Re: [Swan] Cisco IOS XE Interoperability with Libreswan

[Reuben Farrelly]

Thanks for a very useful response Paul.  Comments inline..
On 15/08/2018 1:50 AM, Paul Wouters wrote:
It would be more useful to be able to query for this in the code you
have, in case there are changes. I'll look into this.

That would be great - thanks.  Even if it is just printed in the 
pluto.log on startup or an option to the ipsec binary - that would be 
sufficient.

3. Following on from this, if I do not hard set my proposal at all on 
either end, then I would expect some out-of-the-box negotiation of 
some fairly strong ciphers to be negotiated instead.

Yes, aes, aes_gcm and sha2 as well as dh14 are surely in the default
proposal list for IKEv2, so I would expect it to work.

However in practice this doesn't work for either classic IOS or IOS-XE.

Debugs show:

Aug 14 23:42:30.350745: | remote proposal 1 matches local proposal 3

You have a match.

Aug 14 23:42:30.350754: packet from 1.129.98.157:585: proposal 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 
chosen from remote proposals 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;DH=ECP_256;DH=MODP2048;DH=ECP_521;DH=MODP1536[first-match] 


You picked aes256-sha2_512;dh14

Aug 14 23:42:30.350763: | accepted IKE proposal ikev2_proposal: 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 

Aug 14 23:42:30.350773: | converting proposal to internal trans attrs
Aug 14 23:42:30.350783: packet from 1.129.98.157:585: initiator 
guessed wrong keying material group (ECP_256); responding with 
INVALID_KE_PAYLOAD requesting MODP2048

On the first IKE_INIT packet, the initiator has to guess the DH for the
KE payload. The Cisco guessed dh19 but libreswan picked dh14. So it
sends back INVALID_KE and the Cisco should come back again but now use
a KE payload that matches dh14

Which of course is all rather broken and leads to IKEv2 not finishing 
negotiation at all.

You didn't show me what happened next, so I cannot tell. It all looks
healthy up to here. You can avoid the extra roundtrip by of INVALID_KE
by using: ike=aes256-sha2_512;dh19

Ok here's a complete negotiation run:

