[strongSwan] SHA1 vs SHA256

Thomas Egerer hakke_007 at gmx.de
Tue Aug 8 09:39:04 CEST 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Dusan,

On 08/06/2017 08:13 PM, Dusan Ilic wrote:
> Hi Thomas,
> 
> I haven't upgraded it cause that's not an option, both endpoints are routers with Linux embedded.
> Below is the output after some pings from both sides.
> 
> Strongswan 5.5.2
> 
> ip -s x s s
> src 85.24.241.x dst 94.254.123.x
>         proto esp spi 0xce291943(3458799939) reqid 1(0x00000001) mode tunnel
>         replay-window 0 seq 0x00000000 flag nopmtudisc af-unspec (0x00100100)
>         auth-trunc hmac(sha256) 0xc45dd8403c10cfd32f8fe74003cc80a309b7a0decb185826ef62ac1763ae4bcd (256 bits) 128
>         enc cbc(aes) 0x0abb9115383986028a844ff1e71bd0f55aa22099d76785b288803ed7204aa23e (256 bits)
>         lifetime config:
>           limit: soft (INF)(bytes), hard (INF)(bytes)
>           limit: soft (INF)(packets), hard (INF)(packets)
>           expire add: soft 2762(sec), hard 3600(sec)
>           expire use: soft 0(sec), hard 0(sec)
>         lifetime current:
>           1416(bytes), 25(packets)
>           add 2017-08-06 20:08:26 use 2017-08-06 20:08:31
>         stats:
>           replay-window 0 replay 0 failed 0
> src 94.254.123.x dst 85.24.241.x
>         proto esp spi 0xc9359a4e(3375733326) reqid 1(0x00000001) mode tunnel
>         replay-window 32 seq 0x00000000 flag nopmtudisc af-unspec (0x00100100)
>         auth-trunc hmac(sha256) 0xfe9408ba634fe4276972fa79c9b60f12bffc766434298cb25738396d2b94dda9 (256 bits) 128
>         enc cbc(aes) 0x1fd6fd06781cee3bab6ed97a2f01793eded22f7360691430fdfb604c4e424066 (256 bits)
>         lifetime config:
>           limit: soft (INF)(bytes), hard (INF)(bytes)
>           limit: soft (INF)(packets), hard (INF)(packets)
>           expire add: soft 2895(sec), hard 3600(sec)
>           expire use: soft 0(sec), hard 0(sec)
>         lifetime current:
>           0(bytes), 0(packets)
>           add 2017-08-06 20:08:26 use 2017-08-06 20:08:28
>         stats:
>           replay-window 0 replay 0 failed 49
                                            ^^- this indicates a crypto-
graphic error with the received packets. As suspected in this thread
before, your peer -- which by the way has a very very sparse iproute2
output, did it get truncated -- most likely uses sha256 with a 96 bit
truncation.
- From quickly reading this entire thread I did not whether you have
tried the following proposal on both sides:

esp=aes128-sha256_96-modp2048!

Is building your own strongswan instance for the regular linux box an
option for you?

Cheers, Thomas
> 
> Strongswan 5.2.2
> 
> ip -s x s s
> src 94.254.123.x dst 85.24.241.x
>         proto esp spi 0xc9359a4e(3375733326) reqid 1(0x00000001) mode tunnel
> 
> Den 2017-08-06 kl. 16:49, skrev Thomas Egerer:
> Hello Dusan,
> 
> if you haven't yet updated your kernel, we might shed some light on
> the problem. Set up the tunnel with SHA256 and send a couple of
> packets from both sides. Then provide the output of
> 'ip -s x s s'
> 
> Cheers,
> Thomas
> 
> 
> On 08/04/2017 12:23 PM, Dusan Ilic wrote:
>>>> Hello!
>>>>
>>>> I have a strange issue, with both settings below the tunnel goes up as it should, but only with SHA1 in ESP traffic goes through. When I ping the remote client with ESP SHA256 it times out, even though the tunnel reports as being up by Strongswan.
>>>>
>>>> Traffic working:
>>>>
>>>> ike=aes256-sha256-modp2048!
>>>> esp=aes128-sha1-modp2048!
>>>>
>>>> Traffic not working:
>>>>
>>>> ike=aes256-sha256-modp2048!
>>>> esp=aes256-sha256-modp2048!
>>>>
>>>> Below combo doesn't work either:
>>>>
>>>> ike=aes256-sha256-modp2048!
>>>> esp=aes128-sha256-modp2048!
>>>>
>>>>
>>>> Also, are above settings good? I'm having AES128 on ESP because with AES256 I loose too much througput. Do you have any suggestions for change?
>>>>
>>>>
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZiWqTAAoJEGK31ONirBTGwM4P/09h6ueOW0FyL+ajqr2HfwA6
ubk9vbcGAZg4AlBcwgkg46lABucWWLhMN1ayaRNaLiK5pvn5pqYHOB0gk6RivDQg
gfj9koQlYrQQ2KHUt6ZOrosKSW2jzoIjz4U/aeOuI+ScHfTHuzLgSwmAi/qB17Ov
/i6Jbx25aChb+ioms4BmkQpacY37Shuq09sAh1coVZC7JMDEpsKvpsPhCV+dCWUM
FxBZOZJeWNVKPILPstF/zyc4nJFzvWssUEutJ/1tpUd8Mlehrt3xc78HbcLru5In
JWYAKLg1qjSd5nmlqJQ2at2uwOf3wfdykBZkGjVWsDGGtoLGA6+T8XMyKML0byhC
jR5+8I2NKLdtiPOoM1NbchZKjCCBR2zqNOsI833pEiqmFpjFfp4+gWqmmC0uR9cM
DAPbMCrckA6rhisqphT2i0tRAhnh4sqxCa1TjwuR+BcNWm+KKiIkhaP4NvfmHoH1
IVzZzHVCkr5/qJGOBCJM2Jc0ONI79e0xe26f4SJDn3sfEMsO5lxbM5cvN2XiZ8J7
Wu5f8aytiR4wLKHCRGvqw4hqaj0hoR505+jq4Ywos3GnEM5ylOoxLgEHT169aou+
vL1VwKYehCfQFKwI0uL70dOj3ASyjuR1dIEEBFgNL2xbGfJVEMZ1Rm7SMZb2hHph
UchHB0r5u4A2AcuTVBDR
=X/NO
-----END PGP SIGNATURE-----

More information about the Users mailing list