[strongSwan] No acceptable DIFFIE_HELLMAN_GROUP found

Sat Nov 13 18:44:15 CET 2010

Hello Bill,

it seems that the Mocana client wants to do Perfect Forward Secrecy
(PFS) in the CHILD_SA but strongSwan hasn't enabled PFS:

esp=aes256gcm16,aes128gcm16!

Try

esp=aes256gcm16-modp1024-modp2048,aes128gcm16-modp1024-modp2048!

Regards

Andreas

On 11/13/2010 04:16 PM, William Greene wrote:
>
> I am perplexed. It looks to me like both sides could agree on a proposal
> but do not for some reason. I'm trying to set up an ipsec connection
> between StrongSwan on CentOS linux and a Mocana stack implementation on
> an embedded Linux device. I'm new to StrongSwan and if anyone can
> provide some guidance or suggestions, I'd be mucho appreciative. I've
> attached some relevant information below.
>
> Thanks in advance,
> Bill
>
>
> Nov 12 16:50:17 13[ENC] found payload of type TRAFFIC_SELECTOR_RESPONDER
> Nov 12 16:50:17 13[ENC] parsed CREATE_CHILD_SA request 13 [
> N(USE_TRANSP) SA No KE TSi TSr ]
> Nov 12 16:50:17 13[LIB] size of DH secret exponent: 1023 bits
> Nov 12 16:50:17 13[CFG] looking for a child config for
> 10.168.80.8/32[icmp] === 10.168.65.1/32[icmp]
> Nov 12 16:50:17 13[CFG] proposing traffic selectors for us:
> Nov 12 16:50:17 13[CFG] 10.168.80.8/32 (derived from dynamic)
> Nov 12 16:50:17 13[CFG] proposing traffic selectors for other:
> Nov 12 16:50:17 13[CFG] 10.168.65.1/32 (derived from dynamic)
> Nov 12 16:50:17 13[CFG] candidate "testipsec" with prio 1+1
> Nov 12 16:50:17 13[CFG] found matching child config "testipsec" with prio 2
> Nov 12 16:50:17 13[CFG] selecting proposal:
> Nov 12 16:50:17 13[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
> Nov 12 16:50:17 13[CFG] selecting proposal:
> Nov 12 16:50:17 13[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
> Nov 12 16:50:17 13[CFG] received proposals:
> ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/HMAC_SHA2_256_128/MODP_1024/MODP_768/MODP_1536/MODP_2048/MODP_NONE/NO_EXT_SEQ
> Nov 12 16:50:17 13[CFG] configured proposals:
> ESP:AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_GCM_16_128/NO_EXT_SEQ
> Nov 12 16:50:17 13[IKE] no acceptable proposal found
> Nov 12 16:50:17 13[ENC] added payload of type NOTIFY to message
> Nov 12 16:50:17 13[ENC] added payload of type NOTIFY to message
> Nov 12 16:50:17 13[ENC] generating CREATE_CHILD_SA response 13 [
> N(NO_PROP) ]
> Nov 12 16:50:17 13[ENC] insert payload NOTIFY to encryption payload
> Nov 12 16:50:17 13[ENC] generating payload of type HEADER
>
>
> [root at KAP8 etc]# ipsec statusall
> Status of IKEv2 charon daemon (strongSwan 4.5.0):
> uptime: 4 minutes, since Nov 12 16:48:36 2010
> malloc: sbrk 253952, mmap 0, used 175408, free 78544
> worker threads: 9 idle of 16, job queue load: 0, scheduled events: 2
> loaded plugins: aes des sha1 sha2 md5 random x509 revocation pubkey
> pkcs1 pgp pem openssl gcrypt fips-prf gmp xcbc hmac gcm attr
> kernel-netlink resolve socket-raw stroke updown
> Listening IP addresses:
> 10.168.80.8
> 2005:a8::21e:c9ff:feff:124
> 2004:a8::21e:c9ff:feff:124
> Connections:
> testipsec: 10.168.80.8...10.168.65.1
> testipsec: local: [10.168.80.8] uses pre-shared key authentication
> testipsec: remote: [10.168.65.1] uses any authentication
> testipsec: child: dynamic === dynamic
> Security Associations:
> testipsec[1]: ESTABLISHED 3 minutes ago,
> 10.168.80.8[10.168.80.8]...10.168.65.1[10.168.65.1]
> testipsec[1]: IKE SPIs: 94ffc82723b04b1b_i* 07df56bf80bfe16f_r,
> pre-shared key reauthentication in 52 minutes
> testipsec[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> [root at KAP8 etc]#
> [root at KAP8 etc]#
> [root at KAP8 etc]#
> [root at KAP8 etc]# ipsec listall
>
> List of registered IKEv2 Algorithms:
>
> encryption: AES_CBC 3DES_CBC DES_CBC DES_ECB CAMELLIA_CBC RC5_CBC
> IDEA_CBC CAST_CBC BLOWFISH_CBC NULL AES_CTR CAMELLIA_CTR SERPENT_CBC
> TWOFISH_CBC
> integrity: AES_XCBC_96 CAMELLIA_XCBC_96 HMAC_SHA1_96 HMAC_SHA1_128
> HMAC_SHA1_160 HMAC_SHA2_256_128 HMAC_SHA2_256_256 HMAC_MD5_96
> HMAC_MD5_128 HMAC_SHA2_384_192 HMAC_SHA2_384_384 HMAC_SHA2_512_256
> aead: AES_GCM_8 AES_GCM_12 AES_GCM_16
> hasher: HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 HASH_SHA512
> HASH_MD5 HASH_MD2 HASH_MD4
> prf: PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_XCBC
> PRF_CAMELLIA128_XCBC PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5
> PRF_HMAC_SHA2_384 PRF_HMAC_SHA2_512
> dh-group: MODP_2048 MODP_2048_224 MODP_2048_256 MODP_1536 ECP_256
> ECP_384 ECP_521 ECP_224 ECP_192 MODP_3072 MODP_4096 MODP_6144 MODP_8192
> MODP_1024 MODP_1024_160 MODP_768 MODP_CUSTOM
> [root at KAP8 etc]#
>
>
> [root at KAP8 etc]# cat ipsec.conf
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
> config setup
> # plutodebug=all
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yes
> # nat_traversal=yes
> # charonstart=no
> plutostart=no
>
> # Add connections here.
>
> conn %default
> ikelifetime=60m
> keylife=20m
> rekeymargin=3m
> keyingtries=1
> mobike=no
> authby=secret
> keyexchange=ikev2
> #ike=aes256-sha256-ecp256,aes128-sha256-ecp256!
> esp=aes256gcm16,aes128gcm16!
>
> conn testipsec
> type=transport
> left=10.168.80.8
> #leftprotoport=icmp
> #leftid=kap
> right=10.168.65.1
> #rightprotoport=icmp
> #rightid=cep
> auto=add
> [root at KAP8 etc]#
>
> [root at KAP8 etc]# ipsec version
> Linux strongSwan U4.5.0/K2.6.36-1
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> [root at KAP8 etc]#
> [root at KAP8 etc]# openssl version
> OpenSSL 0.9.8n 24 Mar 2010
> [root at KAP8 etc]#

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==