Aug 15 09:11:50.527019: | timer_event_cb: processing event@0x56287c2d8a20
Aug 15 09:11:50.527073: | handling event EVENT_SHUNT_SCAN
Aug 15 09:11:50.527083: | expiring aged bare shunts from shunt table
Aug 15 09:11:50.527092: | event_schedule: new 
EVENT_SHUNT_SCAN-pe@0x56287c2d1b50
Aug 15 09:11:50.527101: | inserting event EVENT_SHUNT_SCAN, timeout in 
20.000 seconds
Aug 15 09:11:50.527113: | free_event_entry: release 
EVENT_SHUNT_SCAN-pe@0x56287c2d8a20
Aug 15 09:11:51.250795: |  kernel_process_msg_cb process netlink message
Aug 15 09:11:51.250855: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:51.250864: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:53.057166: |  kernel_process_msg_cb process netlink message
Aug 15 09:11:53.057231: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:53.057242: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:54.648118: | *received 366 bytes from 1.129.98.157:585 on 
eth0 (port=500)
Aug 15 09:11:54.648172: |   a7 af 63 39  08 13 15 77  00 00 00 00  00 00 
00 00
Aug 15 09:11:54.648180: |   21 20 22 08  00 00 00 00  00 00 01 6e  22 00 
00 58
Aug 15 09:11:54.648185: |   00 00 00 54  01 01 00 09  03 00 00 0c  01 00 
00 0c
Aug 15 09:11:54.648191: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 
00 08
Aug 15 09:11:54.648197: |   02 00 00 06  03 00 00 08  03 00 00 0e  03 00 
00 08
Aug 15 09:11:54.648202: |   03 00 00 0d  03 00 00 08  04 00 00 13  03 00 
00 08
Aug 15 09:11:54.648208: |   04 00 00 0e  03 00 00 08  04 00 00 15  00 00 
00 08
Aug 15 09:11:54.648214: |   04 00 00 05  28 00 00 48  00 13 00 00  f3 3f 
db 9c
Aug 15 09:11:54.648219: |   a2 27 a4 0f  60 5f 9b cd  81 df 95 75  bc 5c 
95 4e
Aug 15 09:11:54.648225: |   2e 70 95 ff  27 cf 36 7d  26 85 c4 56  cb dd 
a5 49
Aug 15 09:11:54.648230: |   d0 4d 8f aa  6e 2e 31 7f  88 f6 06 82  9d a9 
13 16
Aug 15 09:11:54.648253: |   4f 5a 69 76  92 33 61 8a  c7 f8 bd b4  2b 00 
00 24
Aug 15 09:11:54.648262: |   67 0f e6 42  dc b9 68 ee  b0 36 75 cb  9f 51 
8c b8
Aug 15 09:11:54.648268: |   51 ef 5e a8  98 1b e9 7c  e6 ee 1f 6c  b8 ee 
06 01
Aug 15 09:11:54.648273: |   2b 00 00 17  43 49 53 43  4f 2d 44 45  4c 45 
54 45
Aug 15 09:11:54.648279: |   2d 52 45 41  53 4f 4e 2b  00 00 13 43  49 53 
43 4f
Aug 15 09:11:54.648284: |   56 50 4e 2d  52 45 56 2d  30 32 2b 00  00 17 
43 49
Aug 15 09:11:54.648289: |   53 43 4f 2d  44 59 4e 41  4d 49 43 2d  52 4f 
55 54
Aug 15 09:11:54.648294: |   45 29 00 00  15 46 4c 45  58 56 50 4e  2d 53 
55 50
Aug 15 09:11:54.648300: |   50 4f 52 54  45 44 29 00  00 1c 00 00  40 04 
6f 3d
Aug 15 09:11:54.648305: |   a0 7c df 06  84 d5 f9 db  4d b4 80 62  a5 a6 
c5 0d
Aug 15 09:11:54.648310: |   bf 55 00 00  00 1c 00 00  40 05 82 8d  e9 ab 
f0 1a
Aug 15 09:11:54.648315: |   a5 ea 48 04  ec 90 f0 37  f4 11 37 22  98 e2
Aug 15 09:11:54.648326: | processing: start from 1.129.98.157:585 (in 
process_md() at demux.c:392)
Aug 15 09:11:54.648335: | **parse ISAKMP Message:
Aug 15 09:11:54.648341: |    initiator cookie:
Aug 15 09:11:54.648347: |   a7 af 63 39  08 13 15 77
Aug 15 09:11:54.648352: |    responder cookie:
Aug 15 09:11:54.648357: |   00 00 00 00  00 00 00 00
Aug 15 09:11:54.648363: |    first contained payload type: 
ISAKMP_NEXT_v2SA (0x21)
Aug 15 09:11:54.648384: |    ISAKMP version: IKEv2 version 2.0 
(rfc4306/rfc5996) (0x20)
Aug 15 09:11:54.648390: |    exchange type: ISAKMP_v2_SA_INIT (0x22)
Aug 15 09:11:54.648396: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Aug 15 09:11:54.648402: |    message ID:  00 00 00 00
Aug 15 09:11:54.648408: |    length: 366 (0x16e)
Aug 15 09:11:54.648414: |  processing version=2.0 packet with exchange 
type=ISAKMP_v2_SA_INIT (34)
Aug 15 09:11:54.648421: | I am receiving an IKEv2 Request ISAKMP_v2_SA_INIT
Aug 15 09:11:54.648426: | I am the IKE SA Original Responder
Aug 15 09:11:54.648436: | icookie table: hash icookie a7 af 63 39  08 13 
15 77 to 10525578376579319415 slot 0x56287ad46da0
Aug 15 09:11:54.648442: | parent_init v2 state object not found
Aug 15 09:11:54.648452: | #null state always idle
Aug 15 09:11:54.648471: | #0 in state PARENT_R0: processing SA_INIT request
