[strongSwan] IKEv1 with pubkey/xauth-eap and iOS6

A. Valentin | MarcanT GmbH avalentin at marcant.net
Tue Oct 23 12:04:09 CEST 2012


Hi!

I'm porting my complete IPsec configuration from racoon to strongSwan.
Until now everything worked fine, but now I have a problem with iPhones.
iOS 5 seems to work fine, just iOS 6 seems to mess up.

I have the following setup:
-strongSwan 5.0.1
-Debian System 6.0
-Kernel 3.6

ipsec.conf:
------------------------------------------------------------------------------
conn %default
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    authby=secret

conn fritz-base
    left=XX.14.XX.65
    leftsubnet=0.0.0.0/0
    leftid=@vpn.test.net
    right=%any
    esp=aes256-sha1-modp1024
    aggressive=yes
    authby=secret

conn rw-XXX
    also=fritz-base
    rightid=@XXX.dyn.test.net
    rightsubnet=192.168.20.0/24
    auto=add
   
# .. several of these connections are following ...

# Now the Base setup for Roadwarrior / iPhone Access
conn smartphone-base
    ikelifetime=60m
    keylife=20m
    rekeymargin=3m
    keyingtries=1
    leftauth=pubkey
    rightauth=pubkey
    rightauth2=xauth-eap
    left=XX.14.XX.65
    leftcert=vpn.test.net.pem
    right=%any
    modeconfig=push
    dpdaction=none
    dpddelay=70s
    dpdtimeout=180s

conn rw-smartphones
    also=smartphone-base
    leftsubnet=0.0.0.0/0
    rightsourceip=%vpnclients
    rightsubnet=10.150.240.192/26
    auto=add
------------------------------------------------------------------------------
While building this configuration, I testet it with the builtin Android
VPN Client. Everything worked fine.
After that I got an iPhone for testing purposes and tried it. 
Unfortunately the iPhone could not login.

Charon logs the following:
------------------------------------------------------------------------------
Oct  8 08:43:01 router charon: 13[NET] received packet: from
XXX.XX.XXX.69[500] to XXX.XX.XXX.65[500]
Oct  8 08:43:01 router charon: 13[ENC] parsed ID_PROT request 0 [ SA V V
V V V V V V V V V V V V ]
Oct  8 08:43:01 router charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received XAuth vendor ID
Oct  8 08:43:01 router charon: 13[IKE] received Cisco Unity vendor ID
Oct  8 08:43:01 router charon: 13[ENC] received unknown vendor ID:
40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00
Oct  8 08:43:01 router charon: 13[IKE] received DPD vendor ID
Oct  8 08:43:01 router charon: 13[IKE] XXX.XX.XXX.69 is initiating a
Main Mode IKE_SA
Oct  8 08:43:01 router charon: 13[ENC] generating ID_PROT response 0 [
SA V V V ]
Oct  8 08:43:01 router charon: 13[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:02 router charon: 14[NET] received packet: from
XXX.XX.XXX.69[500] to XXX.XX.XXX.65[500]
Oct  8 08:43:02 router charon: 14[ENC] parsed ID_PROT request 0 [ KE No
NAT-D NAT-D ]
Oct  8 08:43:02 router charon: 14[IKE] remote host is behind NAT
Oct  8 08:43:02 router charon: 14[IKE] sending cert request for "C=DE,
O=test.net, CN=test.net"
