Thanks for a very useful response Paul. Comments inline..
On 15/08/2018 1:50 AM, Paul Wouters wrote:
It would be more useful to be able to query for this in the code you
have, in case there are changes. I'll look into this.
That would be great - thanks. Even if it is just printed in the
pluto.log on startup or an option to the ipsec binary - that would be
sufficient.
3. Following on from this, if I do not hard set my proposal at all on
either end, then I would expect some out-of-the-box negotiation of
some fairly strong ciphers to be negotiated instead.
Yes, aes, aes_gcm and sha2 as well as dh14 are surely in the default
proposal list for IKEv2, so I would expect it to work.
However in practice this doesn't work for either classic IOS or IOS-XE.
Debugs show:
Aug 14 23:42:30.350745: | remote proposal 1 matches local proposal 3
You have a match.
Aug 14 23:42:30.350754: packet from 1.129.98.157:585: proposal
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048
chosen from remote proposals
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;DH=ECP_256;DH=MODP2048;DH=ECP_521;DH=MODP1536[first-match]
You picked aes256-sha2_512;dh14
Aug 14 23:42:30.350763: | accepted IKE proposal ikev2_proposal:
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048
Aug 14 23:42:30.350773: | converting proposal to internal trans attrs
Aug 14 23:42:30.350783: packet from 1.129.98.157:585: initiator
guessed wrong keying material group (ECP_256); responding with
INVALID_KE_PAYLOAD requesting MODP2048
On the first IKE_INIT packet, the initiator has to guess the DH for the
KE payload. The Cisco guessed dh19 but libreswan picked dh14. So it
sends back INVALID_KE and the Cisco should come back again but now use
a KE payload that matches dh14
Which of course is all rather broken and leads to IKEv2 not finishing
negotiation at all.
You didn't show me what happened next, so I cannot tell. It all looks
healthy up to here. You can avoid the extra roundtrip by of INVALID_KE
by using: ike=aes256-sha2_512;dh19
Ok here's a complete negotiation run:
Aug 15 09:11:50.527019: | timer_event_cb: processing event@0x56287c2d8a20
Aug 15 09:11:50.527073: | handling event EVENT_SHUNT_SCAN
Aug 15 09:11:50.527083: | expiring aged bare shunts from shunt table
Aug 15 09:11:50.527092: | event_schedule: new
EVENT_SHUNT_SCAN-pe@0x56287c2d1b50
Aug 15 09:11:50.527101: | inserting event EVENT_SHUNT_SCAN, timeout in
20.000 seconds
Aug 15 09:11:50.527113: | free_event_entry: release
EVENT_SHUNT_SCAN-pe@0x56287c2d8a20
Aug 15 09:11:51.250795: | kernel_process_msg_cb process netlink message
Aug 15 09:11:51.250855: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:51.250864: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:53.057166: | kernel_process_msg_cb process netlink message
Aug 15 09:11:53.057231: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:53.057242: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:54.648118: | *received 366 bytes from 1.129.98.157:585 on
eth0 (port=500)
Aug 15 09:11:54.648172: | a7 af 63 39 08 13 15 77 00 00 00 00 00 00
00 00
Aug 15 09:11:54.648180: | 21 20 22 08 00 00 00 00 00 00 01 6e 22 00
00 58
Aug 15 09:11:54.648185: | 00 00 00 54 01 01 00 09 03 00 00 0c 01 00
00 0c
Aug 15 09:11:54.648191: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00
00 08
Aug 15 09:11:54.648197: | 02 00 00 06 03 00 00 08 03 00 00 0e 03 00
00 08
Aug 15 09:11:54.648202: | 03 00 00 0d 03 00 00 08 04 00 00 13 03 00
00 08
Aug 15 09:11:54.648208: | 04 00 00 0e 03 00 00 08 04 00 00 15 00 00
00 08
Aug 15 09:11:54.648214: | 04 00 00 05 28 00 00 48 00 13 00 00 f3 3f
db 9c
Aug 15 09:11:54.648219: | a2 27 a4 0f 60 5f 9b cd 81 df 95 75 bc 5c
95 4e
Aug 15 09:11:54.648225: | 2e 70 95 ff 27 cf 36 7d 26 85 c4 56 cb dd
a5 49
Aug 15 09:11:54.648230: | d0 4d 8f aa 6e 2e 31 7f 88 f6 06 82 9d a9
13 16
Aug 15 09:11:54.648253: | 4f 5a 69 76 92 33 61 8a c7 f8 bd b4 2b 00
00 24
Aug 15 09:11:54.648262: | 67 0f e6 42 dc b9 68 ee b0 36 75 cb 9f 51
8c b8
Aug 15 09:11:54.648268: | 51 ef 5e a8 98 1b e9 7c e6 ee 1f 6c b8 ee
06 01
