[strongSwan] CHILD SA and PFS

Emeric POUPON emeric.poupon at stormshield.eu
Fri Aug 1 16:05:02 CEST 2014 

Hello,

I have some problems enabling PFS on the CHILD SA.
I'm using strongswan 5.2.0 on FreeBSD.


Here are the site configurations:

Site1 (responder):

config setup

conn %default
        ikelifetime=360m
        keylife=60m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        mobike=no

conn net-net
        left=172.18.0.53
        leftcert=sn3k_1.cert.pem
        leftid=gw1 at strongswan.org
        leftsubnet=172.53.0.0/16
        right=172.18.0.54
        rightid=gw2 at strongswan.org
        rightsubnet=172.54.0.0/16
        esp=aes128-sha1-modp2048!
        ike=aes128-sha1-modp2048!
        auto=add


Site2 (initiator):

config setup

conn %default
        ikelifetime=360m
        keylife=60m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        mobike=no

conn net-net
        left=172.18.0.54
        leftcert=gw2.cert.pem
        leftid=gw2 at strongswan.org
        leftsubnet=172.54.0.0/16
        right=172.18.0.53
        rightid=gw1 at strongswan.org
        rightsubnet=172.53.0.0/16
        esp=aes128-sha1-modp2048!
        ike=aes128-sha1-modp2048!
        auto=start


The connection is successfully established but it seems that the PFS is not performed:
On Site2:
Security Associations (1 up, 0 connecting):
     net-net[1]: ESTABLISHED 3 minutes ago, 172.18.0.53[gw1 at strongswan.org]...172.18.0.54[gw2 at strongswan.org]
     net-net[1]: IKEv2 SPIs: 1837b165005c381d_i f87f8f508829e60e_r*, public key reauthentication in 5 hours
     net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
     net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: ce15c957_i c609f4bc_o
     net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 51 minutes
     net-net{1}:   172.53.0.0/16 === 172.54.0.0/16 

Logs:
...
Aug  1 15:48:48 09[IKE] <net-net|1> establishing CHILD_SA net-net
Aug  1 15:48:48 09[CFG] <net-net|1> proposing traffic selectors for us:
Aug  1 15:48:48 09[CFG] <net-net|1>  172.54.0.0/16
Aug  1 15:48:48 09[CFG] <net-net|1> proposing traffic selectors for other:
Aug  1 15:48:48 09[CFG] <net-net|1>  172.53.0.0/16
Aug  1 15:48:48 09[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...
Aug  1 15:48:48 04[CFG] <net-net|1> received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Aug  1 15:48:48 04[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Aug  1 15:48:48 04[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...

Logs on responder site:
...
Aug  1 13:50:22 08[CFG] <net-net|1> received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Aug  1 13:50:22 08[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Aug  1 13:50:22 08[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...

Notice:
- the configured proposals when establishing the connection that do not include the modp group
- the selected proposal despite the strict requirement on the cipher suite (including pfs)


I also tried to set 'esp=aes128-sha1-modp4096!' on the initiator side.
Even worse, it does not change anything.

On initiator:
Security Associations (1 up, 0 connecting):
     net-net[1]: ESTABLISHED 63 seconds ago, 172.18.0.54[gw2 at strongswan.org]...172.18.0.53[gw1 at strongswan.org]
     net-net[1]: IKEv2 SPIs: 2755636f803ff0c8_i* 418abddaf9311d9e_r, public key reauthentication in 5 hours
     net-net[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
     net-net{1}:  INSTALLED, TUNNEL, ESP SPIs: c13a1c4f_i cdf2816d_o
     net-net{1}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 55 minutes
     net-net{1}:   172.54.0.0/16 === 172.53.0.0/16 

Logs:
...
Aug  1 15:59:05 07[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...
Aug  1 15:59:05 14[CFG] <net-net|1> received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Aug  1 15:59:05 14[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_4096/NO_EXT_SEQ
Aug  1 15:59:05 14[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...

Logs on responder:
...
Aug  1 14:00:39 11[CFG] <net-net|1> received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
Aug  1 14:00:39 11[CFG] <net-net|1> configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ
Aug  1 14:00:39 11[CFG] <net-net|1> selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
...


Maybe I miss something obvious, do you have any idea?

Best Regards,

Emeric

More information about the Users mailing list