[Swan] OSX Connectivity debugging

Mr. Jan Walter hopping_hol at yahoo.com
Fri Jan 18 22:33:45 UTC 2019 

Same server, now hacking through the same config on the latest OSX:

Set auth method to none, set certificate in that.
CA cert set in system keystore and marked as trusted, the client2 cert in the login key store, seemed to work according to the logs.Set ExtSAN, so cert was generated as:

certutil -S -c "ca.zzz.net" -n "client2.zzz.net" -s "O=Client2,CN=client2.zzz.net" -k rsa -v 12 -d sql:${HOME}/ca -t ",," -1 -6 -8 "client2.zzz.net" --extSAN ip:11.11.11.11

with the IP being the internet-sided of the NAT IP for the client. Note that the -8 arg should set the DNS Altname. Does that need reverse DNS lookup working right or something?

Server logs:
=====
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[1] 11.11.11.11: constructed local IKE proposals for ikev2-cp (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 2:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=AES_CBC_256,AES_CBC_128;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1024
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[1] 11.11.11.11 #1: proposal 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024[first-match] 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[1] 11.11.11.11 #1: initiator guessed wrong keying material group (MODP2048); responding with INVALID_KE_PAYLOAD requesting MODP1024
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[1] 11.11.11.11 #1: responding to IKE_SA_INIT (34) message (Message ID 0) from 11.11.11.11:500 with unencrypted notification INVALID_KE_PAYLOAD
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[1] 11.11.11.11 #1: deleting state (STATE_PARENT_R0) aged 0.001s and NOT sending notification
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: packet from 11.11.11.11:500: deleting connection "ikev2-cp"[1] 11.11.11.11 instance with peer 11.11.11.11 {isakmp=#0/ipsec=#0}
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11: constructed local IKE proposals for ikev2-cp (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 2:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;INTEG=HMAC_SHA2_512_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=AES_CBC_256,AES_CBC_128;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1024
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: proposal 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024[first-match] 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_128 integ=HMAC_SHA1_96 prf=HMAC_SHA1 group=MODP1024}
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: certificate verified OK: O=Client2,CN=client2.zzz.net
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: No matching subjectAltName found
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: No matching subjectAltName found
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.168.1.198'
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: Authenticated using RSA
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11: constructed local ESP/AH proposals for ikev2-cp (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=NONE;ESN=DISABLED
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: no local proposal matches remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: IKE_AUTH responder matching remote ESP/AH proposals failed, responder SA processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #3: responding to IKE_AUTH message (ID 1) from 11.11.11.11:4500 with encrypted notification NO_PROPOSAL_CHOSEN
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.008s and NOT sending notification
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: "ikev2-cp"[2] 11.11.11.11 #2: deleting state (STATE_IKESA_DEL) aged 0.057s and NOT sending notification
Jan 18 21:36:21 ip-10-0-0-194 pluto[14881]: packet from 11.11.11.11:4500: deleting connection "ikev2-cp"[2] 11.11.11.11 instance with peer 11.11.11.11 {isakmp=#0/ipsec=#0}
====

Config file:
====
conn ikev2-cp    authby=rsasig    ikev2=insist    cisco-unity=yes    # The server's actual IP goes here - not elastic IPs    left=10.0.0.194    leftsourceip=ip-of-vv.zzz.net    leftcert=vv.zzz.net    leftid=@vv.zzz.net    leftsendcert=always    leftsubnet=0.0.0.0/0    leftrsasigkey=%cert    # try to structure something to accept this offer: IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP1024    ike=aes256-sha2_512;modp2048,aes128-sha2_512;modp2048,aes256-sha1;modp1024,aes128-sha1;modp1024,aes-sha2;modp1024    esp=aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512    # Clients    right=%any    # your addresspool to use - you might need NAT rules if providing full internet to clients    rightaddresspool=10.0.0.240-10.0.0.250    rightca=%same    rightrsasigkey=%cert    narrowing=yes    # recommended dpd/liveness to cleanup vanished clients    dpddelay=30    dpdtimeout=120    dpdaction=clear    auto=add    rekey=no    #ms-dh-fallback=yes    #msdh-downgrade=yes    ms-dh-downgrade=yes    # ikev2 fragmentation support requires libreswan 3.14 or newer    fragmentation=yes    # optional PAM username verification (eg to implement bandwidth quota    # pam-authorize=yes===
I got to this configuration through a combination of:https://dc77312.wordpress.com/2019/01/09/libreswan-ipsec-ikev2-vpn-on-rhel-8-beta-server-and-windows-10-client/
https://libreswan.org/wiki/Configuration_examples
https://lists.libreswan.org/pipermail/swan/2018/002902.html (also in one of Paul's earlier emails)
https://github.com/libreswan/libreswan/issues/198 discussion

And found the right ms-dh-downgrade keyword in the source code.


Cheers,

Jan



 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20190118/f8c50c2e/attachment-0001.html>

More information about the Swan mailing list