Oct  8 08:43:02 router charon: 14[ENC] generating ID_PROT response 0 [
KE No CERTREQ NAT-D NAT-D ]
Oct  8 08:43:02 router charon: 14[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:02 router charon: 10[MGR] ignoring request with ID 0,
already processing
Oct  8 08:43:02 router charon: 12[NET] received packet: from
XXX.XX.XXX.69[4500] to XXX.XX.XXX.65[4500]
Oct  8 08:43:02 router charon: 12[ENC] decryption failed, invalid length
Oct  8 08:43:02 router charon: 12[ENC] could not decrypt payloads
Oct  8 08:43:02 router charon: 12[IKE] integrity check failed
Oct  8 08:43:02 router charon: 12[ENC] generating INFORMATIONAL_V1
request 864425995 [ HASH N(INVAL_HASH) ]
Oct  8 08:43:02 router charon: 12[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:02 router charon: 12[IKE] ID_PROT request with message ID 0
processing failed
Oct  8 08:43:05 router charon: 15[NET] received packet: from
XXX.XX.XXX.69[4500] to XXX.XX.XXX.65[4500]
Oct  8 08:43:05 router charon: 15[ENC] decryption failed, invalid length
Oct  8 08:43:05 router charon: 15[ENC] could not decrypt payloads
Oct  8 08:43:05 router charon: 15[IKE] integrity check failed
Oct  8 08:43:05 router charon: 15[ENC] generating INFORMATIONAL_V1
request 230058107 [ HASH N(INVAL_HASH) ]
Oct  8 08:43:05 router charon: 15[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:05 router charon: 15[IKE] ID_PROT request with message ID 0
processing failed
Oct  8 08:43:05 router charon: 08[NET] received packet: from
XXX.XX.XXX.69[4500] to XXX.XX.XXX.65[4500]
Oct  8 08:43:05 router charon: 08[ENC] decryption failed, invalid length
Oct  8 08:43:05 router charon: 08[ENC] could not decrypt payloads
Oct  8 08:43:05 router charon: 08[IKE] integrity check failed
Oct  8 08:43:05 router charon: 08[ENC] generating INFORMATIONAL_V1
request 4020492302 [ HASH N(INVAL_HASH) ]
Oct  8 08:43:05 router charon: 08[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:05 router charon: 08[IKE] ID_PROT request with message ID 0
processing failed
Oct  8 08:43:08 router charon: 11[NET] received packet: from
XXX.XX.XXX.69[4500] to XXX.XX.XXX.65[4500]
Oct  8 08:43:08 router charon: 11[ENC] decryption failed, invalid length
Oct  8 08:43:08 router charon: 11[ENC] could not decrypt payloads
Oct  8 08:43:08 router charon: 11[IKE] integrity check failed
Oct  8 08:43:08 router charon: 11[ENC] generating INFORMATIONAL_V1
request 3150179182 [ HASH N(INVAL_HASH) ]
Oct  8 08:43:08 router charon: 11[NET] sending packet: from
XXX.XX.XXX.65[500] to XXX.XX.XXX.69[500]
Oct  8 08:43:08 router charon: 11[IKE] ID_PROT request with message ID 0
processing failed
Oct  8 08:43:08 router charon: 13[NET] received packet: from
XXX.XX.XXX.69[4500] to XXX.XX.XXX.65[4500]
Oct  8 08:43:08 router charon: 13[ENC] decryption failed, invalid length
Oct  8 08:43:08 router charon: 13[ENC] could not decrypt payloads
Oct  8 08:43:08 router charon: 13[IKE] integrity check failed
------------------------------------------------------------------------------

