[Swan] No proposal chosen in version 3.21

Paul Wouters paul at nohats.ca
Fri Sep 15 13:55:31 UTC 2017 

On Fri, 15 Sep 2017, Dynastic Space wrote:

> In version 3.19 we used the following configuration:

> conn xauth-psk

[no ike= or esp=/phase2= lines]

> I just upgraded to version 3.21, using this same configuration. the client is sending the following proposal:

3.21 has been updated to reflect RFC-8247

https://tools.ietf.org/html/rfc8247

Even though it technically does not cover IKEv1 - only IKEv2 - we have
also bumped some requirements in IKEv1. Most notably, since all IKEv1
stacks support both modp1536 (DH5) and modp1024 (DH2), and the latter
is pretty weak, we have kicked that one out of our default proposal
list. Additional, the ESP RFC (7321bis) will be published in a few days
as RFC-8221 and 3.21 also tries to comply there. This means mostly that
MD5 is kicked out of the default proposal set.

So with that in mind:

>     (sa: doi=ipsec situation=identity
>         (p: #1 protoid=isakmp transform=15
>             (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha2-256)(type=group desc value=modp2048))

This is ike=aes128-sha2_256;modp2048 and should be accepted by us?
Possibly we had not added modp2048 to the default group?


>             (t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp2048))

ike=aes128-sha1;modp2048  Same

>             (t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp2048))

ike=aes128-md5;modp2048 md5, so rejected.

>             (t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha2-512)(type=group desc value=modp2048))

ike=aes128-sha2_512;modp1536 Should also be accepted?

>             (t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha2-256)(type=group desc value=modp1536))

ike=aes128-sha2_256;modp1536 Should also be accepted?

>             (t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1536))

ike=aes128-sha1;modp1536 should also be accepted.

>             (t: #7 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1536))

ike=aes128-md5;modp1536 rejected for md5

>             (t: #8 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
>             (t: #9 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
>             (t: #10 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0080)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
>             (t: #11 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen
> value=0080)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
>             (t: #12 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth
> value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
>             (t: #13 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth
> value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
>             (t: #14 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth
> value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
>             (t: #15 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth
> value=fde9)(type=hash value=md5)(type=group desc value=modp1024))))

All of these rejected because of modp1024 (DH2)

> but the server is responding with 
>     (n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)

I'm not sure why you are seeing that. Can you try adding:

 	ike=aes128-sha2_256;modp2048
 	ike=aes128-sha2_256;modp2048

Do you have all the same kind of clients? If not, you might need to make
a more complicated proposal with multiple entries.

Note that you might run into similar things for esp=/phase2alg= once
you fixup this stage.

Paul

More information about the Swan mailing list