[Swan] Dropping AUTH message containing INITIAL_CONTACT on OSX and Win10

Tue Jan 15 20:20:47 UTC 2019

 Since I am working on a config to use integrated clients as well, I thought I'd run through Derek's how-to.
My notes:
1. You need to import the "client" vpn certificate to Personal Certificates and do another import of the CA certificate to Trusted Root Certification Authorities. The How-to only lists one import.

2. Paul, "msdh-downgrade=yes" causes a syntax error, and I can't find it in the documentation.
3. Right now my connection still borks with a 
 Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x: constructed local IKE proposals for ikev2-cp (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 2:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=AES_CBC_256,AES_CBC_128;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1024Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: proposal 10:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 chosen from remote proposals 1:IKE:ENCR=3DES;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP1024 2:IKE:ENCR=3DES;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP1024 3:IKE:ENCR=3DES;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP1024 4:IKE:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP1024[first-match] 5:IKE:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP1024 6:IKE:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP1024 7:IKE:ENCR=AES_CBC_192;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP1024 8:IKE:ENCR=AES_CBC_192;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP1024 9:IKE:ENCR=AES_CBC_192;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP1024 10:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP1024[better-match] 11:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP1024 12:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_...Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP1024}Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: certificate verified OK: O=Client1,CN=client1.zzz.netJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: No matching subjectAltName foundJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x #1: certificate does not contain ID_IP subjectAltName=x.x.x.xJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: Peer public key SubjectAltName does not match peer ID for this connectionJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[1] x.x.x.x  #1: switched from "ikev2-cp"[1] x.x.x.x to "ikev2-cp"Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x  #1: deleting connection "ikev2-cp"[1] x.x.x.x instance with peer x.x.x.x {isakmp=#0/ipsec=#0}Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x  #1: certificate verified OK: O=Client1,CN=client1.zzz.netJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x  #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'CN=client1.zzz.net, O=Client1'Jan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x  #1: Authenticated using RSAJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x: constructed local ESP/AH proposals for ikev2-cp (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLEDJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x #1: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;ESN=DISABLED 2:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED 3:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED 4:ESP:ENCR=DES(UNUSED);INTEG=HMAC_SHA1_96;ESN=DISABLED 5:ESP:ENCR=NULL;INTEG=HMAC_SHA1_96;ESN=DISABLEDJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x #1: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSENJan 15 20:15:41 ip-10-0-0-194 pluto[28581]: "ikev2-cp"[2] x.x.x.x #2: responding to IKE_AUTH message (ID 1) from x.x.x.x:4500 with encrypted notification NO_PROPOSAL_CHOSEN

The ike line from ipsec.conf is the same as in the how-to and the wiki: ike=aes256-sha2_512;modp2048,aes128-sha2_512;modp2048,aes256-sha1;modp1024,aes128-sha1;modp1024,aes-sha2;modp1024

Per the Wiki I added the 'aes-sha2;modp1024' to see if that would clear it up.
I am using Windows 10 Pro, current patch level.
Cheers,
Jan

    On Wednesday, January 9, 2019, 1:07:24 PM EST, Paul Wouters <paul at nohats.ca> wrote:  

 On Wed, 9 Jan 2019, Derek Cameron wrote:

> 
> Thanks for your help. You're welcome to copy and paste anything you
> like from my blog post
> https://dc77312.wordpress.com/2019/01/09/libreswan-ipsec-ikev2-vpn-on-rhel-8-beta-server-and-windows-10-client/

Thanks, I'll see about merging it onto the libreswan wiki. Thanks for
the permission!

Some notes:

- Please use "libreswan" or "Libreswan", not "LibreSwan" :)
- Does it survive rekeying? You might want/need to add
  msdh-downgrade=yes to allow rekeying without or with wrong/bad
  DH group 1024 (perhaps the latest Windows build fixed this?)
- I think you can fixup the authentication without using powershell,
  but I would have to reclick through a windows box again to remember
  how I did that.

Paul
_______________________________________________
Swan mailing list
Swan at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190115/25bd1f54/attachment.html>