Re: [strongSwan] CHILD SA and PFS

Mon, 04 Aug 2014 01:12:08 -0700 

Hello,

Thanks for your answer!
You are right, the initial CHILD_SA is negociated during the IKE_AUTH exchange.
I do see a rekey of the CHILD_SA, and there is indeed a PFS included.

However, there is a questionable situation in the case the initiator and the 
responder sides do not share the same 'esp' PFS group (I set the initiator's 
lifetime to 3m for testing purposes)
- The first CHILD_SA is created on both sides using IKE_AUTH.
- When the rekey occurs, the responder tells the initiator that no suitable 
proposal has been chosen. Furthermore the responder keeps the current IKE and 
CHILD SAs.
- The initiator then shows a 'rekeing active' status but its SA ends up killed 
by the kernel.
- The initiator has to wait for the IKE SA rekey to get the CHILD SA up again.

initiator side:
#ipsec statusall
...
Security Associations (1 up, 0 connecting):
     net-net[1]: ESTABLISHED 10 minutes ago, 
172.18.0.54[[email protected]]...172.18.0.53[[email protected]]
     net-net[1]: IKEv2 SPIs: 86e385832aae080f_i* acbcfbb47881a7be_r, public key 
reauthentication in 5 hours
     net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
     net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: c4e02848_i c2c6dec8_o
     net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying 
active
     net-net{1}:   172.54.0.0/16 === 172.53.0.0/16 

#setkey -D
No SAD entries.


Regards,

Emeric 




----- Mail original -----
De: "Thomas Egerer" <[email protected]>
À: [email protected]
Cc: "emeric poupon" <[email protected]>
Envoyé: Vendredi 1 Août 2014 22:14:02
Objet: Re: [strongSwan] CHILD SA and PFS

Hi Emeric

On 08/01/2014 04:05 PM, Emeric POUPON wrote:
> Hello,
> 
> I have some problems enabling PFS on the CHILD SA.
> I'm using strongswan 5.2.0 on FreeBSD.
> 
> Here are the site configurations:
looks good.
However [1], the IKE_AUTH exchange responsible for
establishing the *first* CHILD_SA does not include a key exchange
(KE), whereas [2], the CREATE_CHILD_SA exchange responsible
for creating (subsequent), or rekeying children, does include
an (optional) key exchange ([KE]).
If you wait for the configured keylife of <=60 minutes, you
should see a rekeying of the CHILD_SA take place, including
the configured PFS-group.

Cheers,

Thomas

[1] http://tools.ietf.org/html/rfc5996#appendix-C.2
[2] http://tools.ietf.org/html/rfc5996#appendix-C.4
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to