Aug 15 09:11:54.648484: | Unpacking clear payload for svm: Respond to 
IKE_SA_INIT
Aug 15 09:11:54.648494: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Aug 15 09:11:54.648505: | ***parse IKEv2 Security Association Payload:
Aug 15 09:11:54.648516: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Aug 15 09:11:54.648531: |    flags: none (0x0)
Aug 15 09:11:54.648542: |    length: 88 (0x58)
Aug 15 09:11:54.648553: | processing payload: ISAKMP_NEXT_v2SA (len=88)
Aug 15 09:11:54.648563: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Aug 15 09:11:54.648570: | ***parse IKEv2 Key Exchange Payload:
Aug 15 09:11:54.648577: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Aug 15 09:11:54.648582: |    flags: none (0x0)
Aug 15 09:11:54.648587: |    length: 72 (0x48)
Aug 15 09:11:54.648593: |    DH group: OAKLEY_GROUP_ECP_256 (0x13)
Aug 15 09:11:54.648599: | processing payload: ISAKMP_NEXT_v2KE (len=72)
Aug 15 09:11:54.648604: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Aug 15 09:11:54.648610: | ***parse IKEv2 Nonce Payload:
Aug 15 09:11:54.648616: |    next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648621: |    flags: none (0x0)
Aug 15 09:11:54.648627: |    length: 36 (0x24)
Aug 15 09:11:54.648632: | processing payload: ISAKMP_NEXT_v2Ni (len=36)
Aug 15 09:11:54.648638: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648644: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648649: |    next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648655: |    flags: none (0x0)
Aug 15 09:11:54.648660: |    length: 23 (0x17)
Aug 15 09:11:54.648666: | processing payload: ISAKMP_NEXT_v2V (len=23)
Aug 15 09:11:54.648671: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648677: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648683: |    next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648688: |    flags: none (0x0)
Aug 15 09:11:54.648693: |    length: 19 (0x13)
Aug 15 09:11:54.648699: | processing payload: ISAKMP_NEXT_v2V (len=19)
Aug 15 09:11:54.648704: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648710: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648716: |    next payload type: ISAKMP_NEXT_v2V (0x2b)
Aug 15 09:11:54.648721: |    flags: none (0x0)
Aug 15 09:11:54.648727: |    length: 23 (0x17)
Aug 15 09:11:54.648732: | processing payload: ISAKMP_NEXT_v2V (len=23)
Aug 15 09:11:54.648738: | Now let's proceed with payload (ISAKMP_NEXT_v2V)
Aug 15 09:11:54.648743: | ***parse IKEv2 Vendor ID Payload:
Aug 15 09:11:54.648749: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 15 09:11:54.648754: |    flags: none (0x0)
Aug 15 09:11:54.648760: |    length: 21 (0x15)
Aug 15 09:11:54.648765: | processing payload: ISAKMP_NEXT_v2V (len=21)
Aug 15 09:11:54.648771: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 15 09:11:54.648777: | ***parse IKEv2 Notify Payload:
Aug 15 09:11:54.648782: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Aug 15 09:11:54.648788: |    flags: none (0x0)
Aug 15 09:11:54.648793: |    length: 28 (0x1c)
Aug 15 09:11:54.648799: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.648804: |    SPI size: 0 (0x0)
Aug 15 09:11:54.648810: |    Notify Message Type: 
v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Aug 15 09:11:54.648821: | processing payload: ISAKMP_NEXT_v2N (len=28)
Aug 15 09:11:54.648827: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Aug 15 09:11:54.648833: | ***parse IKEv2 Notify Payload:
Aug 15 09:11:54.648839: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 15 09:11:54.648845: |    flags: none (0x0)
Aug 15 09:11:54.648850: |    length: 28 (0x1c)
Aug 15 09:11:54.648856: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.648861: |    SPI size: 0 (0x0)
Aug 15 09:11:54.648867: |    Notify Message Type: 
v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Aug 15 09:11:54.648873: | processing payload: ISAKMP_NEXT_v2N (len=28)
Aug 15 09:11:54.648878: | selected state microcode Respond to IKE_SA_INIT
Aug 15 09:11:54.648884: | Now let's proceed with state specific processing
