<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">On 7/7/2017 11:35, Karl Denninger
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4aa9b964-aacc-f5c1-ea0b-7ce46b4ee7b8@denninger.net">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Having found that I can use a 224-bit EC key and that gets my
Android negotiation down to no-fragments. Since this is
approximately equal to a 2048-bit RSA key, which "for today" is
considered "good enough" for most web apps, this looks reasonable.<br>
<br>
However, I can't use it when I use EAP-TLS exchange, at least not
on the build I have -- or do I have it built wrong? :-)<br>
<br>
<tt>Jul 7 11:28:35 IpGw charon: 16[NET] received packet: from
208.54.70.197[20099] to 68.1.57.197[500] (624 bytes)<br>
Jul 7 11:28:35 IpGw charon: 16[ENC] parsed IKE_SA_INIT request
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] received MS NT5
ISAKMPOAKLEY v9 vendor ID<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] received MS-Negotiation
Discovery Capable vendor ID<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] received
Vid-Initial-Contact vendor ID<br>
Jul 7 11:28:35 IpGw charon: 16[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] 208.54.70.197 is initiating
an IKE_SA<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] remote host is behind NAT<br>
Jul 7 11:28:35 IpGw charon: 16[IKE] sending cert request for
"C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"<br>
Jul 7 11:28:35 IpGw charon: 16[ENC] generating IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ
N(MULT_AUTH) ]<br>
Jul 7 11:28:35 IpGw charon: 16[NET] sending packet: from
68.1.57.197[500] to 208.54.70.197[20099] (465 bytes)<br>
Jul 7 11:28:36 IpGw charon: 16[NET] received packet: from
208.54.70.197[38246] to 68.1.57.197[4500] (1436 bytes)<br>
Jul 7 11:28:36 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [
IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6
SRV6) SA TSi TSr ]<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] received cert request for
"C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] received 56 cert requests
for an unknown ca<br>
Jul 7 11:28:36 IpGw charon: 16[CFG] looking for peer configs
matching 68.1.57.197[%any]...208.54.70.197[192.168.43.165]<br>
Jul 7 11:28:36 IpGw charon: 16[CFG] selected peer config
'StrongSwan'<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] peer requested EAP, config
inacceptable<br>
Jul 7 11:28:36 IpGw charon: 16[CFG] switching to peer config
'WinUserCert'<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] initiating EAP_IDENTITY
method (id 0x00)<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] peer supports MOBIKE<br>
Jul 7 11:28:36 IpGw charon: 16[IKE] 224 bit ECDSA private key
size not supported<br>
Jul 7 11:28:36 IpGw charon: 16[ENC] generating IKE_AUTH
response 1 [ N(AUTH_FAILED) ]<br>
Jul 7 11:28:36 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 208.54.70.197[38246] (76 bytes)<br>
<br>
</tt>If I can get <i>that </i>to work when I can probably get my
Windows machines to <i>also </i>not need a frag-clean initial
connection...... it appears the problem is that I'm using
EAP_IDENTITY (and have to); the same key and certificate work fine
with the Android client and the "Strongswan" config.<br>
<br>
</blockquote>
I've done a bunch of additional playing around with this and it
appears that short of managing to get Windows to NOT send a
certificate request (which I've not figured out a way to do) for the
server identity there's no way to *reliably* get the initial IKE
exchanges comfortably under 1500 bytes. Not authenticating the
client via certificate (that is, using a login and password) doesn't
help since the connection is dying on the original server
certificate validation, which gets fragmented on its way back to the
client machine and thus it dies before the client's credentials get
presented:<br>
<br>
<tt>Jul 7 15:42:05 IpGw charon: 16[NET] received packet: from
172.56.20.195[26444] to 68.1.57.197[500] (624 bytes)<br>
Jul 7 15:42:05 IpGw charon: 16[ENC] parsed IKE_SA_INIT request 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] received MS NT5 ISAKMPOAKLEY
v9 vendor ID<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] received MS-Negotiation
Discovery Capable vendor ID<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] received Vid-Initial-Contact
vendor ID<br>
Jul 7 15:42:05 IpGw charon: 16[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] 172.56.20.195 is initiating
an IKE_SA<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] remote host is behind NAT<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] sending cert request for
"C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"<br>
Jul 7 15:42:05 IpGw charon: 16[ENC] generating IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ
N(MULT_AUTH) ]<br>
Jul 7 15:42:05 IpGw charon: 16[NET] sending packet: from
68.1.57.197[500] to 172.56.20.195[26444] (465 bytes)<br>
Jul 7 15:42:05 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)<br>
Jul 7 15:42:05 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [
IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6)
SA TSi TSr ]<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] received cert request for
"C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] received 56 cert requests for
an unknown ca<br>
Jul 7 15:42:05 IpGw charon: 16[CFG] looking for peer configs
matching 68.1.57.197[%any]...172.56.20.195[192.168.43.165]<br>
Jul 7 15:42:05 IpGw charon: 16[CFG] selected peer config
'StrongSwan'<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] peer requested EAP, config
inacceptable<br>