Aug 15 09:11:54.648273: | 2b 00 00 17 43 49 53 43 4f 2d 44 45 4c 45
54 45
Aug 15 09:11:54.648279: | 2d 52 45 41 53 4f 4e 2b 00 00 13 43 49 53
43 4f
Aug 15 09:11:54.648284: | 56 50 4e 2d 52 45 56 2d 30 32 2b 00 00 17
43 49
Aug 15 09:11:54.648289: | 53 43 4f 2d 44 59 4e 41 4d 49 43 2d 52 4f
55 54
Aug 15 09:11:54.648294: | 45 29 00 00 15 46 4c 45 58 56 50 4e 2d 53
55 50
Aug 15 09:11:54.648300: | 50 4f 52 54 45 44 29 00 00 1c 00 00 40 04
6f 3d
Aug 15 09:11:54.648305: | a0 7c df 06 84 d5 f9 db 4d b4 80 62 a5 a6
c5 0d
Aug 15 09:11:54.648310: | bf 55 00 00 00 1c 00 00 40 05 82 8d e9 ab
f0 1a
Aug 15 09:11:54.648315: | a5 ea 48 04 ec 90 f0 37 f4 11 37 22 98 e2
Aug 15 09:11:54.648326: | processing: start from 1.129.98.157:585 (in
process_md() at demux.c:392)
Aug 15 09:11:54.648335: | **parse ISAKMP Message:
Aug 15 09:11:54.648341: | initiator cookie:
Aug 15 09:11:54.648347: | a7 af 63 39 08 13 15 77
Aug 15 09:11:54.648352: | responder cookie:
Aug 15 09:11:54.648357: | 00 00 00 00 00 00 00 00
Aug 15 09:11:54.648363: | first contained payload type:
ISAKMP_NEXT_v2SA (0x21)
Aug 15 09:11:54.648384: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996) (0x20)
Aug 15 09:11:54.648390: | exchange type: ISAKMP_v2_SA_INIT (0x22)
Aug 15 09:11:54.648396: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 15 09:11:54.648402: | message ID: 00 00 00 00
Aug 15 09:11:54.648408: | length: 366 (0x16e)
Aug 15 09:11:54.648414: | processing version=2.0 packet with exchange
type=ISAKMP_v2_SA_INIT (34)
Aug 15 09:11:54.648421: | I am receiving an IKEv2 Request ISAKMP_v2_SA_INIT
Aug 15 09:11:54.648426: | I am the IKE SA Original Responder
Aug 15 09:11:54.648436: | icookie table: hash icookie a7 af 63 39 08 13
15 77 to 10525578376579319415 slot 0x56287ad46da0
Aug 15 09:11:54.648442: | parent_init v2 state object not found
Aug 15 09:11:54.648452: | #null state always idle
Aug 15 09:11:54.648471: | #0 in state PARENT_R0: processing SA_INIT request
Aug 15 09:11:54.648484: | Unpacking clear payload for svm: Respond to
IKE_SA_INIT
Aug 15 09:11:54.648494: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 15 09:11:54.648505: | ***parse IKEv2 Security Association Payload:
Aug 15 09:11:54.648516: | next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 15 09:11:54.648531: | flags: none (0x0)
Aug 15 09:11:54.648542: | length: 88 (0x58)
Aug 15 09:11:54.648553: | processing payload: ISAKMP_NEXT_v2SA (len=88)
Aug 15 09:11:54.648563: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 15 09:11:54.648570: | ***parse IKEv2 Key Exchange Payload:
Aug 15 09:11:54.648577: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 15 09:11:54.648582: | flags: none (0x0)
Aug 15 09:11:54.648587: | length: 72 (0x48)
Aug 15 09:11:54.648593: | DH group: OAKLEY_GROUP_ECP_256 (0x13)
Aug 15 09:11:54.648599: | processing payload: ISAKMP_NEXT_v2KE (len=72)
Aug 15 09:11:54.648604: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 15 09:11:54.648610: | ***parse IKEv2 Nonce Payload:
Aug 15 09:11:54.648616: | next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648621: | flags: none (0x0)
Aug 15 09:11:54.648627: | length: 36 (0x24)
Aug 15 09:11:54.648632: | processing payload: ISAKMP_NEXT_v2Ni (len=36)
Aug 15 09:11:54.648638: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648644: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648649: | next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648655: | flags: none (0x0)
Aug 15 09:11:54.648660: | length: 23 (0x17)
Aug 15 09:11:54.648666: | processing payload: ISAKMP_NEXT_v2V (len=23)
Aug 15 09:11:54.648671: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648677: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648683: | next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648688: | flags: none (0x0)
Aug 15 09:11:54.648693: | length: 19 (0x13)
Aug 15 09:11:54.648699: | processing payload: ISAKMP_NEXT_v2V (len=19)
Aug 15 09:11:54.648704: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648710: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648716: | next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648721: | flags: none (0x0)
