[strongSwan] Connecting a Zyxel client with PSK to strongswan

CJ Fearnley cjf at LinuxForce.net
Fri Jan 22 06:04:07 CET 2016 

Unfortunately, the Zyxel's cannot use a CA signed cert, so I'm forced to
try to connect them with PSK despite our other ipsec clients using certs
(Netgears).

I have this configuration (Debian Jessie, Linux strongSwan
U5.2.1/K3.16.0-4-amd64):

config setup
    uniqueids=no

conn %default
    mobike=no
    keyexchange=ikev1
    left=216.130.102.66
    leftsubnet=192.168.101.0/24
    auto=add

conn CertBased
    leftid="C=US, ST=IL, L=Glenwood, O=[Private redacted], CN=[Private redacted], E=[Private redacted]"
    leftcert=[Private redacted],crt
    leftsendcert=always
    ike=3des-sha1-modp1024!
    esp=3des-sha1-modp1024!

conn Netgear
    rightsubnet=192.168.190.0/24
    right=%any
    also=CertBased

conn testzyxel
    rightsubnet=192.168.221.0/24
    leftsendcert=no
    authby=psk
    compress=no
    ikelifetime=8h
    lifetime=8h
    ike=aes256-sha256-modp1024!
    esp=aes256-sha256-modp1024!

The Netgear connections work. The testzyxel connections fail.

I've tried it with the ike= and esp= lines commented out too.

When I set ike logging to level 2: ipsec stroke loglevel ike 2, I see this in
the logs:

Jan 21 23:04:25 cw1 charon: 10[IKE] 207.8.183.25 is initiating a Main Mode IKE_SA
Jan 21 23:04:25 cw1 charon: 10[IKE] IKE_SA (unnamed)[19] state change: CREATED => CONNECTING
Jan 21 23:04:25 cw1 charon: 10[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
Jan 21 23:04:25 cw1 charon: 10[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 21 23:04:25 cw1 charon: 10[IKE] no proposal found

I have tried every combination of encryption & integrity algorigthms
that I could think of. It always claims to be configured for
3DES_CBC/HMAC_SHA1_96 instead of AES_CBC_256/HMAC_SHA2_256_128. Can this
be fixed?

I consulted https://wiki.strongswan.org/projects/1/wiki/IKEv1CipherSuites
and so I would think specifying aes256-sha256-modp1024 should work. Why isn't
strongswan accepting it?

In /etc/strongswan.d/charon.conf, I added the line
    # Plugins to load in the IKE daemon charon.
    load = openssl aes sha1 sha2 hmac x509

I included the part of the configuration that uses certs to authenticate
our Netgear clients. Could the ike= and esp= lines needed for the Netgears
be blocking the testzyxel stanza from using aes256-sha256?

Here is the output of "ipsec listalgs":

List of registered IKE algorithms:

sudo ipsec listalgs

List of registered IKE algorithms:

  encryption: AES_CBC[af-alg] DES_CBC[af-alg] DES_ECB[af-alg] 3DES_CBC[af-alg] AES_CTR[af-alg] CAMELLIA_CBC[af-alg]
              CAMELLIA_CTR[af-alg] CAST_CBC[af-alg] BLOWFISH_CBC[af-alg] SERPENT_CBC[af-alg] TWOFISH_CBC[af-alg]
              NULL[openssl] RC2_CBC[rc2]
  integrity:  HMAC_SHA1_96[af-alg] HMAC_SHA1_128[af-alg] HMAC_SHA1_160[af-alg] HMAC_SHA2_256_96[af-alg]
              HMAC_SHA2_256_128[af-alg] HMAC_MD5_96[af-alg] HMAC_MD5_128[af-alg] HMAC_SHA2_256_256[af-alg]
              HMAC_SHA2_384_192[af-alg] HMAC_SHA2_384_384[af-alg] HMAC_SHA2_512_256[af-alg] HMAC_SHA2_512_512[af-alg]
              AES_XCBC_96[af-alg] CAMELLIA_XCBC_96[af-alg] AES_CMAC_96[cmac]
  aead:       AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm]
              CAMELLIA_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm]
  hasher:     HASH_SHA1[af-alg] HASH_MD4[af-alg] HASH_MD5[af-alg] HASH_SHA224[af-alg] HASH_SHA256[af-alg]
              HASH_SHA384[af-alg] HASH_SHA512[af-alg]
  prf:        PRF_HMAC_SHA1[af-alg] PRF_HMAC_SHA2_256[af-alg] PRF_HMAC_MD5[af-alg] PRF_HMAC_SHA2_384[af-alg]
              PRF_HMAC_SHA2_512[af-alg] PRF_AES128_XCBC[af-alg] PRF_CAMELLIA128_XCBC[af-alg] PRF_AES128_CMAC[cmac]
              PRF_KEYED_SHA1[openssl] PRF_FIPS_SHA1_160[fips-prf]
  dh-group:   MODP_2048[gcrypt] MODP_2048_224[gcrypt] MODP_2048_256[gcrypt] MODP_1536[gcrypt] MODP_3072[gcrypt]
              MODP_4096[gcrypt] MODP_6144[gcrypt] MODP_8192[gcrypt] MODP_1024[gcrypt] MODP_1024_160[gcrypt]
              MODP_768[gcrypt] MODP_CUSTOM[gcrypt] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl]
              ECP_192[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]
  random-gen: RNG_WEAK[gcrypt] RNG_STRONG[gcrypt] RNG_TRUE[gcrypt]
  nonce-gen:  [nonce]

Do I need to specify another plugin? Am I missing a Debian package that
provides the aes256 encryption algorithm?

As a last try I wondered if maybe I need to configure strongswan with 3des by
adding the des plugin and trying with these line in and commented out:
    ike=3des-sha1-modp1024!
    esp=3des-sha1-modp1024!

Of course, I wasn't thinking backward and it didn't work. Any suggestions?

-- 
CJ Fearnley                 |   LinuxForce Inc.
cjf at LinuxForce.net          |   IT Projects & Systems Maintenance
http://www.LinuxForce.net   |   http://blog.remoteresponder.net

More information about the Users mailing list