Jul 7 15:42:05 IpGw charon: 16[CFG] switching to peer config
'WinUserCert'<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] initiating EAP_IDENTITY
method (id 0x00)<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] peer supports MOBIKE<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] authentication of 'C=US,
ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net' (myself)
with RSA signature successful<br>
Jul 7 15:42:05 IpGw charon: 16[IKE] sending end entity cert
"C=US, ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net"<br>
Jul 7 15:42:05 IpGw charon: 16[ENC] generating IKE_AUTH response
1 [ IDr CERT AUTH EAP/REQ/ID ]<br>
<b>Jul 7 15:42:05 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes)
<<<- This gets fragmented and one of the frags gets
dropped.</b><br>
Jul 7 15:42:06 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)<br>
Jul 7 15:42:06 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [
IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6)
SA TSi TSr ]<br>
Jul 7 15:42:06 IpGw charon: 16[IKE] received retransmit of
request with ID 1, retransmitting response<br>
Jul 7 15:42:06 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes)<br>
Jul 7 15:42:07 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)<br>
Jul 7 15:42:07 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [
IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6)
SA TSi TSr ]<br>
Jul 7 15:42:07 IpGw charon: 16[IKE] received retransmit of
request with ID 1, retransmitting response<br>
Jul 7 15:42:07 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes)<br>
</tt><br>
If the connection comes up it's stable, but even if I load the
certificate on the client (which winds up going in "Other People",
an odd place) it still asks for it from the server. If I tell the
server not to send it ("leftsendcert=never") I get "Invalid payload
received" from the client when the connection tries to come up
although the server appears to be ok up until it blows up on the
client end. That is, it appears the Windows client won't look in
the local certificate store -- it requires the server's cert to be
sent back and that's enough data to cause the initial handshake to
fragment pretty-much no matter what you do.<br>
<br>
<tt>Jul 7 15:35:20 IpGw charon: 15[NET] received packet: from
172.56.20.195[26444] to 68.1.57.197[500] (624 bytes)</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[ENC] parsed IKE_SA_INIT
request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] received MS NT5
ISAKMPOAKLEY v9 vendor ID</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] received
MS-Negotiation Discovery Capable vendor ID</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] received
Vid-Initial-Contact vendor ID</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[ENC] received unknown
vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] 172.56.20.195 is
initiating an IKE_SA</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] remote host is behind
NAT</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] sending cert request
for "C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[ENC] generating IKE_SA_INIT
response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ
N(MULT_AUTH) ]</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[NET] sending packet: from
68.1.57.197[500] to 172.56.20.195[26444] (465 bytes)</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[ENC] parsed IKE_AUTH
request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6
DNS6 SRV6) SA TSi TSr ]</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] received cert request
for "C=US, ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda
Systems LLC CA, E=Cuda Systems LLC CA"</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] received 56 cert
requests for an unknown ca</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[CFG] looking for peer
configs matching 68.1.57.197[%any]...172.56.20.195[192.168.43.165]</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[CFG] selected peer config
'StrongSwan'</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] peer requested EAP,
config inacceptable</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[CFG] switching to peer
config 'WinUserCert'</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] initiating
EAP_IDENTITY method (id 0x00)</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] peer supports MOBIKE</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[IKE] authentication of
'C=US, ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net'
(myself) with RSA signature successful</tt><tt><br>
</tt><tt>Jul 7 15:35:20 IpGw charon: 15[ENC] generating IKE_AUTH
response 1 [ IDr AUTH EAP/REQ/ID ]</tt><tt><br>
</tt><b><tt>Jul 7 15:35:20 IpGw charon: 15[NET] sending packet:
from 68.1.57.197[4500] to 172.56.20.195[61840] (444 bytes)
<<- Safe and won't fragment, IF I could get Win 10 to
validate the cert locally!</tt></b><tt><br>
</tt><tt>Jul 7 15:35:50 IpGw charon: 15[JOB] deleting half open
IKE_SA with 172.56.20.195 after timeout</tt><br>
<br>
It thus appears that there's really no answer for a Windows machine
other than "you can't use it if any of the networks in the middle
will not reliably pass frags" since authentication of the *server*
will not succeed.<br>
<br>
Has anyone managed to get around this (or is there a third-party
Ikev2 client out there that will work?)<br>
<br>
<div class="moz-signature">-- <br>
Karl Denninger<br>
<a href="mailto:karl@denninger.net">karl@denninger.net</a><br>
<i>The Market Ticker</i><br>
<font size="-2"><i>[S/MIME encrypted email preferred]</i></font>
</div>
</body>
</html>