[strongSwan] Any Windows 10 options if you can't get a clean, reliable "will pass" frag path?

Karl Denninger karl at denninger.net
Fri Jul 7 22:47:47 CEST 2017 

On 7/7/2017 11:35, Karl Denninger wrote:
> Having found that I can use a 224-bit EC key and that gets my Android
> negotiation down to no-fragments.  Since this is approximately equal
> to a 2048-bit RSA key, which "for today" is considered "good enough"
> for most web apps, this looks reasonable.
>
> However, I can't use it when I use EAP-TLS exchange, at least not on
> the build I have -- or do I have it built wrong? :-)
>
> Jul  7 11:28:35 IpGw charon: 16[NET] received packet: from
> 208.54.70.197[20099] to 68.1.57.197[500] (624 bytes)
> Jul  7 11:28:35 IpGw charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
> Jul  7 11:28:35 IpGw charon: 16[IKE] received MS NT5 ISAKMPOAKLEY v9
> vendor ID
> Jul  7 11:28:35 IpGw charon: 16[IKE] received MS-Negotiation Discovery
> Capable vendor ID
> Jul  7 11:28:35 IpGw charon: 16[IKE] received Vid-Initial-Contact
> vendor ID
> Jul  7 11:28:35 IpGw charon: 16[ENC] received unknown vendor ID:
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
> Jul  7 11:28:35 IpGw charon: 16[IKE] 208.54.70.197 is initiating an IKE_SA
> Jul  7 11:28:35 IpGw charon: 16[IKE] remote host is behind NAT
> Jul  7 11:28:35 IpGw charon: 16[IKE] sending cert request for "C=US,
> ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
> E=Cuda Systems LLC CA"
> Jul  7 11:28:35 IpGw charon: 16[ENC] generating IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> Jul  7 11:28:35 IpGw charon: 16[NET] sending packet: from
> 68.1.57.197[500] to 208.54.70.197[20099] (465 bytes)
> Jul  7 11:28:36 IpGw charon: 16[NET] received packet: from
> 208.54.70.197[38246] to 68.1.57.197[4500] (1436 bytes)
> Jul  7 11:28:36 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi
> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
> Jul  7 11:28:36 IpGw charon: 16[IKE] received cert request for "C=US,
> ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
> E=Cuda Systems LLC CA"
> Jul  7 11:28:36 IpGw charon: 16[IKE] received 56 cert requests for an
> unknown ca
> Jul  7 11:28:36 IpGw charon: 16[CFG] looking for peer configs matching
> 68.1.57.197[%any]...208.54.70.197[192.168.43.165]
> Jul  7 11:28:36 IpGw charon: 16[CFG] selected peer config 'StrongSwan'
> Jul  7 11:28:36 IpGw charon: 16[IKE] peer requested EAP, config
> inacceptable
> Jul  7 11:28:36 IpGw charon: 16[CFG] switching to peer config
> 'WinUserCert'
> Jul  7 11:28:36 IpGw charon: 16[IKE] initiating EAP_IDENTITY method
> (id 0x00)
> Jul  7 11:28:36 IpGw charon: 16[IKE] peer supports MOBIKE
> Jul  7 11:28:36 IpGw charon: 16[IKE] 224 bit ECDSA private key size
> not supported
> Jul  7 11:28:36 IpGw charon: 16[ENC] generating IKE_AUTH response 1 [
> N(AUTH_FAILED) ]
> Jul  7 11:28:36 IpGw charon: 16[NET] sending packet: from
> 68.1.57.197[4500] to 208.54.70.197[38246] (76 bytes)
>
> If I can get /that /to work when I can probably get my Windows
> machines to /also /not need a frag-clean initial connection...... it
> appears the problem is that I'm using EAP_IDENTITY (and have to); the
> same key and certificate work fine with the Android client and the
> "Strongswan" config.
>
I've done a bunch of additional playing around with this and it appears
that short of managing to get Windows to NOT send a certificate request
(which I've not figured out a way to do) for the server identity there's
no way to *reliably* get the initial IKE exchanges comfortably under
1500 bytes.  Not authenticating the client via certificate (that is,
using a login and password) doesn't help since the connection is dying
on the original server certificate validation, which gets fragmented on
its way back to the client machine and thus it dies before the client's
credentials get presented:

