[strongSwan] Support of PFS for IKE SA

Sajal Malhotra sajalmalhotra at gmail.com
Fri Jun 27 20:56:07 CEST 2014 

Hi,

Just wondering if i use DH group in esp cipher suite however keep "pfs=no".
Then how does Strongswan charon behave?

We are facing an issue while using strongswan with a Peer Juniper SRX
Device.
- On Juniper PFS is disabled for configured CHILD_SA
- On Strongswan as well we have defined "pfs=no". However the esp ciper
suite still uses DH group 2. Following is connection configuration:

  conn CHLD_SA1

                ikelifetime=8640s

                keyexchange=ikev2

                keyingtries=%forever

                keylife=8640s

                *pfs=no*

                reauth=no

                rekey=yes

                mobike=no

                dpdaction=clear

                dpddelay=10

                rekeymargin=320s

                ike=aes128-sha1-modp1024,3des-sha1-modp1024!

                esp=3des-sha1-*modp1024,*aes128-sha1-*modp1024!*

                authby=rsasig

                left=40.40.40.2

                leftsubnet=172.18.21.25/32

                right=30.30.30.2

                rightsubnet=10.3.4.38/32

                leftprotoport=udp/49152

                rightprotoport=udp/49152

                leftid=192.168.255.230

                leftcert=/tmp/cert_16bbc8.pem

                rightid=%any

                auto=add

Now I observe that the SA gets established successfully. However the first
Rekey attempt made by Strongswan is rejected by Juniper SRX with error "No
Proposal Chosen".
I am just wondering that could it be because we have kept DH2 group
proposal in esp ciper suite, wheres on peer pfs is disabled?
However if this is true, then i am wondering what is the purpose of the
parameter "pfs=no". Doesn't strongswan internally handle sending correct
proposal while rekeying child SA with "pfs=no"

Would appreciate your help in sorting this out.

Thanks and Regards,
Sajal

On Tue, Mar 11, 2014 at 8:14 PM, Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Arun,
>
> The pfs option has no effect on IKEv2 connections.  It's an option used
> by the legacy IKEv1 daemon pluto, where it only affected Quick Mode SAs
> because ISAKMP SAs are always reestablished from scratch, so there
> always is a DH exchange.
>
> IKEv2 does support inline rekeying of IKE_SAs (reauth=no, rekey=yes) and
> there is always a DH exchange when doing so (see [1]).  To do a DH
> exchange when rekeying CHILD_SAs with IKEv2 (or IKEv1 since 5.x) you
> have to configure at least one DH group in the esp cipher suite as you
> already have in your config.
>
> Regards,
> Tobias
>
> [1] http://tools.ietf.org/html/rfc5996#section-2.18
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140628/6ee37c06/attachment.html>

More information about the Users mailing list