Aug 15 09:11:54.648727: | length: 23 (0x17)
Aug 15 09:11:54.648732: | processing payload: ISAKMP_NEXT_v2V (len=23)
Aug 15 09:11:54.648738: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648743: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648749: | next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 15 09:11:54.648754: | flags: none (0x0)
Aug 15 09:11:54.648760: | length: 21 (0x15)
Aug 15 09:11:54.648765: | processing payload: ISAKMP_NEXT_v2V (len=21)
Aug 15 09:11:54.648771: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 15 09:11:54.648777: | ***parse IKEv2 Notify Payload:
Aug 15 09:11:54.648782: | next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 15 09:11:54.648788: | flags: none (0x0)
Aug 15 09:11:54.648793: | length: 28 (0x1c)
Aug 15 09:11:54.648799: | Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.648804: | SPI size: 0 (0x0)
Aug 15 09:11:54.648810: | Notify Message Type:
v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 15 09:11:54.648821: | processing payload: ISAKMP_NEXT_v2N (len=28)
Aug 15 09:11:54.648827: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 15 09:11:54.648833: | ***parse IKEv2 Notify Payload:
Aug 15 09:11:54.648839: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 15 09:11:54.648845: | flags: none (0x0)
Aug 15 09:11:54.648850: | length: 28 (0x1c)
Aug 15 09:11:54.648856: | Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.648861: | SPI size: 0 (0x0)
Aug 15 09:11:54.648867: | Notify Message Type:
v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 15 09:11:54.648873: | processing payload: ISAKMP_NEXT_v2N (len=28)
Aug 15 09:11:54.648878: | selected state microcode Respond to IKE_SA_INIT
Aug 15 09:11:54.648884: | Now let's proceed with state specific processing
Aug 15 09:11:54.648890: | calling processor Respond to IKE_SA_INIT
Aug 15 09:11:54.648896: | anti-DDoS cookies not required (and no cookie
received)
Aug 15 09:11:54.648904: | find_host_connection me=110.232.112.209:500
him=1.129.98.157:585 policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648912: | find_host_pair: comparing 110.232.112.209:500
to 0.0.0.0:500
Aug 15 09:11:54.648919: | find_host_pair: comparing 110.232.112.209:500
to 1.129.98.157:500
Aug 15 09:11:54.648925: | find_next_host_connection
policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648933: | found policy =
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(router-2.reub.net-ipv4)
Aug 15 09:11:54.648939: | find_next_host_connection returns empty
Aug 15 09:11:54.648946: | find_host_connection me=110.232.112.209:500
him=%any:585 policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648952: | find_host_pair: comparing 110.232.112.209:500
to 1.129.98.157:500
Aug 15 09:11:54.648958: | find_host_pair: comparing 110.232.112.209:500
to 0.0.0.0:500
Aug 15 09:11:54.648964: | find_next_host_connection
policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648971: | found policy =
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(router-2.reub.net-ipv4)
Aug 15 09:11:54.648977: | find_next_host_connection returns empty
Aug 15 09:11:54.648983: | initial parent SA message received on
110.232.112.209:500 but no connection has been authorized with policy
RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648990: | find_host_connection me=110.232.112.209:500
him=1.129.98.157:585 policy=PSK+IKEV2_ALLOW
Aug 15 09:11:54.648997: | find_host_pair: comparing 110.232.112.209:500
to 0.0.0.0:500
Aug 15 09:11:54.649003: | find_host_pair: comparing 110.232.112.209:500
to 1.129.98.157:500
Aug 15 09:11:54.649009: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 15 09:11:54.649015: | found policy =
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
(router-2.reub.net-ipv4)
Aug 15 09:11:54.649022: | find_next_host_connection returns
router-2.reub.net-ipv4[1] 1.129.98.157
Aug 15 09:11:54.649029: | found connection: router-2.reub.net-ipv4[1]
1.129.98.157 with policy PSK+IKEV2_ALLOW
