<div dir="ltr">Hello,<div><br></div><div>According to wiki:
<a href="https://docs.strongswan.org/docs/5.9/interop/windowsClients.html#_child_sa_rekeying" target="_blank">https://docs.strongswan.org/docs/5.9/interop/windowsClients.html#_child_sa_rekeying</a> </div><div>Win7 child rekeying is broken behind the NAT, so it is recommended to disable rekeying at all (rekey_time = 0)</div><div><div><br></div><div>I decided to check that, and it seems that rekeying works but not for PFS (DH groups aren't supported)</div><div><br></div><div>When I use DH for ESP (i.e ``aes256-sha1-modp1024``) strongswan sends DH (``CREATE_CHILD_SA`` with ``KE`` material if I understand it correctly) Windows says</div><div>``CREATE_CHILD_SA response 0 [ N(NO_PROP) ]``</div><div><br></div><div>But when I remove DH (``aes256-sha1``) I see no "KE" in ``CREATE_CHILD_SA``, which I believe means "Do not use PFS, obtain material from IKE instead"</div><div>Windows accepts it and strongswan deletes old SA and creates new!</div><div><br></div><div>15[ENC] parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ]</div><div>selecting proposal:</div><div>proposal matches<br>...</div><div> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ<br></div><div>..</div><div>15[IKE] inbound CHILD_SA road_warrior_vpn_child{128} established with SPIs c2cad60d_blah_blah<br></div><div><br></div></div><div>Funny fact: when you provide several proposals for ESP (with and without of DH) Windows goes wild:</div><div><br></div><div>``CREATE_CHILD_SA response 25 [ N(MS_STATUS(13816)) ]```<br></div><div><br></div><div>which means</div><div># for decimal 13816 / hex 0x35f8 :<br> ERROR_IPSEC_IKE_ERROR winerror.h<br></div><div><br></div><div>Conclusion: You do not need to disable rekeying at all, you only need to remove DH from the proposal (effectively disabling PFS) to support win7.</div><div>If so, shouldn't we fix the wiki?</div><div><br></div><div>Ilya.</div></div>