[strongSwan] New Android update option - how to best exploit?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed Jul 5 23:01:58 CEST 2017


That's because your locally configured ESP proposals do not contain AES_GCM_16_128.

On 05.07.2017 22:58, Karl Denninger wrote:
>
> On 7/5/2017 02:47, Tobias Brunner wrote:
>> Hi Karl,
>>
>>> Except that I can't install the server's certificate into Android's
>>> storage (whether from the base "Security" tab or in the StrongSwan
>>> client); it refuses and says there's no certificate it can import.
>> If you tried the import option in the CA certificate view of the app and
>> it doesn't show up, the mime-type is probably not set correctly (if it
>> is set correctly the strongSwan app should actually show up when trying
>> to open that file e.g. in the Downloads app).  If it does show up in the
>> file browser but the import fails, the file might be corrupt.
>>
>>> There's no "trusted" certificate option that I can find either in the
>>> VPN setup on the StrongSwan Android client -- just the selection for
>>> which CA cert to use (either automatic selection or you can pick from
>>> the installed and trusted certificates.)
>> That's the one.  After you imported the server cert into the app you can
>> select it as a "CA certificate" (you basically set the certificate to
>> use as trust anchor during authentication).
>>
>>> Going to ECDSA
>>> from an RSA certificate cut the fragments to 2 from 3, but I can't get
>>> it to "1", which would remove the fragmentation problem with connection
>>> setup.
>> Are you talking about IKE or IP fragments?  How big is the IKE_AUTH
>> response?
>>
>>> Then of course there's the base Windows VPN
>>> security issues to start with (e.g. the proposals it supports and such
>>> -- or more to the point, the ones it doesn't) which, frankly leave me in
>>> awe that our government appears at first blush to use it for
>>> rather-secure things (or do they?)
>> There is a registry key you can enable so it proposes a slightly better
>> DH group [1].
>>
>> Regards,
>> Tobias
>>
>> [1]
>> https://wiki.strongswan.org/projects/strongswan/wiki/Windows7#AES-256-CBC-and-MODP2048
>
> Yes, there are also some folks trying to harden the ESP side, but when I used what they claimed worked.... it didn't at all (no agreement on proposal)
>
> Jul  5 15:50:26 IpGw charon: 05[CFG] received proposals: ESP:AES_GCM_16_128/NO_EXT_SEQ
> Jul  5 15:50:26 IpGw charon: 05[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
> Jul  5 15:50:26 IpGw charon: 05[IKE] no acceptable proposal found
> Jul  5 15:50:26 IpGw charon: 05[IKE] failed to establish CHILD_SA, keeping IKE_SA
>
> What they recommended was... (from Powershell)
>
> Set-VpnConnectionIPsecConfiguration -ConnectionName "<NAME>" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA384 -DHGroup ECP256 -PfsGroup ECP256
>  
> Ref: https://github.com/trailofbits/algo/pull/464
>
> -- 
> Karl Denninger
> karl at denninger.net <mailto:karl at denninger.net>
> /The Market Ticker/
> /[S/MIME encrypted email preferred]/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170705/b965b471/attachment.sig>


More information about the Users mailing list