Hello Tobias, >> It also sounds like my suspicions about lack of PFS support in IOS8.3 are >> confirmed. > > Yes, looks like it (at least as responder of a rekeying). Or perhaps > just with this particular proposal. Did you try without AES-GCM, or > with different DH groups? Support for AES-GCM this was added relatively > recently with 8.3 so perhaps it's a regression only triggered by that > algorithm (or the absence of an integrity algorithm in the proposal). > >>> Does the same happen if the client initiates the rekeying? Does the >>> behavior change if you don't use AES-GCM?
OK, that makes sense.
If I get the client to initiate the rekey (using a short LifeTimeInMinutes in
ChildSecurityAssociationParameters),
this time also switching to AES-256 and DH params of 2 (the IOS default), it
also ignores them :
### /etc/ipsec.conf ###
ike=aes256-sha256-modp1024!
esp=aes256-sha256-modp1024!
Jul 24 13:04:17 nibbler charon: 14[ENC] parsed CREATE_CHILD_SA request 2 [
N(REKEY_SA) SA No TSi TSr ]
Jul 24 13:04:17 nibbler charon: 14[CFG] selecting proposal:
Jul 24 13:04:17 nibbler charon: 14[CFG] no acceptable DIFFIE_HELLMAN_GROUP
found
Jul 24 13:04:17 nibbler charon: 14[CFG] received proposals:
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[CFG] configured proposals:
ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[IKE] no acceptable proposal found
To get the rekey to actually proceed and work, I must include an ESP proposal
without DH params.
Perhaps I will try upgrading this device to IOS8.4 to see if PFS is enabled
there.
Kind regards,
Tom
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