Aug 15 09:11:54.648890: | calling processor Respond to IKE_SA_INIT
Aug 15 09:11:54.648896: | anti-DDoS cookies not required (and no cookie 
received)
Aug 15 09:11:54.648904: | find_host_connection me=110.232.112.209:500 
him=1.129.98.157:585 policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648912: | find_host_pair: comparing 110.232.112.209:500 
to 0.0.0.0:500
Aug 15 09:11:54.648919: | find_host_pair: comparing 110.232.112.209:500 
to 1.129.98.157:500
Aug 15 09:11:54.648925: | find_next_host_connection 
policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648933: | found policy = 
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 
(router-2.reub.net-ipv4)
Aug 15 09:11:54.648939: | find_next_host_connection returns empty
Aug 15 09:11:54.648946: | find_host_connection me=110.232.112.209:500 
him=%any:585 policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648952: | find_host_pair: comparing 110.232.112.209:500 
to 1.129.98.157:500
Aug 15 09:11:54.648958: | find_host_pair: comparing 110.232.112.209:500 
to 0.0.0.0:500
Aug 15 09:11:54.648964: | find_next_host_connection 
policy=RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648971: | found policy = 
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 
(router-2.reub.net-ipv4)
Aug 15 09:11:54.648977: | find_next_host_connection returns empty
Aug 15 09:11:54.648983: | initial parent SA message received on 
110.232.112.209:500 but no connection has been authorized with policy 
RSASIG+IKEV2_ALLOW
Aug 15 09:11:54.648990: | find_host_connection me=110.232.112.209:500 
him=1.129.98.157:585 policy=PSK+IKEV2_ALLOW
Aug 15 09:11:54.648997: | find_host_pair: comparing 110.232.112.209:500 
to 0.0.0.0:500
Aug 15 09:11:54.649003: | find_host_pair: comparing 110.232.112.209:500 
to 1.129.98.157:500
Aug 15 09:11:54.649009: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Aug 15 09:11:54.649015: | found policy = 
PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_PROPOSE+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO 
(router-2.reub.net-ipv4)
Aug 15 09:11:54.649022: | find_next_host_connection returns 
router-2.reub.net-ipv4[1] 1.129.98.157
Aug 15 09:11:54.649029: | found connection: router-2.reub.net-ipv4[1] 
1.129.98.157 with policy PSK+IKEV2_ALLOW
Aug 15 09:11:54.649036: | find_host_pair: comparing 110.232.112.209:500 
to 1.129.98.157:500
Aug 15 09:11:54.649043: | find_host_pair: comparing 110.232.112.209:500 
to 0.0.0.0:500
Aug 15 09:11:54.649056: | VID is not VID_OPPORTUNISTIC: content differs
Aug 15 09:11:54.649072: | VID is not VID_OPPORTUNISTIC: length differs
Aug 15 09:11:54.649082: | VID is not VID_OPPORTUNISTIC: content differs
Aug 15 09:11:54.649093: | VID is not VID_OPPORTUNISTIC: length differs
Aug 15 09:11:54.649109: | ignoring Vendor ID payload [CISCO-DELETE-REASON]
Aug 15 09:11:54.649125: packet from 1.129.98.157:585: ignoring unknown 
Vendor ID payload [434953434f56504e2d5245562d3032]
Aug 15 09:11:54.649140: packet from 1.129.98.157:585: ignoring unknown 
Vendor ID payload [434953434f2d44594e414d49432d524f555445]
Aug 15 09:11:54.649149: | ignoring Vendor ID payload [FLEXVPN-SUPPORTED]
Aug 15 09:11:54.649155: | already determined local IKE proposals for 
router-2.reub.net-ipv4 (IKE SA responder matching remote proposals)
Aug 15 09:11:54.649162: | Comparing remote proposals against IKE 
responder 4 local proposals
Aug 15 09:11:54.649176: | local proposal 1 type ENCR has 1 transforms
Aug 15 09:11:54.649182: | local proposal 1 type PRF has 3 transforms
Aug 15 09:11:54.649189: | local proposal 1 type INTEG has 1 transforms
Aug 15 09:11:54.649195: | local proposal 1 type DH has 5 transforms
Aug 15 09:11:54.649201: | local proposal 1 type ESN has 0 transforms
Aug 15 09:11:54.649207: | local proposal 1 transforms: required: 
ENCR+PRF+DH; optional: INTEG
Aug 15 09:11:54.649214: | local proposal 2 type ENCR has 1 transforms
Aug 15 09:11:54.649219: | local proposal 2 type PRF has 3 transforms
Aug 15 09:11:54.649225: | local proposal 2 type INTEG has 1 transforms
Aug 15 09:11:54.649231: | local proposal 2 type DH has 5 transforms
