Agoston Toth
2017-05-31 08:29:40 UTC
OpenBSD 6.1 installed from image and runs fine.
I tried to set up a connection towards strongswan (tried 4.4 and 5.2) with PFS. When the initiator is strongswan (openiked is in passive mode) the configured IPSec tunnel is established fine.
When the initiator is openiked (active mode) the 2nd message is rejected by strongswan, as the Authenticate message contains a DH group in its SA payload. Strongswan enforces RFC5996, as a result the proposal is not accepted, tunnel can't be established.
Check out ikev2_init_ike_auth() and ikev2_add_proposals() in ikev2.c. When openiked is the initiator and the message to be sent is authenticate do not add the DH group (childSAGroup config) to the proposals of the authenticate message, as this is against RFC5996:
https://tools.ietf.org/html/rfc5996#section-1.2
:
Note that IKE_AUTH messages do not contain KEi/KEr or Ni/Nr payloads.
Thus, the SA payloads in the IKE_AUTH exchange cannot contain
Transform Type 4 (Diffie-Hellman group) with any value other than
NONE. Implementations SHOULD omit the whole transform substructure
instead of sending value NONE.
If the above recommended changes are applied the tunnel is established OK, rekeying with PFS was also successful.
Thank you!
Agoston
I tried to set up a connection towards strongswan (tried 4.4 and 5.2) with PFS. When the initiator is strongswan (openiked is in passive mode) the configured IPSec tunnel is established fine.
When the initiator is openiked (active mode) the 2nd message is rejected by strongswan, as the Authenticate message contains a DH group in its SA payload. Strongswan enforces RFC5996, as a result the proposal is not accepted, tunnel can't be established.
Check out ikev2_init_ike_auth() and ikev2_add_proposals() in ikev2.c. When openiked is the initiator and the message to be sent is authenticate do not add the DH group (childSAGroup config) to the proposals of the authenticate message, as this is against RFC5996:
https://tools.ietf.org/html/rfc5996#section-1.2
:
Note that IKE_AUTH messages do not contain KEi/KEr or Ni/Nr payloads.
Thus, the SA payloads in the IKE_AUTH exchange cannot contain
Transform Type 4 (Diffie-Hellman group) with any value other than
NONE. Implementations SHOULD omit the whole transform substructure
instead of sending value NONE.
If the above recommended changes are applied the tunnel is established OK, rekeying with PFS was also successful.
Thank you!
Agoston