[strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable

Arne Schmid arne.j.schmid at outlook.com
Wed May 4 12:49:17 CEST 2016 

Hi Tobias,

So its an issue with the cipher in the certificate vs. the cipher used to decrypt?

Do I configure the ciphers in strongswan.conf or ipsec.conf (via ike, esp)?

I wonder if switching to eap-mschapv2 would be more easy... (would like to get it running before I'm behind the great red firewall next week)

I use following certificats and the corresponding config:

Looking at the certificates in windows:

*** CA certificate: *** 
    Signature algorithm: sha1RSA
    Signature hash algorithm: sha1
    Issuer: CN = pointcode ca, O = pointcode, C = CN
    Subject: CN = pointcode ca, O = pointcode, C = CN
    Public key: RSA (2048 bytes)
    Basic Constraints: Subject Type=CA, Path Length Constraint=None
    Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing (06)
    Thumbprint algorithm: sha1
    Subject Key Identifier: 83 a4 70 f7 88 fd 53 70 ac 4b 32 35 23 af 33 e7 03 3a c7 ed

Both "Basic Constraints" and "Key Usage" have a yellow exclamation mark. Not sure, if this is relevant...


*** Server certificate: *** 
    Signature algorithm: sha1RSA
    Signature hash algorithm: sha1
    Issuer: CN = pointcode ca, O = pointcode, C = CN
    Subject: CN = vpn.pointcode.de, O = pointcode, C = CN
    Public key: RSA (2048 bytes)
    Basic Constraints: Subject Type=CA, Path Length Constraint=None
    Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing (06)
    Thumbprint algorithm: sha1
    Authority Key Identifier: KeyID=83 a4 70 f7 88 fd 53 70 ac 4b 32 35 23 af 33 e7 03 3a c7 ed
    Subject Alternative Name: DNS Name=vpn.pointcode.de
    Enhanced Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1)

The Authority Key Identifier is the Subject KeyID of the CA cert


*** Client certificate (inside .p12): *** 
    Signature algorithm: sha1RSA
    Signature hash algorithm: sha1
    Issuer: CN = pointcode ca, O = pointcode, C = CN
    Subject: CN = client at vpn.pointcode.de, O = pointcode, C = CN
    Public key: RSA (2048 bytes)
    Basic Constraints: Subject Type=CA, Path Length Constraint=None
    Key Usage: Certificate Signing, Off-line CRL Signing, CRL Signing (06)
    Thumbprint algorithm: sha1
    Authority Key Identifier: KeyID=83 a4 70 f7 88 fd 53 70 ac 4b 32 35 23 af 33 e7 03 3a c7 ed
    Subject Alternative Name: RFC822 Name=client at vpn.pointcode.de
    Enhanced Key Usage: Client Authentication (1.3.6.1.5.5.7.3.2)

The Authority Key Identifier is the Subject KeyID of the CA cert


*** strongswan.conf ***
    plugins {
        eap-tls {
            fragment_size = 512
        }
    }
    libtls {
        suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    }

** ipsec.conf ***
conn %default
    keyexchange=ikev2
    dpdaction=clear
    #ike=aes256-sha1-modp1024!
    #esp=aes256-sha1!
    ike=aes128-sha1-modp1024,aes128-sha1-modp2048,aes256-sha1-modp1024,aes128-sha256-ecp256,aes256-sha384-ecp384
    esp=aes128-sha1,aes256-sha1,aes128gcm128-ecp256,aes256gcm128-ecp384

thanks,
Arne




----------------------------------------
> To: arne.j.schmid at outlook.com; users at lists.strongswan.org
> From: tobias at strongswan.org
> Date: Tue, 3 May 2016 17:52:10 +0200
> Subject: Re: [strongSwan] Win7 and Window10Mobile: IKE authentication credentials are unacceptable
>
> Hi Arne,
>
>> Did a lot of searching to no avail.
>> I'm on OpenSSL 1.0.1e 11 Feb 2013 if that helps.
>
> That's not really relevant as strongSwan has its own TLS stack (only
> libcrypto is used from OpenSSL, e.g. ECDH here).
>
>> May 2 15:11:50 09[TLS] <winCert|1> processing TLS Handshake record (64 bytes)
>> May 2 15:11:50 09[TLS] <winCert|1> TLS record MAC verification failed
>
> This indicates the message couldn't be verified correctly. Since the
> TLS message is sent in an authenticated IKEv2 messages we can be sure it
> didn't get corrupted on the network. So it was either already sent
> corrupted or the two peers don't use the same keys or algorithms.
>
> In the other email you sent the error now is:
>
>> May 3 14:01:20 05[TLS] processing TLS Handshake record (64 bytes)
>> May 3 14:01:20 05[TLS] TLS record too short to verify MAC
>
> This is strange as the cipher suite is the same in both cases
> (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) and the record is the same length
> too. The only reason it could be too short when verifying the integrity
> is if the decryption produced a result that caused the removal of too
> much data as padding. Which again would indicate the two peers don't
> use the same keys/algorithms.
>
> It's difficult to tell what exactly the problem is without detailed
> debugging. You could try to use different cipher suites (see [1] for
> the configuration options). It might also be an issue with Windows 10
> Mobile because with Windows 7 (TLS 1.0, x86) and with Windows 10 EDU
> (TLS 1.2, x64) I don't have any problems using EAP-TLS with this exact
> same cipher suite.
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/Eaptls
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list