Aug 15 09:11:54.649237: | local proposal 2 type ESN has 0 transforms
Aug 15 09:11:54.649243: | local proposal 2 transforms: required: 
ENCR+PRF+DH; optional: INTEG
Aug 15 09:11:54.649249: | local proposal 3 type ENCR has 1 transforms
Aug 15 09:11:54.649254: | local proposal 3 type PRF has 3 transforms
Aug 15 09:11:54.649260: | local proposal 3 type INTEG has 3 transforms
Aug 15 09:11:54.649266: | local proposal 3 type DH has 5 transforms
Aug 15 09:11:54.649272: | local proposal 3 type ESN has 0 transforms
Aug 15 09:11:54.649278: | local proposal 3 transforms: required: 
ENCR+PRF+INTEG+DH; optional: none
Aug 15 09:11:54.649284: | local proposal 4 type ENCR has 1 transforms
Aug 15 09:11:54.649290: | local proposal 4 type PRF has 3 transforms
Aug 15 09:11:54.649295: | local proposal 4 type INTEG has 3 transforms
Aug 15 09:11:54.649301: | local proposal 4 type DH has 5 transforms
Aug 15 09:11:54.649307: | local proposal 4 type ESN has 0 transforms
Aug 15 09:11:54.649313: | local proposal 4 transforms: required: 
ENCR+PRF+INTEG+DH; optional: none
Aug 15 09:11:54.649320: | ****parse IKEv2 Proposal Substructure Payload:
Aug 15 09:11:54.649326: |    last proposal: v2_PROPOSAL_LAST (0x0)
Aug 15 09:11:54.649331: |    length: 84 (0x54)
Aug 15 09:11:54.649337: |    prop #: 1 (0x1)
Aug 15 09:11:54.649342: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Aug 15 09:11:54.649348: |    spi size: 0 (0x0)
Aug 15 09:11:54.649353: |    # transforms: 9 (0x9)
Aug 15 09:11:54.649360: | Comparing remote proposal 1 containing 9 
transforms against local proposal [1..4] of 4 local proposals
Aug 15 09:11:54.649366: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649372: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649378: |    length: 12 (0xc)
Aug 15 09:11:54.649383: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Aug 15 09:11:54.649389: |    IKEv2 transform ID: AES_CBC (0xc)
Aug 15 09:11:54.649395: | ******parse IKEv2 Attribute Substructure Payload:
Aug 15 09:11:54.649401: |    af+type: IKEv2_KEY_LENGTH (0x800e)
Aug 15 09:11:54.649407: |    length/value: 256 (0x100)
Aug 15 09:11:54.649415: | remote proposal 1 transform 0 
(ENCR=AES_CBC_256) matches local proposal 3 type 1 (ENCR) transform 0
Aug 15 09:11:54.649421: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649427: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649432: |    length: 8 (0x8)
Aug 15 09:11:54.649438: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 15 09:11:54.649444: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Aug 15 09:11:54.649451: | remote proposal 1 transform 1 
(PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Aug 15 09:11:54.649458: | remote proposal 1 transform 1 
(PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Aug 15 09:11:54.649464: | remote proposal 1 transform 1 
(PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Aug 15 09:11:54.649471: | remote proposal 1 transform 1 
(PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Aug 15 09:11:54.649477: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649483: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649488: |    length: 8 (0x8)
Aug 15 09:11:54.649494: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Aug 15 09:11:54.649503: |    IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
Aug 15 09:11:54.649510: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649516: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649521: |    length: 8 (0x8)
Aug 15 09:11:54.649527: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 15 09:11:54.649532: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 
(0xe)
Aug 15 09:11:54.649539: | remote proposal 1 transform 3 
(INTEG=HMAC_SHA2_512_256) matches local proposal 3 type 3 (INTEG) 
transform 0
Aug 15 09:11:54.649546: | remote proposal 1 transform 3 
(INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG) 
transform 0
Aug 15 09:11:54.649552: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649558: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649563: |    length: 8 (0x8)