Jul  7 15:42:05 IpGw charon: 16[NET] received packet: from
172.56.20.195[26444] to 68.1.57.197[500] (624 bytes)
Jul  7 15:42:05 IpGw charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jul  7 15:42:05 IpGw charon: 16[IKE] received MS NT5 ISAKMPOAKLEY v9
vendor ID
Jul  7 15:42:05 IpGw charon: 16[IKE] received MS-Negotiation Discovery
Capable vendor ID
Jul  7 15:42:05 IpGw charon: 16[IKE] received Vid-Initial-Contact vendor ID
Jul  7 15:42:05 IpGw charon: 16[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jul  7 15:42:05 IpGw charon: 16[IKE] 172.56.20.195 is initiating an IKE_SA
Jul  7 15:42:05 IpGw charon: 16[IKE] remote host is behind NAT
Jul  7 15:42:05 IpGw charon: 16[IKE] sending cert request for "C=US,
ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
E=Cuda Systems LLC CA"
Jul  7 15:42:05 IpGw charon: 16[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Jul  7 15:42:05 IpGw charon: 16[NET] sending packet: from
68.1.57.197[500] to 172.56.20.195[26444] (465 bytes)
Jul  7 15:42:05 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)
Jul  7 15:42:05 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jul  7 15:42:05 IpGw charon: 16[IKE] received cert request for "C=US,
ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
E=Cuda Systems LLC CA"
Jul  7 15:42:05 IpGw charon: 16[IKE] received 56 cert requests for an
unknown ca
Jul  7 15:42:05 IpGw charon: 16[CFG] looking for peer configs matching
68.1.57.197[%any]...172.56.20.195[192.168.43.165]
Jul  7 15:42:05 IpGw charon: 16[CFG] selected peer config 'StrongSwan'
Jul  7 15:42:05 IpGw charon: 16[IKE] peer requested EAP, config inacceptable
Jul  7 15:42:05 IpGw charon: 16[CFG] switching to peer config 'WinUserCert'
Jul  7 15:42:05 IpGw charon: 16[IKE] initiating EAP_IDENTITY method (id
0x00)
Jul  7 15:42:05 IpGw charon: 16[IKE] peer supports MOBIKE
Jul  7 15:42:05 IpGw charon: 16[IKE] authentication of 'C=US,
ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net' (myself) with
RSA signature successful
Jul  7 15:42:05 IpGw charon: 16[IKE] sending end entity cert "C=US,
ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net"
Jul  7 15:42:05 IpGw charon: 16[ENC] generating IKE_AUTH response 1 [
IDr CERT AUTH EAP/REQ/ID ]
*Jul  7 15:42:05 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes) <<<- This gets
fragmented and one of the frags gets dropped.*
Jul  7 15:42:06 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)
Jul  7 15:42:06 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jul  7 15:42:06 IpGw charon: 16[IKE] received retransmit of request with
ID 1, retransmitting response
Jul  7 15:42:06 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes)
Jul  7 15:42:07 IpGw charon: 16[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)
Jul  7 15:42:07 IpGw charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jul  7 15:42:07 IpGw charon: 16[IKE] received retransmit of request with
ID 1, retransmitting response
Jul  7 15:42:07 IpGw charon: 16[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (1868 bytes)

If the connection comes up it's stable, but even if I load the
certificate on the client (which winds up going in "Other People", an
odd place) it still asks for it from the server.  If I tell the server
not to send it ("leftsendcert=never") I get "Invalid payload received"
from the client when the connection tries to come up although the server
appears to be ok up until it blows up on the client end.  That is, it
appears the Windows client won't look in the local certificate store --
it requires the server's cert to be sent back and that's enough data to
cause the initial handshake to fragment pretty-much no matter what you do.

Jul  7 15:35:20 IpGw charon: 15[NET] received packet: from
172.56.20.195[26444] to 68.1.57.197[500] (624 bytes)
Jul  7 15:35:20 IpGw charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jul  7 15:35:20 IpGw charon: 15[IKE] received MS NT5 ISAKMPOAKLEY v9
vendor ID
Jul  7 15:35:20 IpGw charon: 15[IKE] received MS-Negotiation Discovery
Capable vendor ID
Jul  7 15:35:20 IpGw charon: 15[IKE] received Vid-Initial-Contact vendor ID
Jul  7 15:35:20 IpGw charon: 15[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jul  7 15:35:20 IpGw charon: 15[IKE] 172.56.20.195 is initiating an IKE_SA
Jul  7 15:35:20 IpGw charon: 15[IKE] remote host is behind NAT
Jul  7 15:35:20 IpGw charon: 15[IKE] sending cert request for "C=US,
ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
E=Cuda Systems LLC CA"
Jul  7 15:35:20 IpGw charon: 15[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Jul  7 15:35:20 IpGw charon: 15[NET] sending packet: from
68.1.57.197[500] to 172.56.20.195[26444] (465 bytes)
Jul  7 15:35:20 IpGw charon: 15[NET] received packet: from
172.56.20.195[61840] to 68.1.57.197[4500] (1436 bytes)
Jul  7 15:35:20 IpGw charon: 15[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jul  7 15:35:20 IpGw charon: 15[IKE] received cert request for "C=US,
ST=Florida, L=Niceville, O=Cuda Systems LLC, CN=Cuda Systems LLC CA,
E=Cuda Systems LLC CA"
Jul  7 15:35:20 IpGw charon: 15[IKE] received 56 cert requests for an
unknown ca
Jul  7 15:35:20 IpGw charon: 15[CFG] looking for peer configs matching
68.1.57.197[%any]...172.56.20.195[192.168.43.165]
Jul  7 15:35:20 IpGw charon: 15[CFG] selected peer config 'StrongSwan'
Jul  7 15:35:20 IpGw charon: 15[IKE] peer requested EAP, config inacceptable
Jul  7 15:35:20 IpGw charon: 15[CFG] switching to peer config 'WinUserCert'
Jul  7 15:35:20 IpGw charon: 15[IKE] initiating EAP_IDENTITY method (id
0x00)
Jul  7 15:35:20 IpGw charon: 15[IKE] peer supports MOBIKE
Jul  7 15:35:20 IpGw charon: 15[IKE] authentication of 'C=US,
ST=Florida, O=Cuda Systems LLC, CN=genesis.denninger.net' (myself) with
RSA signature successful
Jul  7 15:35:20 IpGw charon: 15[ENC] generating IKE_AUTH response 1 [
IDr AUTH EAP/REQ/ID ]
*Jul  7 15:35:20 IpGw charon: 15[NET] sending packet: from
68.1.57.197[4500] to 172.56.20.195[61840] (444 bytes) <<- Safe and won't
fragment, IF I could get Win 10 to validate the cert locally!*
Jul  7 15:35:50 IpGw charon: 15[JOB] deleting half open IKE_SA with
172.56.20.195 after timeout

It thus appears that there's really no answer for a Windows machine
other than "you can't use it if any of the networks in the middle will
not reliably pass frags" since authentication of the *server* will not
succeed.

Has anyone managed to get around this (or is there a third-party Ikev2
client out there that will work?)

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170707/df4ed9d2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2993 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170707/df4ed9d2/attachment-0001.bin>

More information about the Users mailing list