[Swan] Does libreswan supports DH negotiation in ESP?

Paul Wouters paul at nohats.ca
Wed May 17 14:12:30 UTC 2017


On Wed, 17 May 2017, Ivan Kuznetsov wrote:

> I trying to setup a site-to-site tunnel using ESP, IKEv2 and certificates. My 
> side is Oracle Linux 6 (a RHEL6 clone from Oracle), libreswan 3.20, NETKEY 
> stack as initiator. Other side is strongswan, don't know exact version (not 
> under my control), as responder.

> So it occured that DH group is NOT negotiated despite that modp2048 is 
> configured for ESP on both sides.

PFS improvements are currently being merged in and should make it into
3.21. Note that we have seen invalid proposals from strongswan in the
wild, due to its lack of "strict mode" per default, resulting in a mix
of proposals in CREATE_CHILD_SA that have a DH group but no matching
KE payload.

libreswan before 3.21 will at rekey time start a whole new IKE_INIT
exchange with a fresh DH exchange, so you can just set your end's
ikelifetime shorter then the remote, and get an "indirect" PFS.

Paul


More information about the Swan mailing list