Aug 15 09:11:54.649569: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Aug 15 09:11:54.649574: |    IKEv2 transform ID: AUTH_HMAC_SHA2_384_192 
(0xd)
Aug 15 09:11:54.649581: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649586: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649592: |    length: 8 (0x8)
Aug 15 09:11:54.649597: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649603: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Aug 15 09:11:54.649610: | remote proposal 1 transform 5 (DH=ECP_256) 
matches local proposal 1 type 4 (DH) transform 4
Aug 15 09:11:54.649617: | remote proposal 1 transform 5 (DH=ECP_256) 
matches local proposal 2 type 4 (DH) transform 4
Aug 15 09:11:54.649623: | remote proposal 1 transform 5 (DH=ECP_256) 
matches local proposal 3 type 4 (DH) transform 4
Aug 15 09:11:54.649630: | remote proposal 1 transform 5 (DH=ECP_256) 
matches local proposal 4 type 4 (DH) transform 4
Aug 15 09:11:54.649635: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649641: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649647: |    length: 8 (0x8)
Aug 15 09:11:54.649652: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649658: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Aug 15 09:11:54.649664: | remote proposal 1 transform 6 (DH=MODP2048) 
matches local proposal 1 type 4 (DH) transform 0
Aug 15 09:11:54.649671: | remote proposal 1 transform 6 (DH=MODP2048) 
matches local proposal 2 type 4 (DH) transform 0
Aug 15 09:11:54.649677: | remote proposal 1 transform 6 (DH=MODP2048) 
matches local proposal 3 type 4 (DH) transform 0
Aug 15 09:11:54.649684: | remote proposal 1 transform 6 (DH=MODP2048) 
matches local proposal 4 type 4 (DH) transform 0
Aug 15 09:11:54.649690: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649696: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Aug 15 09:11:54.649701: |    length: 8 (0x8)
Aug 15 09:11:54.649706: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649712: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Aug 15 09:11:54.649718: | *****parse IKEv2 Transform Substructure Payload:
Aug 15 09:11:54.649724: |    last transform: v2_TRANSFORM_LAST (0x0)
Aug 15 09:11:54.649730: |    length: 8 (0x8)
Aug 15 09:11:54.649735: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Aug 15 09:11:54.649741: |    IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
Aug 15 09:11:54.649748: | remote proposal 1 proposed transforms: 
ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
Aug 15 09:11:54.649756: | comparing remote proposal 1 containing 
ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH; 
optional: INTEG; matched: PRF+DH
Aug 15 09:11:54.649763: | remote proposal 1 does not match local 
proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
Aug 15 09:11:54.649770: | comparing remote proposal 1 containing 
ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH; 
optional: INTEG; matched: PRF+DH
Aug 15 09:11:54.649777: | remote proposal 1 does not match local 
proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
Aug 15 09:11:54.649784: | comparing remote proposal 1 containing 
ENCR+PRF+INTEG+DH transforms to local proposal 3; required: 
ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
Aug 15 09:11:54.649794: | remote proposal 1 matches local proposal 3
Aug 15 09:11:54.649805: packet from 1.129.98.157:585: proposal 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 
chosen from remote proposals 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;DH=ECP_256;DH=MODP2048;DH=ECP_521;DH=MODP1536[first-match]
Aug 15 09:11:54.649813: | accepted IKE proposal ikev2_proposal: 
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048
Aug 15 09:11:54.649819: | converting proposal to internal trans attrs
Aug 15 09:11:54.649828: packet from 1.129.98.157:585: initiator guessed 
wrong keying material group (ECP_256); responding with 
INVALID_KE_PAYLOAD requesting MODP2048
Aug 15 09:11:54.649835: | sending INVALID_KE back with MODP2048(14)
Aug 15 09:11:54.649842: packet from 1.129.98.157:585: responding to 
