[strongSwan] upgrade from 4.5.2 to 5.2.1 breaks phase 2 authentication

Discussion:

CJ Fearnley

2018-07-09 23:28:51 UTC

I had a Strongswan 4.5.2 working great on Linux for several
years. Yesterday when I upgraded to 5.2.1 (Using Debian Jessie / 8.11),
too much changed.

I got the phase 1 authentication working again.

I've narrowed down the problems with phase two to the encryption
protocols.

What is needed to solve these two encryption algorithm mismatchs:

config setup
uniqueids=no

conn %default
mobike=no
keyexchange=ikev1
leftsubnet=192.168.100.0/24
left=XXX.YYY.ZZ.58
ikelifetime=8h
lifetime=8h
compress=no
leftsendcert=no
auto=add

conn aston
rightsubnet=192.168.11.0/24
right=ZZZ.WWW.3.210
authby=psk

Aston gives this error:

Jul 9 19:24:05 powerwall-34 charon: 04[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Jul 9 19:24:05 powerwall-34 charon: 04[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 9 19:24:05 powerwall-34 charon: 04[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN

Why is Strongswan not offering MODP_1024 for a 3des-sha1 proposal?

conn tonyhome
rightsubnet=192.168.10.0/24
right=%any
authby=psk

tonyhome gives this error:

Jul 9 19:22:57 powerwall-34 charon: 10[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jul 9 19:22:57 powerwall-34 charon: 10[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 9 19:22:57 powerwall-34 charon: 10[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN

Also, I notice when charon starts up, it gives this informational message:

Jul 9 18:30:15 powerwall-34 charon: 00[LIB] loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Jul 9 18:30:15 powerwall-34 charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)

What might be wrong with the stock Debian strongswan packages that there
are unmet dependencies?

I should add that I'm running a 3.2.0 kernel. It is possible that by
upgrading to the Debian Jessie 3.16.0, more plugins and so more encryption
proposals might become available. I plan to run that experiment off
hours this evening. But I doubt that it will help.

I have already upgraded to Jessie's openssl which is version 1.0.1t hoping
that might help. I don't see any other packages that might help. I even
have libstrongswan-extra-plugins, but that doesn't seem to change the
number of proposals strongswan offers.

***@powerwall-34:~$ dpkg -l '*swan*'|grep ^ii
ii libstrongswan 5.2.1-6+deb8u6 amd64 strongSwan utility and crypto library
ii libstrongswan-extra-plugins 5.2.1-6+deb8u6 amd64 strongSwan utility and crypto library (extra plugins)
ii libstrongswan-standard-plugins 5.2.1-6+deb8u6 amd64 strongSwan utility and crypto library (standard plugins)
ii strongswan 5.2.1-6+deb8u6 all IPsec VPN solution metapackage
ii strongswan-charon 5.2.1-6+deb8u6 amd64 strongSwan Internet Key Exchange daemon
ii strongswan-libcharon 5.2.1-6+deb8u6 amd64 strongSwan charon library
ii strongswan-starter 5.2.1-6+deb8u6 amd64 strongSwan daemon starter and configuration file parser

--
CJ Fearnley | LinuxForce Inc.
***@LinuxForce.net | IT Projects & Systems Maintenance
http://www.LinuxForce.net | http://blog.remoteresponder.net

Tobias Brunner

2018-07-10 08:56:50 UTC

Permalink

Hi,

Post by CJ Fearnley
Jul 9 19:24:05 powerwall-34 charon: 04[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Jul 9 19:24:05 powerwall-34 charon: 04[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 9 19:24:05 powerwall-34 charon: 04[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN
Why is Strongswan not offering MODP_1024 for a 3des-sha1 proposal?

Because as you can see, its default ESP proposals don't include any DH
groups. Configure esp=3des-sha1-modp1024 to match the client's
proposal. You can also read [1] for a description of IKEv1-related
differences between 4.x and 5.x releases.

Post by CJ Fearnley
Jul 9 19:22:57 powerwall-34 charon: 10[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jul 9 19:22:57 powerwall-34 charon: 10[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Jul 9 19:22:57 powerwall-34 charon: 10[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN

Same thing as above, but with sha256 instead of sha1.

Post by CJ Fearnley
Jul 9 18:30:15 powerwall-34 charon: 00[LIB] loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Jul 9 18:30:15 powerwall-34 charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
What might be wrong with the stock Debian strongswan packages that there
are unmet dependencies?

Nothing really wrong here, these plugin features are, for instance,
related to DSA, which none of our crypto plugins supports (i.e. there
will always be plugin features that can't be loaded). You see more
details if you increase the log level for lib to 2 or even 3, and the
plugin features (including those that were not loaded) are listed in the
output of `ipsec listplugins`.

Regards,
Tobias

[1] https://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1

CJ Fearnley

2018-07-10 13:20:02 UTC

Permalink

Your sha256 clue fixed the tonyhome connection. Thanks.

