA backend using our eap-radius plugin, you might want additional security on the gateway-AAA link. Using EAP-TTLS (with any inner authentication method) may be an option. strongSwan does not terminate EAP then, and you can use any method that the client and the AAA supports. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] forecast iptables commit failed: Invalid argument
Can you please share the ipsec configuration files that you used on x86 architecture, so that we can check if we are missing any generic or architecture specific dependencies. Our test suite features a regression test for the forecast plugin, see [1]. Regards Martin [1]https://www.strongswan.org/uml/testresults/ikev2/forecast/index.html ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] forecast iptables commit failed: Invalid argument
Hi, OpenWrt daemon.info charon: 15[CFG] forecast iptables commit failed: Invalid argument Please check that your kernel supports the MARK target and the udp/esp matches. What architecture is OpenWRT running on? Not unlikely that it is an alignment issue, I didn't test the plugin beyond x86/x64. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Throughput on high BDP networks
Hi, I can see the multiple kworker threads spread across all 12 cores in these fairly high powered systems but I am still dropping packets and performance is not much improved. If all your cores are processing traffic, then pcrypt probably works as it should. What does fairly high powered system mean? What is the raw crypto throughput with AES-GCM you can expect on these boxes? Have you benchmarked UDP traffic to see where the processing limit is? I tried to set this up so it would work at boot [...] and it causes a kernel panic as soon as we attempt to send traffic through the tunnel - every single time. Most likely a bug in your kernel. The panic details might help to track this down, but you probably should report this issue to your distro or a kernel mailing list. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Throughput on high BDP networks
Even at these rates, the CPU did not appear to be very busy. We had one at 85% occupied but that was the one running nuttcp. On the outgoing path, the Linux kernel usually accounts ESP encryption under the process that sends traffic using a socket send() call. So these 85% probably include AES-GCM. On the receiving or forwarding path, you'll have to look at the software interrupt usage (si in top). We have seen these boxes pass almost 20 Gbps with single digit utilization so they have plenty of horsepower. That does not have to mean much. Its all about encryption, and that is rather expensive. If you have specialized hardware, this most likely means it is good at shuffling data over the network, but might be underpowered when it has to do encryption in software. We are also running haveged on them to prevent entropy starvation for the encryption. Only the key exchange needs entropy, raw AES-GCM does not. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Failing to login due to constraint check failed
why it wasn't sending identity before but does sent it now? The client now offers EAP authentication by omitting the AUTH payload in the first IKE_AUTH exchange. This allows the server to trigger the EAP-Identity exchange, followed by EAP-MSCHAPv2. and why does authentication fail? The client rejects the EAP-MSCHAPv2 method with EAP-NAK. It is configured to use something else or does not support it. AFAIK iOS supports EAP-MSCHAPv2, so most likely this is a client configuration issue. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Failing to login due to constraint check failed
Hi, What I don't understand is why it is failing on EAP identity when I clearly defined 'eap_identity=%any' parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) authentication of '%any' with pre-shared key constraint check failed: EAP identity '%any' required Your client does not initiate EAP, but authenticates with a pre-shared key. It does not provide an EAP-Identity matching %any, as no EAP-Identity is exchanged at all. If you want to do EAP-MSCHAPv2 with iOS IKEv2, set ExtendedAuthEnabled, see [1]. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Implications of Weak DH / Logjam on IPSec
Gerd, you are probably aware of the recent Weak DH / Logjam attack on Diffie-Hellman, see: https://weakdh.org/ Yes. Our TLS stack as server uses at least MODP2048, so is not directly affected. I've queued a fix to reject groups smaller 1024-bit as client, subject for the next release, see [1]. Let's assume IKEv1 Main Mode and an attacker who is able to pre-compute an attack on DH Group 2 / MODP1024. If you are using PSK, the attacker now only needs to know or crack the PSK to gain the session keys and he is able to decrypt the traffic. For IKEv1 with PSKs this is true, as the PSK is included in the derived keymat and provides additional protection (but this very same property of the protocol makes IKEv1/PSK difficult to use for road-warriors, as you'll have to choose a PSK for the connecting peer without knowing its identity, as it is encrypted with keymat using that PSK). So the attacker can reduce the security of Main Mode to that of Aggressive Mode in the end. Aggressive Mode uses a DH exchange as well, but does not protect the peer identity or the authentication data under it, allowing attacks on the PSK. What happens if you use RSA keys instead of PSK? I guess the attacker now also needs to crack them before he can get at the session keys, correct? No. With RSA authentication in IKEv1, or any authentication method in IKEv2, the long-term credentials are used for authentication only. So if you manage to break MODP1024, the protocol is broken. If you can compute the shared DH secret from the public values, you can derive all keymat as passive attacker. Does the use of PFS for phase 2 / IPSec anyhow weaken the overall security of the connection compared to using phase 2 without PFS? No. Both IKEv1 and IKEv2 use perfect forward secrecy in the terms of TLS (an ephemeral DH exchange) in all cases. PFS in IPsec usually refers to redoing a DH exchange for every rekeying, further increasing security. If an attacker can compute the DH shared secret, it will have to do so after every rekeying if PFS is enabled. So for IPsec/IKE there is not that much news in that paper. MODP1024 can't be considered secure against attacks with state-level resources, and the paper very well underlines that. Unfortunately MODP1024 is widely used by implementations, and we by default include it in the default proposals as a fallback. As I'm not aware of any proposal downgrade attack for IKE, you usually end up with a better group if both peers support it. Regards Martin [1]https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=refs/heads/tls-weakdh ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] EAP-AKA: EAP method not supported, sending EAP_NAK
Hi Holger, server requested EAP_AKA authentication (id 0x00) EAP method not supported, sending EAP_NAK loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem open ssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-aka eap-aka-3gpp2 addrblock EAP-AKA not only needs a backend (such as eap-aka-3gpp2, which you have loaded), but also a special PRF implemented in the fips-prf plugin. That plugin should get enabled implicitly if you ./configure with --enable-eap-aka, but you might need to update any manual strongswan.conf load statements. Regards Martin signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Is there any way to specify/configure different initiator_tsr for each initiator?
Hi, all CHILD SAs will have the same traffic selector (i.e., 40.0.0.1/8) on responder side, as proposed by initiator. Is there any way to specify/configure different initiator_tsr for each initiator? Currently all initiators use the same subnet as defined with initiator_tsr. So no, there is currently no way to define individual subnets for each client. There is, however, a %unique port option you can use, such as initiator_tsr=40.0.0.1/8[udp/%unique]. This selects a single port for each initiator TSr, starting at 1025. This at least results in unique policies on your gateway under test, but not sure what you intend to test. If that is not sufficient, have a look at the add_ts() function from load_tester_config.c. It shouldn't be too hard to use a distinct subnet for each initiator, similar to what we do with these %unique ports. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Is there any way to specify/configure different initiator_tsr for each initiator?
As per the implementation, an SPD entry would contain the destination IP as selector field and uses the same as a key to search the SPD table. I don't think this will work; The remote selector does not have to be unique per CHILD_SA/policy. Having multiple CHILD_SAs having the same remote selector is perfectly fine, and is what load-tester establishes even when it requests a virtual IP. You should include the local address in the SPD lookup as well. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Strongswan does not removes CA Certificate from its internal objects (RAM) even after removing the certificate from cacerts directory or ca section.