SA_INIT message (ID 0) from 1.129.98.157:585 with unencrypted 
notification INVALID_KE_PAYLOAD
Aug 15 09:11:54.649848: | Opening output PBS unencrypted notification
Aug 15 09:11:54.649855: | **emit ISAKMP Message:
Aug 15 09:11:54.649860: |    initiator cookie:
Aug 15 09:11:54.649866: |   a7 af 63 39  08 13 15 77
Aug 15 09:11:54.649871: |    responder cookie:
Aug 15 09:11:54.649876: |   00 00 00 00  00 00 00 00
Aug 15 09:11:54.649882: |    first contained payload type: 
ISAKMP_NEXT_NONE (0x0)
Aug 15 09:11:54.649887: |    ISAKMP version: IKEv2 version 2.0 
(rfc4306/rfc5996) (0x20)
Aug 15 09:11:54.649893: |    exchange type: ISAKMP_v2_SA_INIT (0x22)
Aug 15 09:11:54.649899: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Aug 15 09:11:54.649904: |    message ID:  00 00 00 00
Aug 15 09:11:54.649910: | next payload type: saving message location 
'ISAKMP Message'.'first contained payload type'
Aug 15 09:11:54.649917: | Adding a v2N Payload
Aug 15 09:11:54.649924: | next payload type: setting 'ISAKMP 
Message'.'first contained payload type' to IKEv2 Notify Payload 
(41:ISAKMP_NEXT_v2N)
Aug 15 09:11:54.649929: | ***emit IKEv2 Notify Payload:
Aug 15 09:11:54.649935: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Aug 15 09:11:54.649940: |    flags: none (0x0)
Aug 15 09:11:54.649946: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Aug 15 09:11:54.649952: |    SPI size: 0 (0x0)
Aug 15 09:11:54.649962: |    Notify Message Type: v2N_INVALID_KE_PAYLOAD 
(0x11)
Aug 15 09:11:54.649974: | next payload type: saving payload location 
'IKEv2 Notify Payload'.'next payload type'
Aug 15 09:11:54.649990: | emitting 2 raw bytes of Notify data into IKEv2 
Notify Payload
Aug 15 09:11:54.650001: | Notify data  00 0e
Aug 15 09:11:54.650012: | emitting length of IKEv2 Notify Payload: 10
Aug 15 09:11:54.650021: | emitting length of ISAKMP Message: 38
Aug 15 09:11:54.650029: | sending 38 bytes for v2 notify through 
eth0:500 to 1.129.98.157:585 (using #0)
Aug 15 09:11:54.650034: |   a7 af 63 39  08 13 15 77  00 00 00 00  00 00 
00 00
Aug 15 09:11:54.650040: |   29 20 22 20  00 00 00 00  00 00 00 26  00 00 
00 0a
Aug 15 09:11:54.650045: |   00 00 00 11  00 0e
Aug 15 09:11:54.650094: | skip start processing: state #0 (in 
complete_v2_state_transition() at ikev2.c:2805)
Aug 15 09:11:54.650104: | #0 complete v2 state transition from 
STATE_UNDEFINED with STF_FAIL
Aug 15 09:11:54.650110: | state transition function for STATE_UNDEFINED 
failed: <no reason given>
Aug 15 09:11:54.650118: | processing: stop from 1.129.98.157:585 (in 
process_md() at demux.c:394)
Aug 15 09:11:54.650125: | processing: STOP state #0 (in process_md() at 
demux.c:396)
Aug 15 09:11:54.650132: | serialno table: hash serialno #0 to head 
0x56287ad49ba0
Aug 15 09:11:54.650138: | serialno table: hash serialno #0 to head 
0x56287ad49ba0
Aug 15 09:11:54.650144: | processing: STOP connection NULL (in 
process_md() at demux.c:397)
Aug 15 09:11:55.074449: |  kernel_process_msg_cb process netlink message
Aug 15 09:11:55.074709: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:55.074811: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:56.269295: |  kernel_process_msg_cb process netlink message
Aug 15 09:11:56.269727: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:56.269817: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:11:58.788167: |  kernel_process_msg_cb process netlink message
Aug 15 09:11:58.788225: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:11:58.788235: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:00.182874: |  kernel_process_msg_cb process netlink message
Aug 15 09:12:00.182954: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:12:00.182970: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:02.243327: |  kernel_process_msg_cb process netlink message
Aug 15 09:12:02.243388: | netlink_get: XFRM_MSG_DELPOLICY message
Aug 15 09:12:02.243398: | xfrm netlink address change RTM_NEWADDR msg len 72
Aug 15 09:12:03.342070: |  kernel_process_msg_cb process netlink message
Aug 15 09:12:03.342128: | netlink_get: XFRM_MSG_DELPOLICY message