tcpdump on a intermediate router logs the following:
------------------------------------------------------------------------------
10:43:01.311534 IP (tos 0x0, ttl 63, id 1926, offset 0, flags [none],
proto UDP (17), length 696)
    XXX.XX.XXX.69.500 > XXX.XX.XXX.65.500: [udp sum ok] isakmp 1.0 msgid
00000000 cookie 2db5764027480913->0000000000000000: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=10
            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth
value=fded)(type=hash value=sha1)(type=group desc value=modp1536))
            (t: #2 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth
value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #3 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth
value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #4 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth
value=fded)(type=hash value=md5)(type=group desc value=modp1536))
            (t: #5 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth
value=fded)(type=hash value=md5)(type=group desc value=modp1024))
            (t: #6 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth
value=fded)(type=hash value=md5)(type=group desc value=modp1024))
            (t: #7 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=3des)(type=auth value=fded)(type=hash
value=sha1)(type=group desc value=modp1024))
            (t: #8 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=3des)(type=auth value=fded)(type=hash
value=md5)(type=group desc value=modp1024))
            (t: #9 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=1des)(type=auth value=fded)(type=hash
value=sha1)(type=group desc value=modp1024))
            (t: #10 id=ike (type=lifetype value=sec)(type=lifeduration
value=0e10)(type=enc value=1des)(type=auth value=fded)(type=hash
value=md5)(type=group desc value=modp1024))))
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=8)
    (vid: len=16)
    (vid: len=20)
    (vid: len=16)
10:43:01.313755 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
UDP (17), length 164)
    XXX.XX.XXX.65.500 > XXX.XX.XXX.69.500: [udp sum ok] isakmp 1.0 msgid
00000000 cookie 2db5764027480913->f47aab0836d4804d: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=aes)(type=keylen
value=0100)(type=hash value=sha1)(type=group desc
value=modp1536)(type=auth value=fded)(type=lifetype
value=sec)(type=lifeduration value=0e10))))
    (vid: len=8)
    (vid: len=16)
    (vid: len=16)
10:43:02.207474 IP (tos 0x0, ttl 63, id 48611, offset 0, flags [none],
proto UDP (17), length 320)
    XXX.XX.XXX.69.500 > XXX.XX.XXX.65.500: [udp sum ok] isakmp 1.0 msgid
00000000 cookie 2db5764027480913->f47aab0836d4804d: phase 1 I ident:
    (ke: key len=192)
    (nonce: n len=16 
data=(aca68aa751b51674a7eb...57d935ee4719e2f3c5998fc8965cd66e754548b2))
    (pay20)
    (pay20)
10:43:02.228187 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
UDP (17), length 406)
    XXX.XX.XXX.65.500 > XXX.XX.XXX.69.500: [udp sum ok] isakmp 1.0 msgid
00000000 cookie 2db5764027480913->f47aab0836d4804d: phase 1 R ident:
    (ke: key len=192)
    (nonce: n len=32 
data=(5ec3c1f979a5323c95ba...a15c7219bcc314acc946b3cb227ccc3b7501d617))
    (cr: len=66 type=x509sign)
    (pay20)
    (pay20)
10:43:02.936114 IP (tos 0x0, ttl 63, id 46068, offset 0, flags [none],
proto UDP (17), length 1312)
    XXX.XX.XXX.69.4500 > XXX.XX.XXX.65.4500: [udp sum ok] NONESP-encap:
isakmp 1.0 msgid 00000000 cookie 2db5764027480913->f47aab0836d4804d:
phase 1 I ident[E]: [encrypted #132]
10:43:02.936132 IP (tos 0x0, ttl 63, id 56716, offset 0, flags [none],
proto UDP (17), length 196)
    XXX.XX.XXX.69.4500 > XXX.XX.XXX.65.4500: [udp sum ok] NONESP-encap:
isakmp 1.0 msgid 00000000 cookie 2db5764027480913->f47aab0836d4804d:
phase 1 I ident[E]: [encrypted #132]
10:43:02.937294 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
UDP (17), length 104)
    XXX.XX.XXX.65.500 > XXX.XX.XXX.69.500: [udp sum ok] isakmp 1.0 msgid
3386180b cookie 2db5764027480913->f47aab0836d4804d: phase 2/others R
inf[E]: [encrypted hash]
10:43:05.895562 IP (tos 0x0, ttl 63, id 56791, offset 0, flags [none],
proto UDP (17), length 1312)
    XXX.XX.XXX.69.4500 > XXX.XX.XXX.65.4500: [udp sum ok] NONESP-encap:
isakmp 1.0 msgid 00000000 cookie 2db5764027480913->f47aab0836d4804d:
phase 1 I ident[E]: [encrypted #132]
10:43:05.896623 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
UDP (17), length 104)
    XXX.XX.XXX.65.500 > XXX.XX.XXX.69.500: [udp sum ok] isakmp 1.0 msgid
0db6687b cookie 2db5764027480913->f47aab0836d4804d: phase 2/others R
inf[E]: [encrypted hash]
10:43:05.896662 IP (tos 0x0, ttl 63, id 7131, offset 0, flags [none],
proto UDP (17), length 196)
    XXX.XX.XXX.69.4500 > XXX.XX.XXX.65.4500: [udp sum ok] NONESP-encap:
isakmp 1.0 msgid 00000000 cookie 2db5764027480913->f47aab0836d4804d:
phase 1 I ident[E]: [encrypted #132]
10:43:05.897261 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto
UDP (17), length 104)
    XXX.XX.XXX.65.500 > XXX.XX.XXX.69.500: [udp sum ok] isakmp 1.0 msgid
efa3d80e cookie 2db5764027480913->f47aab0836d4804d: phase 2/others R
inf[E]: [encrypted hash]
------------------------------------------------------------------------------

If I use PSK for phase 1 authentication, everything works as expected.
Except that DPD kills the connection after the dpdtimeout (That's why I
disabled it).
All configurations where formerly setup wit5h racoon and worked fine, so
the CA is verified

-- 
Mit freundlichen Grüßen,
André Valentin
Projektkoordination / Systemadministration

MarcanT GmbH, Ravensberger Str. 10 G, D - 33602 Bielefeld
Fon: +49 (521) 95945-0 | Fax -18
URL: http://www.marcant.net | http://www.global-m2m.com

Geschäftsführer: Thorsten Hojas
Handelsregister: AG Bielefeld, HRB 35827 USt-ID Nr.: DE 190203238
___________________________________________________________
CONFIDENTIALITY NOTICE
The contents of this email are confidential to the ordinary user of the 
email address to which it was addressed and may also be privileged. If 
you are not the addressee of this email you may not copy, forward, 
disclose or otherwise use it or any part of it in any form whatsoever.
If you have received this email in error please email the sender by 
replying to this message.
p





More information about the Users mailing list