Hi, ca section1 cacert=/usr/local/etc/ipsec.d/cacerts/CA.pem 6. After removing this and executing ipsec update we expect that the SA will not get established as the end which does not have root CA of peer will reject the IKE_AUTH. All CA certificates placed under the cacerts directory get loaded implicitly. The ipsec.conf ca section is there to load CA certificates from other locations, or to define additional properties for that CA (refer to the ipsec.conf manpage for details). Further, CA certificate unloading was not supported until 5.3.0, see [1]. With that version, you can re/unload all CA certificates from the cacerts directory using the ipsec reread command, or use ipsec update to re/unload CA certificates referenced in ipsec.conf ca sections. Regards Martin [1]https://wiki.strongswan.org/issues/842 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] PKCS#12 and leftid
I don't really get how I'm supposed to use leftid, am I supposed to find a string-ASN.1 converter ? No, you define a string representation of your identity. strongSwan detects the identity type, and tries to convert it to the appropriate binary encoding (ASN.1 in the case of a DN). While you can specify the raw binary encoding in leftid using the asn1dn: or other prefixes, this is usually not required. Refer to the ipsec.conf manpage for details about the leftid option. If your certificate encodes the RDN as UTF8String, and your accent characters are encoded properly in UTF-8, it should be possible to create a matching subject using leftid if your ipsec.conf is UTF-8 encoded. Is there an other way to specify the certification we want to use that using leftid ? As previously discussed, you can use leftcert to directly select a plain X.509 certificate from a certificate file or smartcard slot. But that won't work for PKCS#12. To alternatively select the certificate by leftid, specify an identity contained in the certificate with one of the options from above. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] PKCS#12 and leftid
Hi, 1) [...] For example my certificate subjet is : C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=jacques.moni...@gmail.com but when I do ipsec listall I have : C=FR, ST=R?gion Parisienne, L=Paris, OU=Org, CN=1.Org, E=jacques.moni...@gmail.com Converting Distinguished Names to strings is very conservative in strongSwan, anything non-ASCII gets replaced by '?'. However, actually comparing distinguished names is more flexible, as it is not done on that converted string, but the ASN.1 encoding. Specifying leftid correctly probably depends on your ipsec.conf encoding and your locale. 2) I would rather specify which p12 the connection has to use. Is there any way to specify in each connection configuration which p12 file is supposed to be use ? No, not for PKCS#12. You can enforce a plain certificate to use using leftcert, and leftid gets replaced by the cert subject if it is not contained in the cert as subjectAltName. But this requires that you extract your PKCS#12 container and configure the certificates and keys separately, as leftcert does not take containers. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Packets dropped during CHILD SA rekeying
Emeric, It seems to be related to: https://wiki.strongswan.org/issues/839#note-1 It is, and as discussed in that ticket, is a consequence of the pair-wise (un-)installation of SAs. To properly fix this issue, we would have to defer outbound SA installation/activation as exchange responder to the DELETE message processing. This requires some non-trivial changes to the CHILD_SA API, though, and complicates collision handling etc. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Different cipher suites for each connection parameters
Hi Lars, Is it possible to have different cipher suites for all the conn parameters in ipsec.conf? Yes. But for IKE proposals, algorithm selection happens very early in the exchange, before any peer identity gets exchanged. This is because these details are explicitly protected under the algorithms we negotiate. So you can't use peer identities to select IKE algorithms, but must rely on information that is available at this stage, such as the IKE version or peer endpoint addresses (left/right). For ESP this is less of a problem, and if you have appropriate selectors to actually select the correct config, you can define separate algorithms for them. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPSec VPN between Cisco ASA and StrongSwan
Hi, It seems to me (I found some hints but no real doc) that you have to specify the direction like this: lefthost righthost : PSK rightpsk righthost lefthost : PSK leftpsk This can work, but I don't think that it must in all cases. The lookup function for shared keys takes the two peer identities. Then each identity is matched against each configured PSK identity. So the match quality for the lookup will be the same. strongSwan does not really use the concept of local or remote keys. As the name implies, it is a shared key between two entities. Using a different PSK for each end is possible in IKEv2, but I don't think that there is much benefit from doing so. Each peer has two know each secret anyway. It also falsely implies that a peer owns that secret for authentication; but as all partners must know that secret, they can use that secret to impersonate that peer. IMHO it is better to use a single distinct secret for each pair of peers, or each tunnel. And of course if it should scale to many peers, public keys are preferable, where each peer effectively owns its private key. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPSec VPN between Cisco ASA and StrongSwan
So what is the added benefit of having two PSKs, since IKEv2 explicitly allows that compared to IKEv1? While it is allowed in IKEv2, I don't see much benefit from doing that. RFC 7296 says: In particular, the initiator may be using a shared key while the responder may have a public signature key and certificate. It will commonly be the case (but it is not required) that, if a shared secret is used for authentication, the same key is used in both directions. So the authentication agility gained in IKEv2 is mostly about methods, not the shared key itself. Since IPSec SAs are undirectional in nature, maybe using two PSKs uses a different PSK in each direction? No. In IKEv2 the PSK is used for authenticating the peers only. The IPsec SAs get derived key material, unique in each direction, using any authentication method. In any case, it must be possible to correctly and unambiguously configure that in strongswan, is it not? PSKs defined for strongSwan are shared between a set of peers. So there is no real difference between defining one for peera peerb and peerb peera, as these are the same sets of peers. Of course one may argue differently and require some kind of precedence for the local peer, but strongSwan does not support that. What is your intention by defining different PSKs for each peer in the first place? Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How to avoid the parsing of strongswan.conf file and set the configuration options programmatically?
Hi, set_strongswan_conf_options(lfile); system(starter --daemon charon); You can't set options in the current process, and then expect that these options get inherited to a child process spawned using system() or any exec*() function. If you want to set strongswan.conf options programatically, you'll have to do that early in the process you want to control, for example in charons main(). Some libcharon based programs already do that, for example charon-xpc under src/frontends/osx. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Can StrongSwan support Multicast Dissemination Protocol (MDP) ?
Hi, Please can you advise whether StrongSWan can support Multicast Dissemination Protocol (MDP) ? strongSwan does not provide any form of explicit support for that protocol. Possible that you can use strongSwan as building block to secure MPD traffic, but I've no experience with that. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] To configure strongswan libraries path.
Hi, Is there a way I can avoid this and specify the path to the library files and the package folder currently present in lib/ipsec/ as compared to the old version where it was stored directly in lib/. Yes, have a look at the --with-ipsecdir, --with-ipseclibdir and --with-plugindir options explained in the output of ./configure --help. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How to tunnel traffic towards the public IP of the remote gateway?
Hi, Does %dynamic work in net2net? Or only in road-warrior scenarios? If any has been negotiated, %dynamic resolves to the virtual IP for that endpoint. If not, it resolves to the IKE endpoint address. It can be used in either scenario, but has a slightly different behavior. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Adding Custom Algorithm
Hi, How we can add custom Algorithm for ESP in Strongswan 4.6.4. ESP is usually handled by the kernel, so you'll have to implement your algorithm there. On Linux, you'll have to provide your algorithm through the Linux Crypto API. Once that is done, you need to define a transform identifier and associate a proposal keyword for it. Try to grep the source code for one of the existing private algorithms, such as ENCR_SERPENT_CBC. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] VICI python egg
Hi Noel, foo=collections.OrderedDict(strongswan.list_sas()) ValueError: need more than 1 value to unpack list_sas() returns a generator over SA dictionaries, an iterable over a list. Creating a dictionary from that does not make much sense, as there in no key for the value. Instead, you could try: foo=list(strongswan.list_sas()) for item in foo: print item But the good thing about the generator is that you don't have to hold the whole list in memory, but process it directly: for item in strongswan.list_sas(): print item bar.next() Traceback (most recent call last): File stdin, line 1, in module StopIteration bar=strongswan.list_sas() bar.next() vici.exception.SessionException: Unexpected response type 1, expected '5' (EVENT_CONFIRM) Usually you don't want to iterate the generator by hand using next(), but use for loops or other constructs working with iterable. If you do, make sure to close() the generator after you are done to terminate the underlying vici stream request. This is most likely a result from incomplete iteration. You may have only one generator alive for a single vici connection, as objects get streamed on demand over the socket. Regards Martin signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPsec between Cisco CSR and Strongswan - Response is outside of window received 0x1, expect 0x2 = mess_id 0x2
Hi,
The issue that I'm facing is that SA on Strongswan side is up but stuck in
IN-NEG” status on Cisco side (Response is outside of window received 0x1,
expect 0x2 = mess_id 0x2).
16[ENC] parsed IKE_AUTH request 1 [ V IDi CERT CERTREQ ... ]
[...]
16[IKE] IKE_SA csr-swan[1] established between 10.10.100.2[C=US,
CN=ne.lab.local]...172.20.100.1[CN=router.lab.local,
unstructuredName=router.lab.local]
16[IKE] scheduling reauthentication in 86151s
16[IKE] maximum IKE_SA lifetime 86331s
16[IKE] sending end entity cert C=US, CN=ne.lab.local
16[IKE] CHILD_SA csr-swan{1} established with SPIs cb262567_i 4d68c4bb_o and
TS 10.10.100.2/32[gre] === 172.20.100.1/32[gre]
16[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT)
]
16[NET] sending packet: from 10.10.100.2[500] to 172.20.100.1[500] (1324
bytes)
From the strongSwan perspective this IKE_SA establishes just fine.
05[NET] received packet: from 172.20.100.1[500] to 10.10.100.2[500] (1724
bytes)
05[ENC] unknown attribute type (28692)
05[ENC] parsed IKE_AUTH request 1 [ V IDi CERT CERTREQ ... ]
05[IKE] received retransmit of request with ID 1, retransmitting response
But Cisco keeps retransmitting the IKE_AUTH request, for which
strongSwan keeps resending the response.
Apr 14 13:46:20.413: IKEv2:(SESSION ID = 1,SA ID = 1):Received Packet [From
10.10.100.2:500/To 172.20.100.1:500/VRF i0:f0]
Initiator SPI : 70F862F7FD8191ED - Responder SPI : 3EC73AFAD382B3C3 Message
id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
IDr CERT AUTH SA TSi TSr NOTIFY(Unknown - 16403)
Apr 14 13:46:20.413: IKEv2:(SESSION ID = 1,SA ID = 1):Process auth response
notify
Apr 14 13:46:20.415: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
The Cisco side receives the IKE_AUTH response, but nonetheless sends a
retransmit for its IKE_AUTH request, but then complains that the message
ID has not advanced.
Apr 14 13:46:20.415: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
10.10.100.2:500/From 172.20.100.1:500/VRF i0:f0]
Initiator SPI : 70F862F7FD8191ED - Responder SPI : 3EC73AFAD382B3C3 Message
id: 1
IKEv2 IKE_AUTH Exchange REQUEST
Payload contents:
ENCR
Apr 14 13:46:20.667: IKEv2:(SESSION ID = 1,SA ID = 1):Response is outside of
window received 0x1, expect 0x2 = mess_id 0x2
I don't see anything wrong on the strongSwan side, the sequence numbers
look correct. Not sure why the CSR does not accept that response but
retransmits the request.
The Process auth response notify for our AUTH_LIFETIME notification
could be some indication, seems that Cisco doesn't know that:
NOTIFY(Unknown - 16403). But it should just ignore it if it doesn't
understand that notify.
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Using syslog logger for charon
Hi, Is there a mechanism to change the level of required log to 'debug', so that they will get automatically redirected to /var/log/debug. No, charon currently always logs with LOG_INFO. With strongswan.conf you can control the facility only (using the auth or daemon section). Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] failure with ike using sha2
Hi Luka, I have just found out, that recent openssl 1.0.2 commit 929b0d70c19f60227f89fac63f22a21f21950823 breaks hmac when using openssl plugin for hmac functions This commit prevents the pre-initialization with an empty key we use to avoid any non-initialized use of HMAC_Update(). Most likely we should track the state of key initialization ourselves, which allows us to remove that initialization. Can you please test the patch at [1] and let us know if that works with the new OpenSSL version? While our API use here is certainly questionable, I'm asking myself if that check in OpenSSL is a not a little too strict. Setting a zero-length key seems legitimate to me; but not sure if any protocol exists that uses such a key. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=openssl-hmac ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] failure with ike using sha2
Please let me know if there is a fix for openssl since changing the load order of plugin is not recommended. If you are using OpenSSL 1.0.2a, you might try the strongSwan fix provided at [1]. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=openssl-hmac ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan Mac OS X app DNS
Hi Ken, Not sure if keeping the current DNS servers installed is the best approach, maybe we should remove the previous servers. But we currently just add them to have them as a fallback. I've pushed a new build [1] based on 5.3.0-rc1 that instead of appending the servers to the list, it replaces the default servers and also restores them. This probably gives a somewhat more predictable behavior, but of course disables any fallback for DNS queries. Unfortunately, that does not seem to resolve all issues. Some applications (Google Chrome) resolve DNS names just fine over the configured servers, others (Safari) don't use them. Not sure how we can trick all applications to use these servers. /etc/resolv.conf, by the way, does not seem to get updated at all anymore. The file has been touched the last time Oct 17th, which exactly correlates to the time Yosemite has been installed. Most likely all C library calls rely on System Configuration these days? Out of curiosity, why is the DNS server added to the PrimaryService store State:/Network/Service/97E8D482-1E2D-4743-B18D-FCA53A7151A7/DNS instead of State:/Network/Global/DNS AFAICS, DNS servers get configured on the interface (service), and if that is active get propagated to the global configuration. where the System Preferences-Network configured servers are stored? To me it more looks like you configure DNS servers for each interface. The servers of the active/primary interface then get used. While we install an utun device to forward traffic over libipsec, that interface does not have a service in the sense of System Configuration. We therefore assign DNS servers to the primary service, which is for your physical interface. Possible that this doesn't work that well anymore... Also, is there any way to associate a search domain with the DNS server sent by the VPN gateway? No. IKEv2 does actually not support negotiating search domains for DNS servers, and a manual/local configuration is currently not implemented. I would like to use EAP-GTC authentication with the Mac app and would be willing to modify the app to add this feature. The new build additionally comes with the eap-gtc plugin. Regards Martin [1]http://download.strongswan.org/osx/strongswan-5.3.0-1.app.zip ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPv6 (Link Local) Router Soliciations over VPN (for Windows 7)
Hi Richard, If we add ff00::/8 to rightsubnet [...] the Router Solicitation and Router Advertisement packets pass correctly. The client gets a default route, and everything works. However, when we try to connect the VPN from a second client, it fails to connect because of duplicate traffic selectors for ff00::/8: Linux XFRM can't handle identical policies, as it wouldn't know over which SA it should send a packet matching multiple tunnels. This applies to Multicast selectors, too, as these are not handled in a special way. With the upcoming 5.3.0 release, we will introduce the forecast [1] plugin, which uses Netfilter marks to distinguish identical policies. Based on that, the plugin listens for multicast packets, and distributes them over all matching policies. Unfortunately, the plugin is currently limited to IPv4, making it IPv6-aware is probably not that trivial. The following combination assigns the client a link-local address. Router Solicitation Router Advertisement packets pass. Two clients can connect successfully, but as neither client gets a public IPv6 address, they obviously can't actually communicate with the world over IPv6: rightsourceip=10.11.0.0/24,fe80::/64 Interesting. We tried listing two IPv6 blocks in rightsourceip, but the logs indicated only one IP was assigned to the client, and we only got one set of IPv6 traffic selectors. Is there any way to assign two IPv6 addresses, one from fe80:: so the Router Solicitation Router Advertisements work, and one public IPv6 address? Yes, but only if the client requests multiple such addresses. IKEv2 defines these attributes as multi-valued only if multiple values have been requested (see [2]). While one could try to do it nonetheless, I have my doubts that Windows accepts that. When charon is adding traffic selectors for a rightsubnet IPv6 address X, if it also added a traffic selector for fe80::LAST_64_BITS_OF_X, it seems like link-local traffic over the tunnel would Just Work. Is this a reasonable solution (which may require writing code)? So you are suggesting to assign a link-lokal virtual IP, allow the client to do Router Solicitation to get an Advertisement, for which you anticipated the address and included it in your negotiated TS? Or the other way round? If that works with the Windows client, why not. There is a narrow() hook on the listener_t interface [3] that can be used to mangle traffic selectors from a plugin in its NARROW_RESPONDER invocation. Any other ideas on how to get this to work? I'm wondering why this won't work by just assigning the IPv6 virtual IP like it does with IPv4 addresses. Doesn't have the Use default gateway on remote network in the Advanced... settings of the Internet Protocol Version 6 Networking Properties of your client connection have any effect? Does adjusting the metric change anything? Also, one might try to install the connection programmatically using RasSetEntryProperties, as there are some additional options when doing so. The RASEO2_IPv6RemoteDefaultGateway option from [4] really sounds like what you want, but most likely is the same setting as described above. Not sure if anything changes when talking RFC 5739, unfortunately we don't support that extension yet. Another idea is to write a Windows client application that listens for connection events using RasConnectionNotification(), then automatically installs IPv6 routes for the connection. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/forecast [2]http://tools.ietf.org/html/rfc7296#section-3.15.1 [3]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/bus/listeners/listener.h#l218 [4]https://msdn.microsoft.com/en-us/library/windows/desktop/aa377274(v=vs.85).aspx signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StronSwan 5.2.1, Authentication with Radius (multiple rounds RFC 4739)
Hi Michael, 1. users should authenticate with a certificate (optional, but planned for the future) (Certificate is checked by StrongSwan) 2. users should authenticate against our active directory via freeRadius (username + password) 3. users should also enter an OTP (send as SMS by the radius) that is again checked by the freeRadius server. - Is it possible to configure StrongSwan in such a way? Yes. The clean way would use RFC 4739 multiple authentication, where you can define separate authentication rounds. The first would do traditional IKE client certificate authentication, then you could use one round of EAP password authentication, followed by another round of EAP OTP authentication. You could also combine the latter two EAP methods to one, where the user enters the password followed by token into the same password field. A different approach would use EAP-PEAP/TTLS, where the client authenticates with a certificate in the outer EAP method, and uses username/password for the inner method. Usually no client certificate authentication is used in the outer method, though. - Does it work with the tools from Windows 7? Most likely not. As the IKEv2 Agile VPN client does not support RFC 4739, that won't work. The client can use PEAP (and TTLS with Windows 8), but I don't know if/how it is possible to do certificate client authentication in the outer method. Maybe it can be done if Windows finds an appropriate certificate in one of its stores, but I've never tried that. The verifier of PEAP would have to strictly require a client certificate, which strongSwan does not by default. - Should I use the xauth section instead? No, XAuth is IKEv1 only, unless you want to use a third party IKEv1 client. Is there an example for the multiple rounds authentication? The Wiki article about EAPRAdius does describe the multiple rounds feature but I do not know how to combine this with our freeRadius server. The eap-radius plugin itself can do multiple rounds when using XAuth, only. But you can use RFC 4739 to do multiple IKEv2 authentication rounds involving EAP-RADIUS in one or more rounds. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Is it possible to update the host certificate without ipsec restart?
