[strongSwan] Win7 rekeying (it works, but not with PFS)

IL Ka kazakevichilya at gmail.com
Sat May 14 18:45:47 CEST 2022


Hello,

According to wiki:
https://docs.strongswan.org/docs/5.9/interop/windowsClients.html#_child_sa_rekeying

Win7 child rekeying is broken behind the NAT, so it is recommended to
disable rekeying at all (rekey_time = 0)

I decided to check that, and it seems that rekeying works but not for PFS
(DH groups aren't supported)

When I use DH for ESP (i.e ``aes256-sha1-modp1024``) strongswan sends DH
(``CREATE_CHILD_SA`` with ``KE`` material if I understand it correctly)
Windows says
``CREATE_CHILD_SA response 0 [ N(NO_PROP) ]``

But when I remove DH (``aes256-sha1``) I see no "KE" in
``CREATE_CHILD_SA``, which I believe means "Do not use PFS, obtain material
from IKE instead"
Windows accepts it and strongswan deletes old SA and creates new!

15[ENC] parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
selecting proposal:
proposal matches
...
 selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
..
15[IKE] inbound CHILD_SA road_warrior_vpn_child{128} established with SPIs
c2cad60d_blah_blah

Funny fact: when you provide several proposals for ESP (with and without of
DH) Windows goes wild:

``CREATE_CHILD_SA response 25 [ N(MS_STATUS(13816)) ]```

which means
# for decimal 13816 / hex 0x35f8 :
  ERROR_IPSEC_IKE_ERROR                                         winerror.h

Conclusion: You do not need to disable rekeying at all, you only need to
remove DH from the proposal (effectively disabling PFS) to support win7.
If so, shouldn't we fix the wiki?

Ilya.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220514/f1148ec1/attachment.html>


More information about the Users mailing list