[Swan-dev] CentOS libreswan vs Fedora libreswan

[D. Hugh Redelmeier]

Still figuring this out, but I'm wrong.  Libreswan does pay attention
to the unencrypted (and unauthenticated) notification.

On Sun, 30 Jun 2019, D. Hugh Redelmeier wrote:

| From: D. Hugh Redelmeier <hugh at mimosa.com>
| To: Libreswan Development List <swan-dev at lists.libreswan.org>
| Date: Sun, 30 Jun 2019 12:10:27 -0400 (EDT)
| Subject: [Swan-dev] CentOS libreswan vs Fedora libreswan
| 
| I'm trying to build a tunnel between a Fedora and a CentOS system, both 
| running libreswan-3.29-1 packages.
| 
| I don't specify any cryptosuites -- I just let them default.
| 
| Much to my surprise, the CentOS Responder refuses the Fedora Initiator's 
| negotiation:
| 
|   initiator guessed wrong keying material group (ECP_256); responding with INVALID_KE_PAYLOAD requesting MODP2048
|   responding to IKE_SA_INIT (34) message (Message ID 0) from 99.241.4.30:500 with unencrypted notification INVALID_KE_PAYLOAD
| 
| This response is fairly useless since the Initiator ought ignore 
| unencrypted notifications.  This is surely a limitation of the protocol 
| standard.
| 
| It's also seems pretty dumb to not have defaulted cryptosuites be
| compatable.  I'm sure that there are excuses.  What are they?
| 
| ipsec auto --up prints progress information, but does not report this 
| notification, making debugging harder than it should be.
| 
| - why would 3.29 default to something 3.29 doesn't accept?
| 
| - what is the minimal adition that I can make to the conn to allow 
|   interop?  I don't wish to specify any part of the cryptosuites but I 
|   certainly don't want to provide a complete and detailed specification.
| 
| Editorial comment: This sure seems like the kind of problem to drive 
| people away from ipsec.  This should be fixed!
| _______________________________________________
| Swan-dev mailing list
| Swan-dev at lists.libreswan.org
| https://lists.libreswan.org/mailman/listinfo/swan-dev
|