Hi, i need to change the host certificate (/etc/ipsec.d/certs/xxx.pem Certificates from the ipsec.d/certs directory do not get loaded implicitly, but get referenced in your ipsec.conf conn definition. Use ipsec update or ipsec reload to reload the connection, refer to the manpage for details. /etc/ipsec.d/private/xxx_key.pem) Secrets such as private keys are not bound to a connection, use ipsec rereadsecrets to reload an updated private key. and it should reflect for tunnel establishment/rekey without doing ipsec restart. ipsec update/reload does not affect established tunnels, but only the configuration. You'll have to manually terminate any affected connection using ipsec down, and optionally use ipsec up to restart the connection. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Ikev2 Windows 7 and 8
Hi Chris, leftsubnet=10.72.0.0/16,192.168.1.0/24,public ip subnet/29,another public ip subnet/29 On Windows 7 and Windows 8 we can only access the private ip subnets after connecting to strongswan. We have to add manually routes to access the public ip subnet via the tunnel. Is this a known limitation of Windows (route only private subnets)? Yes, I think so. If the Use default gateway on remote network option is set, you get a default route over the VPN interface. If that is unchecked, you have the additional option to Disable class based routing addition. As the text indicates: without a default route, Windows installs Class based routes, which means it installs a route for the network class it gets an IP address for. Without the class based routes, you won't get a route at all. See [1] for some more info. This routing mechanism in Windows RAS is common to all VPN protocols, but unfortunately that limits the capabilities of the IKEv2 protocol. While we can negotiate complex traffic selectors, Windows can't make use of it. For split routing to anything more complex than a single A, B or C network you can't rely on the functionality provided by that client. But as you indicated, manually installing your routes could work. You could even trigger installation programmatically using the Windows RAS API. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#Split-Tunneling-with-IKEv2 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ESN support for IKEv1
ESN support must be negotiated, as defined in RFC 4304, 2.2.1: This of course is RFC 4303 (ESP), sorry for the confusion. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ESN support for IKEv1
Hi, The wiki mentions this ESN support is only for IKEv2. Is it so? Yes. As per my understanding this ESN feature refers to sequence numbers in ESP. So why is this support dependent on version of IKE? ESN support must be negotiated, as defined in RFC 4304, 2.2.1: To support high-speed IPsec implementations, Extended Sequence Numbers (ESNs) SHOULD be implemented, as an extension to the current, 32-bit sequence number field. Use of an ESN MUST be negotiated by an SA management protocol. Note that in IKEv2, this negotiation is implicit; the default is ESN unless 32-bit sequence numbers are explicitly negotiated. ESN negotiation for IKEv1 is defined in RFC 4304, but we currently do not support this extension in strongSwan. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] NAT-T port configuration
Hi, 1. Is it possible to use port other than 4500 for NAT-T UDP encapsulation. If yes how can I configure it ? Yes, with the port_nat_t option in strongswan.conf, refer to [1] for details. To initiate a connection to a host with non-default ports, use the ipsec.conf rightikeport option. Instead of initiating to port 500 and switch to port 4500, you have to directly initiate to the NAT-T port by specifying it with rightikeport. 2. Is it possible to change the keep alive timer interval using strongswan or other methods ? Yes, using the keep_alive option, also described at [1]. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/strongswanConf ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongSwan 5.1.2 on Ubuntu Trusty (14.0.4) and AppArmor
Hi Fabrice, But when i execute ipsec statusall command, it replies : reading from socket failed: Permission denied When i suppress /etc/apparmor.d/usr.lib.ipsec.stroke AppArmor profile, the command replies correctly. We don't ship any AppArmor profiles from upstream, so you most likely should report this issue to Ubuntu. /run/charon.ctl rw, Not sure if/how this is symlinked and what paths have been configured in Ubuntu, but usually that socket is opened over /var/run/charon.ctl. Regards Martin signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ipsec reload fails to kill obsolete connections?
Yves, When we generate a new version of these files we issue an ipsec reload (not just update). I'd expect that to kill connections that are not relevant anymore, but this is not the case ipsec statusall shows them still as defined and up and running. ipsec reload by design does not affect running connections, it reloads the configuration only. You'll have to manually ipsec down any connection instance for affected configurations. Please refer to the discussion at [1] for more information. Regards Martin [1]http://dev.strongswan.narkive.com/sa7nwo4I/strongswan-dev-patch-starter-cleanup-sas-when-deleting-a-connection ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ikev2 strongswan IKE_SA_INIT not have RFC 3947 Specification Vendor ID payload
Hi, During our testing with IKEv2, we found that the 1st packet(IKE_SA_INIT) does not have any information on vendor ID payload which is a MUST criteria as per the RFC. As per the RFC 3947. “In the first two messages of Phase1, the vendor id payload for this specification MUST be sent if supported RFC 3947 defines NAT traversal for IKEv1. The standard does not apply to IKEv2. In IKEv2 NAT traversal is part of the core protocol, as specified in RFC 7296. No vendor ID is required to negotiate NAT traversal, see section 2.23. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan Mac OS X app questions
Ken, Are there any issues with DNS StrongSwan Mac OS X app? The osx-attr plugin prepends the negotiated DNS servers to the currently configured ones. You may check with scutil if that works as expected. Not sure if keeping the current DNS servers installed is the best approach, maybe we should remove the previous servers. But we currently just add them to have them as a fallback. 2. EAP-GTC authentication. I would like to use EAP-GTC authentication with the Mac app and would be willing to modify the app to add this feature. Currently the eap-gtc plugin is not included in the build we provide. But I can do so for a next release. You may also check the build instructions [1] if you want to try that yourself (a note of warning: you need a code signing certificate to get thinks working). 3. Machine authentication. Why doesn’t the Mac app require a client certificate for machine authentication, as is required for the native Mac client? The native OS X client uses IKEv1, and usually XAuth. XAuth does both, Certificate and Password client authentication, but it also can use Hybrid Mode which skips certification authentication. The strongSwan App uses IKEv2, currently with EAP. In that protocol certificate client authentication is not included unless you do EAP-TTLS and a password based EAP method. Of course one could use Multiple Authentication as per RFC 4739, but as of now there is no option to configure that on the client. 4. Password configuration. It would be nice to be able to configure the user’s password, instead of having to enter it on every tunnel invocation. I agree, but such a functionality is still missing. Patches welcome; but we should rely on the Keychain to have some level of security for that password. Does the client cache the password for the entire session lifetime? Does the Mac app present the original password during re-authentication? No, I don't think that makes sense. If you want to re-evaluate user credentials and check if the same user still sits on that client, you'd need to re-prompt for the password. If you don't want to do that, instead of caching the password you may just disable re-authentication on the server, and use rekeying instead. You may do so in ipsec.conf by setting reauth=no. There is no security benefit in going through re-authentaction if you cache the password anyway. While re-prompting for the password in some scenarios might make sense, I don't think that this currently works. So there is probably no way around setting reauth=no on your server. Regards Martin [1]https://github.com/strongswan/strongswan/blob/master/src/frontends/osx/README.md ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Queries on vulnerability fixes
Hi, As per the description of vulnerabilities in above links, the vulnerability is only applicable and will lead to crash in pluto IKE daemon alone. Charon is not mentioned. You should apply these fixes even if using charon only, the libstrongswan code is used by charon. Not sure where this CVE text exactly comes from; our patch notes [1] mention both pluto and charon. We understood that the fix provided for this is @ links http://download.strongswan.org/patches/05_asn1_rdn_patch/strongswan-4.x.x_asn1_rdn.patch http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch You shouldn't miss 06_asn1_time_patch [2]. Also, you may have a look at the security directory [3] to find patches by CVE. Regards Martin [1]http://download.strongswan.org/security/CVE-2009-2185a/strongswan-4.x.x_asn1_rdn.readme [2]http://download.strongswan.org/patches/06_asn1_time_patch/ [3]http://download.strongswan.org/security/ ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Loss of tunnel service while reauthenticating IKE_SA?
Hi Tom, Is there a reason that, when using two Strongswan endpoints, one would not choose reauth=no? Yes. Reauthentication re-evaluates authentication credentials, checks the certificate status or rechecks permissions in the AAA backend. IKE_SA rekeying, as used with reauth=no, only refreshes key material, but does not verify the peer credentials. It seems to me that using reauth=no would result in fewer traffic interruptions, unless I have missed something. Yes. However, with the upcoming 5.3.0 release, we will introduce support for make-before-break re-authentication, which establishes the new tunnel with all CHILD_SAs before closing the old one, basically avoiding any interruptions. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] High availability failover problem
Hi, Is it essential for both nodes to receive all the ESP packets? Yes. Cannot be ESP sequence numbers synchronized through the HA plugin? No, this is not how the HA plugin works. ESP sequence numbers move very fast, making a synchronization in userland difficult. You may try to synchronize sequence numbers by other means, but we don't provide any solution beyond our ClusterIP patches. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] unable to install policy 192.168.0.0/16 === 10.176.0.0/13 in (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists
On Sam, 2015-03-07 at 21:52 +, Tormod Macleod wrote:
Hello,
I'm getting the above error when rekeying. I think it might be related to
issue #431? I've tried the workaround of setting reauth=no but this did not
resolve the issue. I have only started running into this since we started
using more than one subnet in the left side of the connection.
If no traffic goes between 10.130.0.0/16 === 192.168.0.0/16 and that tunnel
is never brought up the other tunnel will remain up and rekey without any
problem. However, as soon as traffic goes between 10.130.0.0/16 ===
192.168.0.0/16 the next rekey fails and both tunnels are brought down. If I
wait a few seconds and then send traffic from the right the tunnel(s) will
come back up but traffic from the left never re-establishes either tunnel.