From the Cisco we see this:

router-2#
Aug 15 09:24:21: IPSEC:(SESSION ID = 1) (key_engine) request timer 
fired: count = 1,
  (identity) local= 10.100.187.27:0, remote= 110.232.112.209:0,
    local_proxy= 0.0.0.0/0.0.0.0/256/0,
    remote_proxy= 0.0.0.0/0.0.0.0/256/0
Aug 15 09:24:21: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local= 10.100.187.27:500, remote= 
110.232.112.209:500,
    local_proxy= 0.0.0.0/0.0.0.0/256/0,
    remote_proxy= 0.0.0.0/0.0.0.0/256/0,
    protocol= ESP, transform= esp-aes esp-sha-hmac  (Tunnel),
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
Aug 15 09:24:21: IKEv2:% Getting preshared key from profile keyring 
reub-keyring
Aug 15 09:24:21: IKEv2:% Matched peer block 'lightning.reub.net-ipv4'
Aug 15 09:24:21: IKEv2:Searching Policy with fvrf 0, local address 
10.100.187.27
Aug 15 09:24:21: IKEv2:Using the Default Policy for Proposal
Aug 15 09:24:21: IKEv2:Found Policy 'default'
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):[IKEv2 -> Crypto 
Engine] Computing DH public key, DH Group 19
Aug 15 09:24:21: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key 
Computation PASSED
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Request queued for 
computation of DH key
Aug 15 09:24:21: IKEv2:IKEv2 initiator - no config data to send in 
IKE_SA_INIT exch
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Generating IKE_SA_INIT 
message
Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):IKE Proposal: 1, SPI 
size: 0 (initial negotiation),
Num. transforms: 9
   AES-CBC   SHA512   SHA384   SHA512   SHA384   DH_GROUP_256_ECP/Group 
19   DH_GROUP_2048_MODP/Group 14   DH_GROUP_521_ECP/Group 21 
DH_GROUP_1536_MODP/Group 5

Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000 
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) 
NOTIFY(NAT_DETECTION_DESTINATION_IP)

Aug 15 09:24:21: IKEv2:(SESSION ID = 1,SA ID = 1):Insert SA
Aug 15 09:24:23: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet

Aug 15 09:24:23: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000 
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) 
NOTIFY(NAT_DETECTION_DESTINATION_IP)

Aug 15 09:24:27: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet

Aug 15 09:24:27: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000 
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) 
NOTIFY(NAT_DETECTION_DESTINATION_IP)

Aug 15 09:24:34: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet

Aug 15 09:24:34: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000 
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) 
NOTIFY(NAT_DETECTION_DESTINATION_IP)

Aug 15 09:24:50: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet

Aug 15 09:24:50: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 
110.232.112.209:500/From 10.100.187.27:500/VRF i0:f0]
Initiator SPI : F8862125DE22AE6C - Responder SPI : 0000000000000000 
Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) 
NOTIFY(NAT_DETECTION_DESTINATION_IP)

This is with no specific ciphers specified on either end.

Thanks,
Reuben

_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan