[strongSwan] "No trusted RSA public key found for [..]" again
bluesky787 at posteo.de
bluesky787 at posteo.de
Fri Sep 13 15:23:34 CEST 2019
Hello dear devs and community,
I am reaching out for you because I have done much research and still
couldn’t find the issue, although this issue seems common to you - I
found many threads in your mailing list.
I am using strongswan U5.5.1 on a Debian VM hosted on a Qubes system.
Strongswan should act as a roadwarrior ikev2 client and can’t connect to
the server because it’s refusing the server certificate with error “No
trusted RSA public key found for ‘CN=LANCOM VPN’”. I am in control over
the VPN server (a LANCOM router), the certificates and the VPN client.
The server has no DNS name, but a static IP address.
I have checked all the recommended settings in the FAQ
(https://wiki.strongswan.org/projects/strongswan/wiki/FAQ). These are:
- "The client transmits its certificate to the remote peer (Configure
logging as shown on the HelpRequests page and search for "cert" without
")"
--> Check. The Log shows the cert by its CN.
- "The remote peer trusts the root CA that issued the client's
certificate or the client's certificate is locally available and loaded
(check with ipsec listcerts
or swanctl --list-certs)"
--> Check. I have created 3 certificates for testing purposes. The
root cert is saved to \etc\ipsec.d\cacerts, the client cert under \certs
is signed by the CA. For testing, I also imported the public server
cert. Here's the output of --listcacerts and --listcerts:
List of X.509 CA Certificates
subject: "O=LANCOM SYSTEMS, CN=LANCOM CA"
issuer: "O=LANCOM SYSTEMS, CN=LANCOM CA"
validity: not before Sep 11 02:00:00 2019, ok
not after Sep 11 01:59:59 2029, ok (expires in 3650
days)
serial: 64:2b:c5:89:87:b1:7f:70
altNames: XXX.XXX.XXX.XXX
flags: CA CRLSign self-signed
subjkeyId:
32:5f:ba:9b:cd:29:5d:b6:a0:87:94:c9:d8:3a:e0:7d:70:6a:b8:7d
pubkey: RSA 4096 bits
keyid:
eb:53:0e:57:20:c0:73:80:41:03:e8:ca:02:97:7c:1a:15:53:b6:34
subjkey:
32:5f:ba:9b:cd:29:5d:b6:a0:87:94:c9:d8:3a:e0:7d:70:6a:b8:7d
List of X.509 End Entity Certificates
(Cert used by strongSwan Client)
subject: "O=LANCOM SYSTEMS, CN=VPN USER"
issuer: "O=LANCOM SYSTEMS, CN=LANCOM CA"
validity: not before Sep 11 02:00:00 2019, ok
not after Sep 11 01:59:59 2020, ok (expires in 363 days)
serial: 7c:06:26:a6:b6:59:55:3c
flags: clientAuth
authkeyId:
32:5f:ba:9b:cd:29:5d:b6:a0:87:94:c9:d8:3a:e0:7d:70:6a:b8:7d
subjkeyId:
6c:d9:e9:62:c0:24:7a:a8:dc:db:a9:d8:92:c9:f1:5a:7c:5d:68:bb
pubkey: RSA 4096 bits, has private key
keyid:
7b:f7:25:55:a7:e4:de:87:26:76:f4:4b:23:a5:67:b9:0b:4e:dc:d0
subjkey:
6c:d9:e9:62:c0:24:7a:a8:dc:db:a9:d8:92:c9:f1:5a:7c:5d:68:bb
(Cert used by VPN Server)
subject: "O=LANCOM SYSTEMS, CN=XXX.XXX.XXX.XXX" <-- is real IP
address, because it's mandatory for Windows 10 IKEv2 client.
issuer: "O=LANCOM SYSTEMS, CN=LANCOM CA"
validity: not before Sep 11 02:00:00 2019, ok
not after Sep 11 01:59:59 2020, ok (expires in 363 days)
serial: 5b:24:46:95:a4:d8:b5:6c
altNames: XXX.XXX.XXX.XXX
flags: serverAuth ikeIntermediate
authkeyId:
32:5f:ba:9b:cd:29:5d:b6:a0:87:94:c9:d8:3a:e0:7d:70:6a:b8:7d
subjkeyId:
f2:d6:fa:d5:41:c2:28:70:d1:e8:a8:d1:e5:3a:11:88:ad:11:c8:13
pubkey: RSA 4096 bits
keyid:
a2:d3:36:72:08:f7:b4:3d:4f:2b:08:6e:bf:19:b5:31:21:71:6b:06
subjkey:
f2:d6:fa:d5:41:c2:28:70:d1:e8:a8:d1:e5:3a:11:88:ad:11:c8:13
- The remote peer's certificate is valid
--> Check. See cert data upon.