But although your suggestion of esp=3des-sha1-modp1024 overcame the
NO_PROPOSAL_CHOSEN hurdle, it still isn't working:

On the Strongswan side I see:

Jul 10 08:43:35 powerwall-34 charon: 08[NET] received packet: from 173.49.3.210[500] to 100.34.28.58[500] (292 bytes)
Jul 10 08:43:35 powerwall-34 charon: 08[ENC] parsed QUICK_MODE request 3817976272 [ HASH SA No KE ID ID ]
Jul 10 08:43:35 powerwall-34 charon: 08[ENC] generating QUICK_MODE response 3817976272 [ HASH SA No KE ID ID ]
Jul 10 08:43:35 powerwall-34 charon: 08[NET] sending packet: from 100.34.28.58[500] to 173.49.3.210[500] (308 bytes)
Jul 10 08:43:35 powerwall-34 charon: 09[NET] received packet: from 173.49.3.210[500] to 100.34.28.58[500] (68 bytes)
Jul 10 08:43:35 powerwall-34 charon: 09[ENC] parsed INFORMATIONAL_V1 request 2665448588 [ HASH N(ATTR_UNSUP) ]
Jul 10 08:43:35 powerwall-34 charon: 09[IKE] received ATTRIBUTES_NOT_SUPPORTED error notify
Jul 10 08:43:35 powerwall-34 charon: 09[IKE] received ATTRIBUTES_NOT_SUPPORTED error notify
Jul 10 08:44:05 powerwall-34 charon: 11[NET] received packet: from 173.49.3.210[500] to 100.34.28.58[500] (292 bytes)
Jul 10 08:44:05 powerwall-34 charon: 11[ENC] parsed QUICK_MODE request 3678149875 [ HASH SA No KE ID ID ]
Jul 10 08:44:05 powerwall-34 charon: 11[ENC] generating QUICK_MODE response 3678149875 [ HASH SA No KE ID ID ]
Jul 10 08:44:05 powerwall-34 charon: 11[NET] sending packet: from 100.34.28.58[500] to 173.49.3.210[500] (308 bytes)
Jul 10 08:44:05 powerwall-34 charon: 15[NET] received packet: from 173.49.3.210[500] to 100.34.28.58[500] (68 bytes)
Jul 10 08:44:05 powerwall-34 charon: 15[ENC] parsed INFORMATIONAL_V1 request 2484051682 [ HASH N(ATTR_UNSUP) ]
Jul 10 08:44:05 powerwall-34 charon: 15[IKE] received ATTRIBUTES_NOT_SUPPORTED error notify
Jul 10 08:44:05 powerwall-34 charon: 15[IKE] received ATTRIBUTES_NOT_SUPPORTED error notify

Here is what the Netgear SRX5308 reports in its logs:

Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: an undead schedule has been deleted:
'quick_i1prep'.
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: an undead schedule has been deleted:
'isakmp_ph2resend'.
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] ERROR: Phase2 negotiation failed for
100.34.28.58[500].
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify
payload[ATTRIBUTES-NOT-SUPPORTED]
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] ERROR: mismatched ID was returned.
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation:
173.49.3.210[0]<=>100.34.28.58[0]
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Configuration found for 100.34.28.58.
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Configuration found for 100.34.28.58.
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Using IPsec SA configuration:
192.168.11.1/24<->192.168.100.1/24
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: an undead schedule has been deleted:
'quick_i1prep'.
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: an undead schedule has been deleted:
'isakmp_ph2resend'.
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] ERROR: Phase2 negotiation failed for
100.34.28.58[500].
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify
payload[ATTRIBUTES-NOT-SUPPORTED]
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] ERROR: mismatched ID was returned.
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation:
173.49.3.210[0]<=>100.34.28.58[0]
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: Configuration found for 100.34.28.58.
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: Configuration found for 100.34.28.58.
Tue Jul 10 08:43:35 2018 (GMT -0400): [SRX5308] [IKE] INFO: Using IPsec SA configuration:
192.168.11.1/24<->192.168.100.1/24

What should I try next?

Post by Tobias Brunner
Hi,

Same thing as above, but with sha256 instead of sha1.

Nothing really wrong here, these plugin features are, for instance,
related to DSA, which none of our crypto plugins supports (i.e. there
will always be plugin features that can't be loaded). You see more
details if you increase the log level for lib to 2 or even 3, and the
plugin features (including those that were not loaded) are listed in the
output of `ipsec listplugins`.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1

--
CJ Fearnley | LinuxForce Inc.
***@LinuxForce.net | IT Projects & Systems Maintenance
http://www.LinuxForce.net | http://blog.remoteresponder.net

Tobias Brunner

2018-07-11 09:40:28 UTC

Permalink

Post by CJ Fearnley
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify
payload[ATTRIBUTES-NOT-SUPPORTED]
Tue Jul 10 08:44:05 2018 (GMT -0400): [SRX5308] [IKE] ERROR: mismatched ID was returned.

I suppose this means it doesn't like the returned subnets. So check
your left|rightsubnet settings for this connection. On both sides,

Post by CJ Fearnley
192.168.11.1/24<->192.168.100.1/24

.1/24 is technically the same as .0/24 but perhaps this box wants an
exact match, which strongSwan won't provide.

Regards,
Tobias