Aug 15 09:11:54.649036: | find_host_pair: comparing 110.232.112.209:500
to 1.129.98.157:500
Aug 15 09:11:54.649043: | find_host_pair: comparing 110.232.112.209:500
to 0.0.0.0:500
Aug 15 09:11:54.649056: | VID is not VID_OPPORTUNISTIC: content differs
Aug 15 09:11:54.649072: | VID is not VID_OPPORTUNISTIC: length differs
Aug 15 09:11:54.649082: | VID is not VID_OPPORTUNISTIC: content differs
Aug 15 09:11:54.649093: | VID is not VID_OPPORTUNISTIC: length differs
Aug 15 09:11:54.649109: | ignoring Vendor ID payload [CISCO-DELETE-REASON]
Aug 15 09:11:54.649125: packet from 1.129.98.157:585: ignoring unknown
Vendor ID payload [434953434f56504e2d5245562d3032]
Aug 15 09:11:54.649140: packet from 1.129.98.157:585: ignoring unknown
Vendor ID payload [434953434f2d44594e414d49432d524f555445]
Aug 15 09:11:54.649149: | ignoring Vendor ID payload [FLEXVPN-SUPPORTED]
Aug 15 09:11:54.649155: | already determined local IKE proposals for
router-2.reub.net-ipv4 (IKE SA responder matching remote proposals)
Aug 15 09:11:54.649162: | Comparing remote proposals against IKE
responder 4 local proposals
Aug 15 09:11:54.649176: | local proposal 1 type ENCR has 1 transforms
Aug 15 09:11:54.649182: | local proposal 1 type PRF has 3 transforms
Aug 15 09:11:54.649189: | local proposal 1 type INTEG has 1 transforms
Aug 15 09:11:54.649195: | local proposal 1 type DH has 5 transforms
Aug 15 09:11:54.649201: | local proposal 1 type ESN has 0 transforms
Aug 15 09:11:54.649207: | local proposal 1 transforms: required:
ENCR+PRF+DH; optional: INTEG
Aug 15 09:11:54.649214: | local proposal 2 type ENCR has 1 transforms
Aug 15 09:11:54.649219: | local proposal 2 type PRF has 3 transforms
Aug 15 09:11:54.649225: | local proposal 2 type INTEG has 1 transforms
Aug 15 09:11:54.649231: | local proposal 2 type DH has 5 transforms
Aug 15 09:11:54.649237: | local proposal 2 type ESN has 0 transforms
Aug 15 09:11:54.649243: | local proposal 2 transforms: required:
ENCR+PRF+DH; optional: INTEG
Aug 15 09:11:54.649249: | local proposal 3 type ENCR has 1 transforms
Aug 15 09:11:54.649254: | local proposal 3 type PRF has 3 transforms
Aug 15 09:11:54.649260: | local proposal 3 type INTEG has 3 transforms
Aug 15 09:11:54.649266: | local proposal 3 type DH has 5 transforms
Aug 15 09:11:54.649272: | local proposal 3 type ESN has 0 transforms
Aug 15 09:11:54.649278: | local proposal 3 transforms: required:
ENCR+PRF+INTEG+DH; optional: none
Aug 15 09:11:54.649284: | local proposal 4 type ENCR has 1 transforms
Aug 15 09:11:54.649290: | local proposal 4 type PRF has 3 transforms
Aug 15 09:11:54.649295: | local proposal 4 type INTEG has 3 transforms
Aug 15 09:11:54.649301: | local proposal 4 type DH has 5 transforms
Aug 15 09:11:54.649307: | local proposal 4 type ESN has 0 transforms
Aug 15 09:11:54.649313: | local proposal 4 transforms: required:
ENCR+PRF+INTEG+DH; optional: none
Aug 15 09:11:54.649320: | ****parse IKEv2 Proposal Substructure Payload:
Aug 15 09:11:54.649326: | last proposal: v2_PROPOSAL_LAST (0x0)
Aug 15 09:11:54.649331: | length: 84 (0x54)
Aug 15 09:11:54.649337: | prop #: 1 (0x1)
Aug 15 09:11:54.649342: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 15 09:11:54.649348: | spi size: 0 (0x0)
Aug 15 09:11:54.649353: | # transforms: 9 (0x9)
Aug 15 09:11:54.649360: | Comparing remote proposal 1 containing 9
transforms against local proposal [1..4] of 4 local proposals
Aug 15 09:11:54.649366: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649372: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649378: | length: 12 (0xc)
Aug 15 09:11:54.649383: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 15 09:11:54.649389: | IKEv2 transform ID: AES_CBC (0xc)
Aug 15 09:11:54.649395: | ******parse IKEv2 Attribute Substructure Payload:
Aug 15 09:11:54.649401: | af+type: IKEv2_KEY_LENGTH (0x800e)
Aug 15 09:11:54.649407: | length/value: 256 (0x100)
Aug 15 09:11:54.649415: | remote proposal 1 transform 0
(ENCR=AES_CBC_256) matches local proposal 3 type 1 (ENCR) transform 0
Aug 15 09:11:54.649421: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649427: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649432: | length: 8 (0x8)
Aug 15 09:11:54.649438: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 15 09:11:54.649444: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 15 09:11:54.649451: | remote proposal 1 transform 1
(PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 15 09:11:54.649458: | remote proposal 1 transform 1
(PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 15 09:11:54.649464: | remote proposal 1 transform 1
(PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 15 09:11:54.649471: | remote proposal 1 transform 1
(PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 15 09:11:54.649477: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649483: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649488: | length: 8 (0x8)
Aug 15 09:11:54.649494: | IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 15 09:11:54.649503: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
Aug 15 09:11:54.649510: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649516: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649521: | length: 8 (0x8)
Aug 15 09:11:54.649527: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 15 09:11:54.649532: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256
(0xe)
Aug 15 09:11:54.649539: | remote proposal 1 transform 3
(INTEG=HMAC_SHA2_512_256) matches local proposal 3 type 3 (INTEG)
transform 0
Aug 15 09:11:54.649546: | remote proposal 1 transform 3
(INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG)
transform 0
Aug 15 09:11:54.649552: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649558: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649563: | length: 8 (0x8)
Aug 15 09:11:54.649569: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 15 09:11:54.649574: | IKEv2 transform ID: AUTH_HMAC_SHA2_384_192
(0xd)
Aug 15 09:11:54.649581: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649586: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649592: | length: 8 (0x8)
Aug 15 09:11:54.649597: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649603: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 15 09:11:54.649610: | remote proposal 1 transform 5 (DH=ECP_256)
matches local proposal 1 type 4 (DH) transform 4
Aug 15 09:11:54.649617: | remote proposal 1 transform 5 (DH=ECP_256)
matches local proposal 2 type 4 (DH) transform 4
Aug 15 09:11:54.649623: | remote proposal 1 transform 5 (DH=ECP_256)
matches local proposal 3 type 4 (DH) transform 4
Aug 15 09:11:54.649630: | remote proposal 1 transform 5 (DH=ECP_256)
matches local proposal 4 type 4 (DH) transform 4
Aug 15 09:11:54.649635: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649641: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649647: | length: 8 (0x8)
Aug 15 09:11:54.649652: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649658: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 15 09:11:54.649664: | remote proposal 1 transform 6 (DH=MODP2048)
matches local proposal 1 type 4 (DH) transform 0
Aug 15 09:11:54.649671: | remote proposal 1 transform 6 (DH=MODP2048)
matches local proposal 2 type 4 (DH) transform 0
Aug 15 09:11:54.649677: | remote proposal 1 transform 6 (DH=MODP2048)
matches local proposal 3 type 4 (DH) transform 0
Aug 15 09:11:54.649684: | remote proposal 1 transform 6 (DH=MODP2048)
matches local proposal 4 type 4 (DH) transform 0
Aug 15 09:11:54.649690: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649696: | last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649701: | length: 8 (0x8)
Aug 15 09:11:54.649706: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649712: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 15 09:11:54.649718: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649724: | last transform: v2_TRANSFORM_LAST (0x0)
Aug 15 09:11:54.649730: | length: 8 (0x8)
Aug 15 09:11:54.649735: | IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649741: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