- The remote peer's transmitted ID is either in one of its certificate's
SAN fields with the correct type (type IP if it's an IP, type FQDN if
it's a FQDN) or it is its certificate's whole DN (distinguished name)
--> Check. I tried both using a VPN Server cert with
"IP:XXX.XXX.XXX.XXX" in its SAN field (where XXX was the real IP
address) and blank value in SAN field. In case it's blank, the CN of the
cert should be used for authentication according to this blog:
https://tiebing.blogspot.com/2016/03/no-trusted-rsa-public-key-found.html
What really confuses me is the CN in the error message: "No trusted RSA
public key found for ‘CN=LANCOM VPN’", because no certificate uses this
CN, nor any of the config files (see below) or the VPN server config.
Where does this value come from?
I tried multiple logging levels. None of them shows a message between
"received end entity cert "O=LANCOM SYSTEMS, CN= XXX.XXX.XXX.XXX"" and
"no trusted RSA public key found for 'CN=LANCOM VPN'", so there's no
clue.
Do you have any ideas? I welcome any help.
Regards,
Bluesky787
-------------------------------------------------------
Config files:
Ipsec.conf:
conn vpn-ikev2
auto=start
ike=aes256-sha256-sha512-modp4096!
esp=aes256-sha256-sha512-modp4096!
right= XXX.XXX.XXX.XXX
rightid="O=LANCOM SYSTEMS,CN= XXX.XXX.XXX.XXX"
rightsubnet=0.0.0.0/0
rightauth=pubkey
rightca= XXX.XXX.XXX.XXX #<-- I tried both ip address and
filepath here - no change in error output
rightcert=/etc/ipsec.d/certs/LANCOM_VPN_5.crt
leftid="O=LANCOM SYSTEMS,CN=VPN USER"
leftsourceip=%config
leftauth=pubkey
leftca="O=LANCOM SYSTEMS,CN=LANCOM CA"
leftcert=/etc/ipsec.d/certs/VPN_User_5.crt
ipsec.secrets:
: RSA /etc/ipsec.d/private/VPN_User_5.pem
strongswan.conf: No changes, despite some logging.
Here is the log (public static IP address Xed out):
user at Debian-9-StrongSwan-VPN:~$ sudo ipsec up vpn-ikev2 initiating
IKE_SA vpn-ikev2[2] to XXX.XXX.XXX.XXX generating IKE_SA_INIT request 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(REDIR_SUP) ] sending packet: from 10.137.0.9[500] to XXX.XXX.XXX.XXX
[500] (736 bytes) received packet: from XXX.XXX.XXX.XXX [500] to
10.137.0.9[500] (759 bytes) parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(FRAG_SUP) CERTREQ V ] received
unknown vendor ID:
81:75:2e:b5:91:4d:73:5c:df:cd:c8:58:c3:a8:ed:7c:1c:66:d1:42
local host is behind NAT, sending keep alives received 1 cert requests
for an unknown ca sending cert request for "O=LANCOM SYSTEMS, CN=LANCOM
CA"
authentication of 'O=LANCOM SYSTEMS, CN=VPN USER' (myself) with
RSA_EMSA_PKCS1_SHA2_384 successful sending end entity cert "O=LANCOM
SYSTEMS, CN=VPN USER"
establishing CHILD_SA vpn-ikev2
generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr
AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY)
] splitting IKE message with length of 2304 bytes into 2 fragments
generating IKE_AUTH request 1 [ EF(1/2) ] generating IKE_AUTH request 1
[ EF(2/2) ] sending packet: from 10.137.0.9[4500] to XXX.XXX.XXX.XXX
[4500] (1236 bytes) sending packet: from 10.137.0.9[4500] to
XXX.XXX.XXX.XXX [4500] (1156 bytes) received packet: from
XXX.XXX.XXX.XXX [4500] to 10.137.0.9[4500] (1044 bytes) parsed IKE_AUTH
response 1 [ EF(2/2) ] received fragment #2 of 2, waiting for complete
IKE message received packet: from XXX.XXX.XXX.XXX [4500] to
10.137.0.9[4500] (1236 bytes) parsed IKE_AUTH response 1 [ EF(1/2) ]
received fragment #1 of 2, reassembling fragmented IKE message parsed
IKE_AUTH response 1 [ IDr CERT AUTH CPRP(DNS DNS ADDR) TSi TSr
N(INIT_CONTACT) SA ] received end entity cert "O=LANCOM SYSTEMS, CN=
XXX.XXX.XXX.XXX"
no trusted RSA public key found for 'CN=LANCOM VPN'
generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ] sending packet:
from 10.137.0.9[4500] to XXX.XXX.XXX.XXX [4500] (96 bytes) establishing
connection 'vpn-ikev2' failed
More information about the Users
mailing list