[strongSwan] IKEv2 rekey failure with IOS8

Tom Matthews tom at axiom-partners.com
Fri Jul 24 16:18:40 CEST 2015

Hello Tobias,

>> It also sounds like my suspicions about lack of PFS support in IOS8.3 are confirmed.
> Yes, looks like it (at least as responder of a rekeying).  Or perhaps
> just with this particular proposal.  Did you try without AES-GCM, or
> with different DH groups?  Support for AES-GCM this was added relatively
> recently with 8.3 so perhaps it's a regression only triggered by that
> algorithm (or the absence of an integrity algorithm in the proposal).
>>> Does the same happen if the client initiates the rekeying?  Does the
>>> behavior change if you don't use AES-GCM?

OK, that makes sense.

If I get the client to initiate the rekey (using a short LifeTimeInMinutes in ChildSecurityAssociationParameters),
this time also switching to AES-256 and DH params of 2 (the IOS default), it also ignores them :

### /etc/ipsec.conf ###

Jul 24 13:04:17 nibbler charon: 14[ENC] parsed CREATE_CHILD_SA request 2 [ N(REKEY_SA) SA No TSi TSr ]
Jul 24 13:04:17 nibbler charon: 14[CFG] selecting proposal:
Jul 24 13:04:17 nibbler charon: 14[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
Jul 24 13:04:17 nibbler charon: 14[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
Jul 24 13:04:17 nibbler charon: 14[IKE] no acceptable proposal found

To get the rekey to actually proceed and work, I must include an ESP proposal without DH params.

Perhaps I will try upgrading this device to IOS8.4 to see if PFS is enabled there.

Kind regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3565 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150724/2d5d3353/attachment.bin>

More information about the Users mailing list