Aug 15 09:11:54.649748: | remote proposal 1 proposed transforms:
ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
Aug 15 09:11:54.649756: | comparing remote proposal 1 containing
ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH;
optional: INTEG; matched: PRF+DH
Aug 15 09:11:54.649763: | remote proposal 1 does not match local
proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
Aug 15 09:11:54.649770: | comparing remote proposal 1 containing
ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH;
optional: INTEG; matched: PRF+DH
Aug 15 09:11:54.649777: | remote proposal 1 does not match local
proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
Aug 15 09:11:54.649784: | comparing remote proposal 1 containing
ENCR+PRF+INTEG+DH transforms to local proposal 3; required:
ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
Aug 15 09:11:54.649794: | remote proposal 1 matches local proposal 3
Aug 15 09:11:54.649805: packet from 1.129.98.157:585: proposal
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048
chosen from remote proposals
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;DH=ECP_256;DH=MODP2048;DH=ECP_521;DH=MODP1536[first-match]
Aug 15 09:11:54.649813: | accepted IKE proposal ikev2_proposal:
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048
Aug 15 09:11:54.649819: | converting proposal to internal trans attrs
Aug 15 09:11:54.649828: packet from 1.129.98.157:585: initiator guessed
wrong keying material group (ECP_256); responding with
INVALID_KE_PAYLOAD requesting MODP2048
Aug 15 09:11:54.649835: | sending INVALID_KE back with MODP2048(14)
Aug 15 09:11:54.649842: packet from 1.129.98.157:585: responding to
SA_INIT message (ID 0) from 1.129.98.157:585 with unencrypted
notification INVALID_KE_PAYLOAD
Aug 15 09:11:54.649848: | Opening output PBS unencrypted notification
Aug 15 09:11:54.649855: | **emit ISAKMP Message:
Aug 15 09:11:54.649860: | initiator cookie:
Aug 15 09:11:54.649866: | a7 af 63 39 08 13 15 77
Aug 15 09:11:54.649871: | responder cookie:
Aug 15 09:11:54.649876: | 00 00 00 00 00 00 00 00
Aug 15 09:11:54.649882: | first contained payload type:
ISAKMP_NEXT_NONE (0x0)
Aug 15 09:11:54.649887: | ISAKMP version: IKEv2 version 2.0
(rfc4306/rfc5996) (0x20)
Aug 15 09:11:54.649893: | exchange type: ISAKMP_v2_SA_INIT (0x22)
Aug 15 09:11:54.649899: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 15 09:11:54.649904: | message ID: 00 00 00 00
Aug 15 09:11:54.649910: | next payload type: saving message location
'ISAKMP Message'.'first contained payload type'
Aug 15 09:11:54.649917: | Adding a v2N Payload
Aug 15 09:11:54.649924: | next payload type: setting 'ISAKMP
Message'.'first contained payload type' to IKEv2 Notify Payload
(41:ISAKMP_NEXT_v2N)
Aug 15 09:11:54.649929: | ***emit IKEv2 Notify Payload:
Aug 15 09:11:54.649935: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 15 09:11:54.649940: | flags: none (0x0)
Aug 15 09:11:54.649946: | Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.649952: | SPI size: 0 (0x0)
Aug 15 09:11:54.649962: | Notify Message Type: v2N_INVALID_KE_PAYLOAD
(0x11)
Aug 15 09:11:54.649974: | next payload type: saving payload location
'IKEv2 Notify Payload'.'next payload type'
Aug 15 09:11:54.649990: | emitting 2 raw bytes of Notify data into IKEv2
Notify Payload
Aug 15 09:11:54.650001: | Notify data 00 0e
Aug 15 09:11:54.650012: | emitting length of IKEv2 Notify Payload: 10
Aug 15 09:11:54.650021: | emitting length of ISAKMP Message: 38
Aug 15 09:11:54.650029: | sending 38 bytes for v2 notify through
eth0:500 to 1.129.98.157:585 (using #0)
Aug 15 09:11:54.650034: | a7 af 63 39 08 13 15 77 00 00 00 00 00 00
00 00
Aug 15 09:11:54.650040: | 29 20 22 20 00 00 00 00 00 00 00 26 00 00
00 0a
Aug 15 09:11:54.650045: | 00 00 00 11 00 0e
Aug 15 09:11:54.650094: | skip start processing: state #0 (in
complete_v2_state_transition() at ikev2.c:2805)
Aug 15 09:11:54.650104: | #0 complete v2 state transition from
STATE_UNDEFINED with STF_FAIL
Aug 15 09:11:54.650110: | state transition function for STATE_UNDEFINED
failed: <no reason given>
Aug 15 09:11:54.650118: | processing: stop from 1.129.98.157:585 (in
process_md() at demux.c:394)
Aug 15 09:11:54.650125: | processing: STOP state #0 (in process_md() at
demux.c:396)
Aug 15 09:11:54.650132: | serialno table: hash serialno #0 to head
0x56287ad49ba0
Aug 15 09:11:54.650138: | serialno table: hash serialno #0 to head
0x56287ad49ba0
Aug 15 09:11:54.650144: | processing: STOP connection NULL (in
process_md() at demux.c:397)
Aug 15 09:11:55.074449: | kernel_process_msg_cb process netlink message
Aug 15 09:11:55.074709: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:55.074811: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:56.269295: | kernel_process_msg_cb process netlink message
Aug 15 09:11:56.269727: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:56.269817: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:58.788167: | kernel_process_msg_cb process netlink message
Aug 15 09:11:58.788225: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:58.788235: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:00.182874: | kernel_process_msg_cb process netlink message
Aug 15 09:12:00.182954: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:12:00.182970: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:02.243327: | kernel_process_msg_cb process netlink message
Aug 15 09:12:02.243388: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:12:02.243398: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:03.342070: | kernel_process_msg_cb process netlink message
Aug 15 09:12:03.342128: | netlink_get: XFRM_MSG_DELPOLICY message
From the Cisco we see this:
router-2#
Aug 15 09:24:21: IPSEC:(SESSION ID = 1) (key_engine) request timer
fired: count = 1,
(identity) local= 10.100.187.27:0, remote= 110.232.112.209:0,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 0.0.0.0/0.0.0.0/256/0
Aug 15 09:24:21: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 10.100.187.27:500, remote=
110.232.112.209:500,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 0.0.0.0/0.0.0.0/256/0,
protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Aug 15 09:24:21: IKEv2:% Getting preshared key from profile keyring
reub-keyring
Aug 15 09:24:21: IKEv2:% Matched peer block 'lightning.reub.net-ipv4'
Aug 15 09:24:21: IKEv2:Searching Policy with fvrf 0, local address
10.100.187.27
Aug 15 09:24:21: IKEv2:Using the Default Policy for Proposal
Aug 15 09:24:21: IKEv2:Found Policy 'default'
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):[IKEv2 -> Crypto
Engine] Computing DH public key, DH Group 19
Aug 15 09:24:21: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key
Computation PASSED
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Request queued for
computation of DH key
Aug 15 09:24:21: IKEv2:IKEv2 initiator - no config data to send in
IKE_SA_INIT exch
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Generating IKE_SA_INIT
message
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):IKE Proposal: 1, SPI
size: 0 (initial negotiation),
Num. transforms: 9
AES-CBC SHA512 SHA384 SHA512 SHA384 DH_GROUP_256_ECP/Group
19 DH_GROUP_2048_MODP/Group 14 DH_GROUP_521_ECP/Group 21
DH_GROUP_1536_MODP/Group 5
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP)
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Insert SA
Aug 15 09:24:23: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
Aug 15 09:24:23: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP)
Aug 15 09:24:27: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
Aug 15 09:24:27: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP)
Aug 15 09:24:34: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
Aug 15 09:24:34: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP)
Aug 15 09:24:50: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
Aug 15 09:24:50: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP)
NOTIFY(NAT_DETECTION_DESTINATION_IP)
This is with no specific ciphers specified on either end.
Thanks,
Reuben
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan