[strongSwan] IKEv2 rekey failure with IOS8
tom at axiom-partners.com
Fri Jul 24 16:18:40 CEST 2015
>> It also sounds like my suspicions about lack of PFS support in IOS8.3 are confirmed.
> Yes, looks like it (at least as responder of a rekeying). Or perhaps
> just with this particular proposal. Did you try without AES-GCM, or
> with different DH groups? Support for AES-GCM this was added relatively
> recently with 8.3 so perhaps it's a regression only triggered by that
> algorithm (or the absence of an integrity algorithm in the proposal).
>>> Does the same happen if the client initiates the rekeying? Does the
>>> behavior change if you don't use AES-GCM?
OK, that makes sense.
If I get the client to initiate the rekey (using a short LifeTimeInMinutes in ChildSecurityAssociationParameters),
this time also switching to AES-256 and DH params of 2 (the IOS default), it also ignores them :
### /etc/ipsec.conf ###
Jul 24 13:04:17 nibbler charon: 14[ENC] parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) SA No TSi TSr ]
Jul 24 13:04:17 nibbler charon: 14[CFG] selecting proposal:
Jul 24 13:04:17 nibbler charon: 14[CFG] no acceptable DIFFIE_HELLMAN_GROUP found
Jul 24 13:04:17 nibbler charon: 14[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[IKE] no acceptable proposal found
To get the rekey to actually proceed and work, I must include an ESP proposal without DH params.
Perhaps I will try upgrading this device to IOS8.4 to see if PFS is enabled there.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3565 bytes
Desc: not available
More information about the Users