Here's the log
leftsubnet=10.176.0.0/13,10.130.0.0/16
leftid=1.1.1.1
leftfirewall=yes
right=2.2.2.2
rightsubnet=192.168.0.0/16
rightid=2.2.2.2
auto=start
ike=aes128-md5-modp1536
esp=aes128-sha1
reauth=no
Here's the log entry from the device on the right (Cisco ASA 9.1(3))
Mar 4 17:01:19 [10.1.1.12.2.2] Mar 04 2015 17:01:19 Iona-VPN-FW :
%ASA-4-113019: Group = 1.1.1.1, Username = 1.1.1.1, IP = 1.1.1.1, Session
disconnected. Session Type: LAN-to-LAN, Duration: 0h:58m:34s, Bytes xmt:
2479, Bytes rcv: 5233, Reason: Lost Service
This is the status just prior to rekeying
Wed Mar 4 16:58:12 GMT 2015
Status of IKE charon daemon (strongSwan 5.2.2, Linux
2.6.32-504.8.1.el6.x86_64, x86_64):
uptime: 55 minutes, since Mar 04 16:02:59 2015
malloc: sbrk 270336, mmap 0, used 215968, free 54368
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 3
loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem
fips-pr
f gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown
xauth-generic unity
Listening IP addresses:
10.180.0.12
Connections:
Iona-VPN-FW: 10.180.0.12...2.2.2.2 IKEv2
Iona-VPN-FW: local: [1.1.1.1] uses pre-shared key authentication
Iona-VPN-FW: remote: [2.2.2.2] uses pre-shared key authentication
Iona-VPN-FW: child: 10.176.0.0/13 10.130.0.0/16 === 192.168.0.0/16 TUNNEL
Security Associations (1 up, 0 connecting):
Iona-VPN-FW[1]: ESTABLISHED 55 minutes ago,
10.180.0.12[1.1.1.1]...2.2.2.2[2.2.2.2]
Iona-VPN-FW[1]: IKEv2 SPIs: 550d0c34bc66ce4e_i* da285a283fb7a4d1_r, rekeying
in 23 hours
Iona-VPN-FW[1]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_SHA1/MODP_1536
Iona-VPN-FW{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: ccb6a085_i ad93852a_o
Iona-VPN-FW{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 360 bytes_o (9 pkts,
2965s ago), rekeying in 33 seconds
Iona-VPN-FW{1}: 10.176.0.0/13 === 192.168.0.0/16
Iona-VPN-FW{2}: INSTALLED, TUNNEL, ESP in UDP SPIs: c01ce92f_i 0a7d4641_o
Iona-VPN-FW{2}: AES_CBC_128/HMAC_SHA1_96, 2479 bytes_i (17 pkts, 3272s
ago), 4873 bytes_o (15 pkts, 3272s ago), rekeying in 2 seconds
Iona-VPN-FW{2}: 10.130.0.0/16 === 192.168.0.0/16
Shortly afterwards it's like this
Wed Mar 4 16:58:42 GMT 2015
Status of IKE charon daemon (strongSwan 5.2.2, Linux
2.6.32-504.8.1.el6.x86_64, x86_64):
uptime: 55 minutes, since Mar 04 16:02:58 2015
malloc: sbrk 270336, mmap 0, used 216192, free 54144
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 4
loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem
fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke
updown xauth-generic unity
Listening IP addresses:
10.180.0.12
Connections:
Iona-VPN-FW: 10.180.0.12...2.2.2.2 IKEv2
Iona-VPN-FW: local: [1.1.1.1] uses pre-shared key authentication
Iona-VPN-FW: remote: [2.2.2.2] uses pre-shared key authentication
Iona-VPN-FW: child: 10.176.0.0/13 10.130.0.0/16 === 192.168.0.0/16 TUNNEL
Security Associations (1 up, 0 connecting):
Iona-VPN-FW[1]: ESTABLISHED 55 minutes ago,
10.180.0.12[1.1.1.1]...2.2.2.2[2.2.2.2]
Iona-VPN-FW[1]: IKEv2 SPIs: 550d0c34bc66ce4e_i* da285a283fb7a4d1_r, rekeying
in 22 hours
Iona-VPN-FW[1]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_SHA1/MODP_1536
Iona-VPN-FW[1]: Tasks queued: CHILD_REKEY
Iona-VPN-FW[1]: Tasks active: CHILD_REKEY
Iona-VPN-FW{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: ccb6a085_i ad93852a_o
Iona-VPN-FW{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 360 bytes_o (9 pkts,
2996s ago), rekeying in 2 seconds
Iona-VPN-FW{1}: 10.176.0.0/13 === 192.168.0.0/16
Iona-VPN-FW{2}: REKEYING, TUNNEL, expires in 4 minutes
Iona-VPN-FW{2}: 10.130.0.0/16 === 192.168.0.0/16
This is the status immediately before the tunnel is torn down
Wed Mar
Re: [strongSwan] High availability failover problem
Aleksey, when I test failover [...], traffic won't flow through standby node until rekey on child SA is done To me this sound like an ESP sequence number issue. I assume you have patched your kernel to include our ClusterIP IPsec extensions, as discussed at [1]. You may find some never patches in the ha-* tags/branches at [2]. Then you should check if ClusterIP works as expected, and both on the inbound and outbound paths the ESP packets hit both nodes. If this is the case, ClusterIP can keep ESP sequence numbers in sync on the passive node. If that all works as expected, try to compare the sequence numbers before and after failover. Linux drops packets with an already used sequence number silently, but /proc/net/xfrm_stats (requires CONFIG_XFRM_STATISTICS) has some counters that can help in analyzing why packets get dropped. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability [2]http://git.strongswan.org/?p=linux-dumm.git;a=summary ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] unable to install policy 192.168.0.0/16 === 10.176.0.0/13 in (mark 0/0x00000000) for reqid 2, the same policy for reqid 1 exists
Hi,
Sorry for my previous mail, this time with some content:
I have only started running into this since we started using more than
one subnet in the left side of the connection.
leftsubnet=10.176.0.0/13,10.130.0.0/16
rightsubnet=192.168.0.0/16
Iona-VPN-FW[1]: IKEv2 SPIs: 550d0c34bc66ce4e_i* da285a283fb7a4d1_r, rekeying
in 23 hours
Iona-VPN-FW{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: ccb6a085_i ad93852a_o
Iona-VPN-FW{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 360 bytes_o (9 pkts,
2965s ago), rekeying in 33 seconds
Iona-VPN-FW{1}: 10.176.0.0/13 === 192.168.0.0/16
Iona-VPN-FW{2}: INSTALLED, TUNNEL, ESP in UDP SPIs: c01ce92f_i 0a7d4641_o
Iona-VPN-FW{2}: AES_CBC_128/HMAC_SHA1_96, 2479 bytes_i (17 pkts, 3272s
ago), 4873 bytes_o (15 pkts, 3272s ago), rekeying in 2 seconds
Iona-VPN-FW{2}: 10.130.0.0/16 === 192.168.0.0/16
Actually, what you have configured and what got negotiated doesn't
really match. If you have multiple subnets in a connection, these should
get negotiated in a single CHILD_SA. However, you have multiple
CHILD_SAs, most likely because your peer prefers to negotiate that.
You may try to configure separate CHILD_SAs for your subnets. With
ipsec.conf, you'll have to define separate conn entries with the same
base settings, but different subnet configurations. charon automatically
merges such configurations to negotiate them under the same IKE_SA.
Mar 4 16:58:14 ip-10-180-0-12 charon: 16[ENC] generating CREATE_CHILD_SA
request 2 [ N(REKEY_SA) SA No TSi TSr ]
Mar 4 16:58:14 ip-10-180-0-12 charon: 16[NET] sending packet: from
10.180.0.12[4500] to 2.2.2.2[4500] (332 bytes)
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[NET] received packet: from
2.2.2.2[4500] to 10.180.0.12[4500] (236 bytes)
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[ENC] parsed CREATE_CHILD_SA
response 2 [ SA No TSi TSr ]
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
10.176.0.0/13 === 192.168.0.0/16 out (mark 0/0x) for reqid 2, the
same policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
192.168.0.0/16 === 10.176.0.0/13 in (mark 0/0x) for reqid 2, the same
policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
192.168.0.0/16 === 10.176.0.0/13 fwd (mark 0/0x) for reqid 2, the
same policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
10.176.0.0/13 === 192.168.0.0/16 out (mark 0/0x) for reqid 2, the
same policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
192.168.0.0/16 === 10.176.0.0/13 in (mark 0/0x) for reqid 2, the same
policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[CFG] unable to install policy
192.168.0.0/16 === 10.176.0.0/13 fwd (mark 0/0x) for reqid 2, the
same policy for reqid 1 exists
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[IKE] unable to install IPsec
policies (SPD) in kernel
Mar 4 16:58:14 ip-10-180-0-12 charon: 09[IKE] failed to establish CHILD_SA,
keeping IKE_SA
Because of this mismatch between configuration and negotiated SAs, it
seems that when rekeying the selectors negotiated do not match the
previous CHILD_SA, but the other one separately negotiated.
I think you should change your configuration to use separate CHILD_SAs,
or try to negotiate all subnets under a single CHILD_SA on the Cisco
side. If that doesn't work, you may try a build from git sources; we
recently merged changes that avoid these policy conflicts. But most
likely you'll end up with the wrong selectors after rekeying the
CHILD_SA.
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] High availability failover problem
Then you should check if ClusterIP works as expected, and both on the inbound and outbound paths the ESP packets hit both nodes. To clarify, on the outbound path this of course is plain traffic subject to ESP encapsulation. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Performance with lots of tunnels and (XFRM) policies
Noel, I would like to know how the performance of strongswan/Linux is with about 1000 established tunnels and ~3000 (XFRM) policies. I think XFRM policy lookup in the kernel scales fine, handling ~3000 policies shouldn't be a problem at all. How much traffic can be forwarded? Is the performance hit because of the large number of policies in any way significant? I don't think so; IPsec throughput is mostly limited by your raw crypto performance. Of course working on many SAs may reduce the efficiency of your CPU caches compared to a single SA carrying all the traffic. In the end you'll have to test your setup on your hardware to get any useful answers. Given that some strongSwan installations handle ~100'000 tunnels just fine, scaling to 1000 active tunnels is no rocket science. Regards Martin signature.asc Description: This is a digitally signed message part ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Windows 2008 R2 to Linux connection issues
Hi, 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 13[NET] sending packet: from 10.1.186.35[500] to 10.1.186.174[500] (432 bytes) 17[KNL] WFP MM failure: 10.1.186.35/32 === 10.1.186.174/32, 0x3601, filterId 0 Have you disabled the IKEEXT Windows IKE service? The service must be disabled, as it binds to the same UDP ports and intercepts packets. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Usage questions: DPD and auto=
Hi Tom, 1.) Since IKEv2 does not use DPD, should one omit the dpdaction directives from ipsec.conf for a connection using IKEv2? While IKEv2 does not use DPD, it provides a very similar mechanism called liveness checks. The dpdaction and dpddelay keywords work for both IKEv1 and IKEv2 in strongSwan. The dpdtimeout value is ignored for IKEv2 connections, as the default retransmission timeout mechanism is used to detect a non-responsive peer. 2.) Is it appropriate to use auto-route on both ends of a tunnel [...] avoid issues when both ends try to bring the tunnel up at the same time? Usually yes. There is a risk of tunnel duplicates if both peers initiate simultaneously, it depends on your traffic/setup if this can be an issue. Having a replace uniqeids policy can help as well. In the next 5.3.0 release or a build from our git tree, we actively avoid any CHILD_SA setup conflicts by using a global reqid allocation mechanism. While this can't eliminate the risk of duplicated tunnels, traffic should flow nonetheless over such SAs. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Charon reset
Ken, The initiator received signal 6 (SIGABRT) after eight hours of operation. Actually, the offending signal is SIGSEGV (11). charon catches that, prints a backtrace, and then calls abort() to terminate itself. I have a ~182MB core file from the initiator. How can I get it to you? I don't think that helps much, as I can't analyze that without your build and environment. #2 0x00401393 in segv_handler (signal=11) at charon.c:199 #5 0x7f5e63cf48ac in certs_filter (data=0x7f5e280033e0, in=0x7f5e50c6caf8, out=0x7f5e50c6cba8) at credentials/sets/mem_cred.c:93 #6 0x7f5e63ce6a55 in enumerate_filter (this=0x7f5e28003000, o1=0x7f5e50c6cba8, o2=0x7f5e63ce6ce0, o3=0x40, o4=0x7f5e2888, o5=0x1) at collections/enumerator.c:525 #7 0x7f5e63ce6953 in enumerate_nested (this=0x7f5e280033a0, v1=0x7f5e50c6cba8, v2=0x7f5e63ce6ce0, v3=0x40, v4=0x7f5e2888, v5=0x1) at collections/enumerator.c:448 #8 0x7f5e63cf35c0 in get_cert (this=value optimized out, cert=value optimized out, key=value optimized out, id=value optimized out, trusted=value optimized out) at credentials/credential_manager.c:269 #9 0x7f5e63890535 in process_certreq (this=0x7f5e34001040, message=value optimized out) at sa/ikev2/tasks/ike_cert_pre.c:85 #10 process_certreqs (this=0x7f5e34001040, message=value optimized out) at sa/ikev2/tasks/ike_cert_pre.c:142 #11 0x7f5e63890acb in process_i (this=0x7f5e34001040, message=0x7f5e44000ff0) at sa/ikev2/tasks/ike_cert_pre.c:524 #12 0x7f5e63886bce in process_response (this=0x7f5e34000b20, msg=0x7f5e44000ff0) at sa/ikev2/task_manager_v2.c:538 charon crashes while looking up the CA certificate that the peer indicates trust in by sending a CERTREQ payload. Never seen that, likely that one of the in-memory certificate instances is corrupt, and/or that something is wrong with the refcounting of such a certificate. You may further analyze the issue by inspecting the data and cert objects in frame #5 at credentials/sets/mem_cred.c:93. 01[IKE] reauthenticating IKE_SA cazena-pdc[3] [...] 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] [...] 09[DMN] thread 9 received 11 Is this issue reproducible every time? With a constant tunnel uptime? Can you reduce the time-to-crash if you reduce the re-authentication interval configured with the ipsec.conf ikelifetime option? Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Charon reset
I will try to more quickly produce the crash by setting ikelifetime.
Is there a recommended (or minimum) value?
You may set it to 30s or so, but make sure to adjust
rekeymargin/rekeyfuzz accordingly.
(gdb) p *cert
$4 = {get_type = 0xd30fe0, get_subject = 0x7f5e631a9ed8 main_arena+88,
has_subject = 0, get_issuer = 0,
has_issuer = 0x7f5e5d7cdb00 has_issuer, issued_by = 0x7f5e5d7ce0a0
issued_by,
get_public_key = 0x7f5e5d7cdb10 get_public_key, get_validity =
0x7f5e5d7ce030 get_validity,
get_encoding = 0x7f5e5d7cdcb0 get_encoding, equals = 0x7f5e5d7d3930
equals, get_ref = 0x7f5e5d7cdfa0 get_ref,
destroy = 0x7f5e5d7ce780 destroy}
That certificate instance is definitely corrupted, most likely a
reference counting issue.
http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8ca9a67fa
You definitely should give that commit referenced by Tobias a try.
Either apply the patch manually to your build, or upgrade to at least
version 5.2.1.
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Charon reset
Hi Ken, 09[DMN] thread 9 received 11 09[LIB] dumping 2 stack frame addresses: 09[LIB] /lib64/libpthread.so.0 @ 0x7fb8fd3ab000 [0x7fb8fd3ba710] 09[LIB] - sigaction.c:0 09[LIB] /lib64/libc.so.6 @ 0x7fb8fce13000 [0x7fb8fd1a2ed8] 09[LIB] - interp.c:0 09[DMN] killing ourself, received critical signal Hard to say what exactly causes this, the backtrace does not provide much information. Unlikely that this is actually raised from interp.c. Is there any other data I could retrieve? If I rerun the test, is there any other debugging to enable? A sane backtrace from gdb could certainly help. Either make sure to create a core file on crashes for later evaluation, or attach a debugger to charon while it is running. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [strongSwan-dev] need for calling TASK_IKE_CONFIG before TASK_CHILD_CREATE in task_manager_v2.c
My understanding was ip address assignment to interface can happen later after child SA is negotiated with tunnel end point using the virtual ip stored in the Strongswan internal data structures. No, this won't work. Negotiating the CHILD_SA installs IPsec SAs and policies to the kernel, along with a source route to actually make use of these policies. If the virtual IP is not installed to the kernel, installing the source route is not possible. Not sure what you want to achieve by deferring virtual IP installation, but that won't work with the way strongSwan handles CHILD_SA setup. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [strongSwan-dev] need for calling TASK_IKE_CONFIG before TASK_CHILD_CREATE in task_manager_v2.c
Hi, What is the need for activate the TASK_IKE_CONFIG before TASK_CHILD_CREATE. While these tasks get executed during the same exchange(s) with an IKE_AUTH piggybacked CHILD_SA, the order is still important. If a virtual IP is negotiated, this must be done beforehand. The CHILD_SA IPsec policy usually depends/derives from that virtual IP, as the tunnel usually is negotiated explicitly to the assigned IP. Logically ip address assignment should succeed TASK_CHILD_CREATE. No, that won't work in strongSwan. CHILD_SA setup depends on the virtual IP to install IPsec policies and associated routing entries. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] StrongSwan - Mac OS X IPsec tunnel stops forwarding traffic
Hi, StrongSwan V5.2.0 is configured to be an IPsec VPN gateway on a Linux machine. A Mac laptop connects to it using the native Mac OS X v10.10.2 Cisco IPsec VPN client. The connection is established and works well for roughly 6,516 seconds (1 hour, 48 minutes, 36 seconds; or ~108 minutes) at which point the tunnel stops forwarding traffic. As your strongSwan log is (too) verbose, your syslogger starts dropping messages. Please reduce your log verbosity to the default level, and if your syslogger still drops messages, directly log to a file. Without looking further at your log, most likely you are seeing the usual re-authentication issue with the native OS X client. Usually this happens a little sooner, though, but have a look at the discussion at [1]. We strictly require an XAuth exchange during ISAKMP re-authentication; the native OS X client does not support that. We can't/won't support just skipping XAuth, but think this is a (security) bug in the OS X client. Unfortunately, Apple seems to think differently. A work-around is to switch to xauth-noauth, and solely rely on the client certificate for authentication. If that is not an option, you should consider a different client. Regards Martin [1]https://lists.strongswan.org/pipermail/users/2013-February/004254.html ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Some IKEv2 questions
Of not is Section 3.12.1: Dead Peer Detection is implemented only for server-to-server site-to-site-tunnel mode IPsec tunnels on Windows Server 2012 and Windows Server 2012 R2. Dead Peer Detection is not implemented on Windows 8 or Windows 8.1 for IKEv2-based VPN (that is, VPN Reconnect). Not sure what exactly Microsoft means with that, but I can't confirm it. At least with the Windows 7 agile VPN client (as configured through RAS), IKEv2 liveness checks work just fine. In IKEv2, it is actually not called Dead Peer Detection, but liveness checks. And these are not optional to implement as exchange responder, but part of the core standard. Most likely Microsoft refers with that to IKEv1 DPD defined in RFC 3706, but implementing that for IKEv2 obviously makes no sense. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Some IKEv2 questions
Hi, Can I support different types of authentication method simultaneously for IKEv2? i.e. can I support both PEAP-MSCHAPv2 and EAP-TLS at the same time ? As initiator/client, you can configure leftauth=eap without a method to authenticate with whatever the responder offers. On the responder, you may define multiple connections, but need a selector (for example the client or server IKE identity) to choose the configuration with the appropriate EAP method. Having two IKE conn sections which differ in only authentication means I need to use eap-dynamic? With eap-dynamic you can propose a preferred method as responder, but fall back to a different method if the client sends EAP-NAK. What other types of client certificate based auth is possible over IKEv2 (mainly to improve my understanding!)? IKEv2 supports certificate authentication without EAP, which is much simpler and faster. Actually, certificate based EAP authentication is preferable for very special use cases only, for example if you delegate authentication to an AAA backend, or have clients that require that (Windows with Smartcard/User certificates). Finally, my tunnel doesn't seem to remain established (is this normal behaviour and what further information could I provide here?): No, the log file probably has more information why the tunnel gets closed. Currently I need to bring the tunnel up on the device manually when it's down. Sending traffic isn't enough. This is intended by auto=start. Use auto=route to install a trap policy that triggers the tunnel, refer to the ipsec.conf manpage for details. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Some IKEv2 questions
Kindly asking to keep the discussion on the list, thanks. IKEv2 supports certificate authentication without EAP, which is much simpler and faster. Would I be able to do this with the StrongSwan applet for Mac OS X ? No, the strongSwan OS X App currently supports EAP-MSCHAPv2 only using username/password. What auth type is this? I'll read up on it in the man page. In ipsec.conf, you configure rightauth=pubkey. Mar 4 10:02:05 foo charon: 15[IKE] sending DPD request Mar 4 10:02:05 foo charon: 15[ENC] generating INFORMATIONAL request 0 [ ] Mar 4 10:04:50 foo charon: 02[IKE] giving up after 5 retransmits Your client does not answer to liveness checks. Most likely the packets get lost, or the client does not answer. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Nested IPsec Tunnels
Hi Ryan, I have an application scenario where I need to test Nested IPsec Tunnels. I googled and came up with some old threads talking about how this isn't supported with strongSwan unless I use two boxes, or a VM to route the traffic through again. Is this still the case? Yes, this is still the case. To manage its own tunnels, IKE traffic must be exempted from the negotiated tunnel. strongSwan does this globally using IPsec bypass policies. This implies that IKE never goes over any negotiated tunnel, and prevents nested tunnels. So unless you want to change that IPsec bypass policy behavior, running one instance in a VM is probably the best option. Maybe even running two strongSwan instances in their own network namespace works, but I've never tried that. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] HA plugin: stopping charon does not remove IKE_SA/CHILD_SA from other nodes
Hi, In that particular configuration (no monitoring/heartbeat) stopping charon on the active node should clear the connections on the remote gateway (OK) and on the other node (not OK), right? The active node will delete the IKE_SA, and send a close event to the passive node. If you are not using the ha plugin heartbeat, you probably should make the other node active first (responsible for all IKE_SAs) before shutting down a node. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Working simple setup was working, now no packets pass
Hi James, Here's the log with error... 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ] 08[NET] sending packet: from server.external.ip[4500] to client.external.ip[15546] (2204 bytes) 11[NET] received packet: from client.external.ip[15546] to server.external.ip[4500] (1916 bytes) 11[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] 11[IKE] received retransmit of request with ID 1, retransmitting response I don't see much of an error here. The client is successfully authenticated and the SA is set up. The client retransmits the IKE_AUTH request, most likely because the first IKE_AUTH response gets lost. Please check where/why the message gets lost if this is reproducible, and what the error is on the client. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] xAuth request for VICI
Hi Sam,
1) Is there alternative for 'leftfirewall=yes' in the VICI interface to
automatically setup iptables rules?
There is no option for the default updown script, but you may manually
specify ipsec _updown in the CHILD_SA updown configuration option.
2) What is the syntax for loading a secret in via VICI. My current format (
`load_shared({'type': 'xauth', 'data': 'test : XAUTH test'})` ) says it
loads successfully but does not authenticate.
data takes the raw secret string (test) only. The type is defined
with the type keyword, and associated identities in a owners list of
identity strings.
Regards
Martin
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] deleting half open IKE_SA after timeout
Hi Denis 07[ENC] generating ID_PROT response 0 [ ID CERT SIG ] 07[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (1660 bytes) 07[ENC] generating TRANSACTION request 2234314252 [ HASH CPRQ(X_USER X_PWD) ] 07[NET] sending packet: from 179.179.179.179[4500] to 46.211.133.122[39592] (76 bytes) 10[IKE] sending retransmit 1 of request message ID 2234314252, seq 1 strongSwan requests XAuth authentication from the client, but the client does not seem to answer. Either it does not get the message, the user is not entering the credentials in time, or more likely, it does not expect an XAuth username/password request. Most likely your client is not configured to do XAuth, or it is one of those clients that want to skip XAuth authentication during the ISAKMP reauthentication procedure (iOS, OS X). We strictly require that, as we think just skipping XAuth is a security issue. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] HA plugin: stopping charon does not remove IKE_SA/CHILD_SA from other nodes
When charon is stopped on one of the nodes, DELETE are sent to the remote hosts: Actually, it should not if it has an active heartbeat connection with the other node. If a node knows that another node is active, it should deactivate all responsible segments locally before shutting down, and omit any delete messages. The other node takes over responsibility for all SAs. I haven't tested that code in a while, but it definitely did work if monitoring/heartbeat is active, see [1]. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/ha/ha_segments.c;h=fc7d7a8b;hb=HEAD#l240 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] xAuth request for VICI
Hi, Your fix to use the ordered dictionary worked perfectly. Thank you very much. It is now accepting vpn connections. Great. I'll check how we can mention that issue in the documentation. Regarding the `vips` configuration, I thought that it was the replacement for the `rightsourceip` option in ipsec.conf (obviously I misinterpreted the documentation). No, the rightsourceip option is separated in swanctl.conf/vici to the pools and vips options for servers and clients, respectively. It does work when I create a pool as you specified, but if I want to give each connection a static pre-determined ip is there anyway to do that other than creating a pool for each connection? No, currently there is no way to directly specify an address with the pools option. You have to use dedicated pools, or use a pool backend that supports static leases (attr-sql). Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] multiple addresses for the left|right option
Hi, I am wondering how the specification of multiple addresses in the left|right option works. right=134.111.75.171,134.111.75.172 The right option can take multiple addresses, but only to match the connection when responding to initiators. For example, how many kernel policies I should have seen if I have the left with one single address and the right with two specific address left/right does not directly specify the selectors/policies negotiated, leftsubnet/rightsubnet does. leftsubnet/rightsubnet default to %dynamic, which gets replaced dynamically with the peer endpoints (or an assigned virtual IP). So the selector does not get extended to what you configure in right, but what addresses are used for the IKE exchange (usually just one of them). If you want to negotiate additional/different selectors, specify them in leftsubnet/rightsubnet instead. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] stateless high availability
Hi, Is there a way to configure a device to connect to a gateway [ eg 10.1.1.254]. If that gateway fails [ detected via DPD],it would connect to 10.1.1.253 [ his backup gateway]? No, specifying fallback addresses is currently not implemented in strongSwan. I've tried with right=10.1.1.254,10.1.1.253 Specifying multiple addresses is supported, but it currently works only for matching the endpoints of connection attempts to configurations. it does not seems to work [ it expects an identity 10.1.1.254,10.1.1.253 on the remote. rightid defaults to right, so if you have more than a single address, you should define rightid explicitly. But as said, having multiple addresses in right currently does not what you intend. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] sonicwall with main mode
Hi, rightid=001122334455667788 *IDir '62.43.189.77' does not match to '001122334455667788*' Your Sonicwall uses '62.43.189.77' as its identity. Your strongSwan configuration strictly requires '0011223344556677880' as defined by rightid. Either change your Sonicwall or your strongSwan configuration to define the same identity for the Sonicwall. And the usual word of warning: Using psk + xauth is not recommended, as you can't use different PSK secrets in Main Mode for different clients. This allows any client to impersonate the gateway with that PSK. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] strongswan retransmit request problem
Hi, I'm trying to setup strongswan 5.2 but am experiencing problems where the leftside can't seem to connect to the right side and keeps retransmitting the request till it times out. Most likely this is a connectivity or firewalling issue. You should check where that IKE_SA_INIT message gets lost. Open up any firewall in between for UDP ports 500 and 4500 and ESP. I do notice in the log file that this error occurs unable to load 3 plugin features (3 due to unmet dependencies) but do not know if it is related to the problem? It's not, this is just an unrelated warning. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] xAuth request for VICI
Sam, test: remote: uses XAuth authentication: any test: remote: [C=US, O=xx, CN=test] uses public key authentication The order of remote authentication rounds is wrong; XAuth follows public key, not vice-versa. As your config tree looks correct, most likely the order of authentication rounds gets swapped. The order must be preserved in your dictionary to make that work. Are you using the Python library? I think ruby gets this right, as it is guaranteed that Hashes enumerate their values in the order that the corresponding keys were inserted.. Probably not true for Python. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] xAuth request for VICI
Are you using the Python library? I think ruby gets this right, as it is guaranteed that Hashes enumerate their values in the order that the corresponding keys were inserted.. Probably not true for Python. Maybe using collections.OrderedDict to define your tree helps. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Regarding strongswan UCI support
Hi, I am not observing init script to configure ipsec.conf and ipsec.secrets from /etc/config/strongswan configuration file. Is this available in any patch or in any other release? where can I find the init script for it? We don't provide any init scripts from upstream (beside some systemd service files); you'll have to use those provided by your distribution, or write them yourself. I have one more question, As per my understanding UCI infra will take the configuration from /etc/config/module and update the module's configuration file and reload/restarts the daemon. Then what is the role of UCI plugin in strongswan? Not sure what exactly OpenWRT provides. Does it generate ipsec.conf? The strongSwan uci plugin is a configuration plugin in which the daemon directly reads connection definitions from UCI files. It is rather limited, and didn't get much love during the last years. It does not provide enough functionality for anything more than trivial PSK configurations. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] xAuth request for VICI
Hi, I have attempted to create the same configuration using a call to the VICI with this dictionary: Have you tried to configure that in swanctl.conf to avoid any problems with your dictionary? Here such an XAuth configuration works fine when defined in swanctl.conf. This keeps returning this error: `1 config found, none that allow xAuthInitRSA using MainMode` Not sure what exactly goes on. Can you confirm the the connection has been successfully loaded. What's the output of ipsec statusall (or swanctl --list-conns)? 'vips' : ['10.0.0.5'], This is probably not what you want, vips requests a virtual IP. Use the pools keyword and the appropriate pools section to define virtual IP pools, refer to swanctl.conf(5) for details. This is probably not the root cause of your issue, though. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Query on client authentication using EAP-TLS
Hi Akash, no TLS peer certificate found for '223456789123...@nai.epc.mnc213.mcc090.3gppnetwork.org', skipping client authentication EAP_TLS method failed As the TLS stack does not find a usable certificate with a private for your ID, it skips client authentication. Your server most likely requires that, though, and therefore cancels the TLS handshake. Check if you have configured the private key for your client certificate in ipsec.secrets, there is no related error in the startup log and that ipsec listcerts shows has private key for your client certificate. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Cannot get eap-radius working on Strongswan 5
Hi, My new setup uses MD5 passwords in Radius, while my old config used NT-hash. It seems now with radius-eap I have problems authenticating against the MD5 passwords. It is using eap-mschapv2 and it seems it is not a supported combination - This can't work, a server verifying clients with EAP-MSCHAPv2 needs the plain password or the NT-Hash of it. Any other password hash can't work with that protocol. Can I use other method from strongswan to authenticate against radius server with md5 passwords? This depends on your client. If you have Windows clients, there is probably no way around EAP-MSCHAPv2 for password authentication. Our EAP-GTC plugin exchanges plain passwords, so you basically could store password with any hash, but no such method is supported by Windows clients (and I don't know about FreeRADIUS). Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] [strongSwan-users] When Tunnel mode Becomes Transport Mode
Hi Daniel, [...] think of a typical Site-to-Site scenario where Subnets are protected by their respective gateways. However, the expert told me that it is possible to use Transport Mode instead of Tunnel Mode for this scenario a well. As the endpoints that communicate from within the subnets are different from the gateways that apply encryption, usually tunnel mode is used. This allows the gateways to communicate with their addresses, and hide the endpoint addresses in encrypted tunnel mode packets. For this Use Case to happen, the gateways must not encapsulate the entire IP packets (as Tunnel Mode does) but just need to do the routing task and cipher the data. It means that the gateways cipher the L4-7 data without changing the original IP header. Theoretically this could work, where each gateway intercepts packets and en/decrypts them as a man in the middle. So this would be some kind of transparent inline encryption; if routing your subnets works outside of these subnets, that could work. With IKE(v2), however, the ESP packet addresses (both in tunnel and transport mode) are implicitly the same addresses used for IKE negotiation. This implies that you can't actually negotiate SAs from your gateway for your inner subnet addresses, unless you mangle IKE addresses as well (or do other tricks). 1. Have anyone seen this Use Case working before? If yes, How/Which implementation/hardware does so? I didn't. 2. I know that Transport Mode is used for End-Point to End-Point communications where data plane is generated from/to end-points. But, Does StrongSwan support this kind of Site-to-Site communications in Transport Mode? What we support in strongSwan is a transport-proxy mode for Mobile IPv6, refer to the ipsec.conf manpage type keyword. It basically allows the IKE daemon to use the Care-of-Address, but negotiate SAs for the Home Address. Policy installation is up to a Mobile IP daemon, though. From our NEWS: - Basic Mobile IPv6 support has been introduced, securing Binding Update messages as well as tunneled traffic between Mobile Node and Home Agent. The installpolicy=no option allows peaceful cooperation with a dominant mip6d daemon and the new type=transport_proxy implements the special MIPv6 IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address but the IPsec SA is set up for the Home Address. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Cannot get eap-radius working on Strongswan 5
Hi Milen, 07[IKE] initiating EAP_IDENTITY method (id 0x00) 07[IKE] peer supports MOBIKE 07[IKE] authentication of '[...]' (myself) with RSA signature successful 07[IKE] sending end entity cert [...] 07[ENC] generating IKE_AUTH response 1 [IDr CERT AUTH EAP/REQ/ID ] 07[NET] sending packet: from 5.6.7.8[4500] to 1.2.3.4[4500] (1380 bytes) 08[JOB] deleting half open IKE_SA after timeout The client requests EAP authentication, and your Gateway correctly sends an EAP-Identity request along with a signature and certificate to authentication itself to the client. The client, however, never continues negotiation. Most likely it didn't accept the AUTH signature or the corresponding certificate. You may check your clients log for any error, most likely the gateway certificate is not trusted on the client. I don't think this issue is directly related to RADIUS authentication, your AAA is not yet involved at this stage. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] How to send IDi and DN separately?
Hi, How to send IDi and DN separately such that DN doesn't overwrite IDi? strongSwan requires that the IDi matches one of the identities in the certificate, and enforces that if it does not. To use a different ID, you should include that ID as subjectAltName in your certificate. If you really need a different ID, you might look at the two patches from [1] (you might need to port them to a newer release). It allows you to set the cert_id_binding option to false. This is really not recommended, though, and you should be aware of the security implications this has... Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/cert-id-binding-option ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Building without Kernel support
Hi Ryan, I’m trying to build strongSwan without Kernel dependencies. I’d like to use something like the lib-ipsec module (but modified), to receive the child SA’s for use on a crypto processor. strongSwan has different kernel backends. If you don't want to use one of ours, you might provide your own. But you need both a kernel-ipsec and a kernel-net backend plugin implementing the appropriate interfaces. The default kernel-netlink backend provides both, a kernel-net and a kernel-ipsec backend, refer to the sources for details. You may use that plugin as a template to implement your own, or even reuse some functionality such as the kernel-net part of it. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] ikev2 eap-radius ttls pap
Hi Thomas, is it possible to uses strongswan with eap-ttls and pap? EAP-TTLS in strongSwan currently supports tunneling other EAP methods only. PAP is not an EAP method, but a different protocol for password authentication. Plain (non-EAP) PAP, CHAP or MSCHAP is not supported in our EAP-TTLS implementation. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IKEv2 redirect support?
Hi Ryan, Does strongSwan currently support RFC-5685, IKEv2 redirect? No, RFC 5686 is currently not supported by strongSwan. At this time we have no plans to implement this extension. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] INITIAL_CONTACT notification in responder mode
Hi Pavan, My question is whether INITIAL_CONTACT notification can be sent in IKE_AUTH response? If yes, in which condition this notification will be sent by responder? Theoretically yes, but strongSwan never sends INITIAL_CONTACT as responder, only as initiator. While sending the notify as initiator can help to clean up any dangling IKE_SA for that peer, that does not make that much sense as responder. If an initiator creates a new IKE_SA, it most likely knows or could check if there already is an IKE_SA with that peer, without relying on the INITIAL_CONTACT from the responder. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] Load tester for xauth
Hi, Anyone who knows how to configure load-tester to support xauth, please help me. Really appreciated. Please refer to my answer and the patch for ticket #835 [1]. Regards Martin [1]https://wiki.strongswan.org/issues/835#change-2837 ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
