[strongSwan] failing to decrypt esp

Chad Winckler cwinckler at westell.com
Tue Mar 5 21:17:14 CET 2013 

Hi,

I am trying to setup a simple road warrior test between an ubuntu machine
running strongswan 4.5.2 (192.168.1.3) and a device under test (192.168.1.208)
running strongswan 5.0.2 with a laptop behind (192.168.2.2).

I establish a tunnel using mostly defaults and pinging 1.3 to 2.2 results in the
following kernel error in the DUT:

esp_input:409: crypto_aead_decrypt err=-22

As another data point, if I don't enable NULL encryption in the kernel of the
DUT then I don't even get past the esp initialization to setup the SA.  The
error in that case is:

esp_init_authenc:583: err=-2

And if I forceencaps on the ubuntu machine then the crypto function above is
successful but the ping still doesn't complete.  In this case I do see input
stats on the DUT statusall command but I have not yet observed any traffic
passing through the tunnel in the DUT output stats.

I appreciate any insight into my configuration or perhaps kernel compilation.
thanks,
Chad



My setup files are as follows:

on the 192.168.1.3 machine:
ipsec.conf:
config setup
	nat_traversal=no
	charonstart=yes
	charondebug="ike 2, knl 3, cfg 0"

conn home
	left=192.168.1.3
	right=192.168.1.208
	rightsubnet=192.168.2.0/24
	keyexchange=ikev2
	auto=start
	authby=secret

ipsec statusall:
000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 10.16.94.178:500
000 interface eth1/eth1 192.168.1.3:500
000 %myid = '%any'
000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve 
000 debug options: none
000 
Status of IKEv2 charon daemon (strongSwan 4.5.2):
  uptime: 33 minutes, since Mar 05 12:50:03 2013
  malloc: sbrk 278528, mmap 0, used 225288, free 53240
  worker threads: 6 idle of 16, job queue load: 0, scheduled events: 10
  loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509
revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11
xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown
eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls
eap-tnc nm dhcp led addrblock 
Listening IP addresses:
  10.16.94.178
  192.168.1.3
Connections:
        home:  192.168.1.3...192.168.1.208
        home:   local:  [192.168.1.3] uses pre-shared key authentication
        home:   remote: [192.168.1.208] uses any authentication
        home:   child:  dynamic === 192.168.2.0/24 
Security Associations:
        home[4]: ESTABLISHED 25 minutes ago,
192.168.1.3[192.168.1.3]...192.168.1.208[192.168.1.208]
        home[4]: IKE SPIs: cde08fb0c691c875_i db7e535b729425fe_r*, pre-shared
key reauthentication in 2 hours
        home[4]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        home{5}:  INSTALLED, TUNNEL, ESP SPIs: c19173e1_i c93a9440_o
        home{5}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 252 bytes_o (1489s ago),
rekeying in 19 minutes
        home{5}:   192.168.1.3/32 === 192.168.2.0/24 


on the 192.168.1.208 DUT:
ipsec.conf:
config setup
        charondebug="ike 4, knl 4, net 4, enc 4, lib 4, dmn 4, mgr 4, chd 4"
        charonstart=yes
        nat_traversal=yes
        plutodebug=all
        plutostart=no

conn rw
        authby=secret
        auto=start
        forceencaps=no
        keyexchange=ikev2
        keyingtries=1
        left=192.168.1.208
        right=192.168.1.3
        leftfirewall=yes
        leftsubnet=192.168.2.0/24

ipsec statusall:
Status of IKE charon daemon (strongSwan 5.0.2, Linux 2.6.38, m68k):
  uptime: 33 minutes, since Jan 01 05:00:52 2000
  malloc: sbrk 262144, mmap 0, used 109888, free 152256
  worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 10
  loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr
kernel-netlink resolve socket-default stroke updown eap-aka xauth-generic
Listening IP addresses:
  192.168.1.222
  192.168.2.1
  192.168.1.208
Connections:
          rw:  192.168.1.208...192.168.1.3  IKEv2
          rw:   local:  [192.168.1.208] uses pre-shared key authentication
          rw:   remote: [192.168.1.3] uses pre-shared key authentication
          rw:   child:  192.168.2.0/24 === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
          rw[5]: ESTABLISHED 27 minutes ago,
192.168.1.208[192.168.1.208]...192.168.1.3[192.168.1.3]
          rw[5]: IKEv2 SPIs: 75c891c6b08fe0cd_i* fe2594725b537edb_r, pre-shared
key reauthentication in 2 hours
          rw[5]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
          rw{4}:  INSTALLED, TUNNEL, ESP SPIs: c93a9440_i c19173e1_o
          rw{4}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 16
minutes
          rw{4}:   192.168.2.0/24 === 192.168.1.3/32 

ip -s xfrm state
src 192.168.1.208 dst 192.168.1.3
        proto esp spi 0xc19173e1(3247535073) reqid 4(0x00000004) mode tunnel
        replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
        enc cbc(aes) 0xccde20ccf4265eaf08aebd1b0b80c487 (128 bits)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 2613(sec), hard 3600(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2000-01-01 05:07:45 use -
        stats:
          replay-window 0 replay 0 failed 0
src 192.168.1.3 dst 192.168.1.208
        proto esp spi 0xc93a9440(3376059456) reqid 4(0x00000004) mode tunnel
        replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
        enc cbc(aes) 0x57f05aa27803b04425fc2c07d10d3581 (128 bits)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 2850(sec), hard 3600(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2000-01-01 05:07:45 use 2000-01-01 05:07:59
        stats:
          replay-window 0 replay 0 failed 0


I have the following security kernel modules built-in:
#
# Security options
#
CONFIG_KEYS=y
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_CRYPTO=y

#
# Crypto core or helper
#
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_PCOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_AUTHENC=y

#
# Authenticated Encryption with Associated Data
#
CONFIG_CRYPTO_CCM=y

#
# Block modes
#
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y

#
# Hash modes
#
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_XCBC=y

#
# Digest
#
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA256=y

#
# Ciphers
#
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_DES=y

#
# Compression
#
CONFIG_CRYPTO_DEFLATE=y

all firewall rules are in place and my source route is:
ip route list table 220
192.168.1.3 via 192.168.1.3 dev eth1.3  proto static  src 192.168.2.1

More information about the Users mailing list