[Swan] Bringing up strongSwan+Libreswan transport connection
Pavel Volkov
sailor at lists.xtsubasa.org
Sun Sep 29 21:19:35 UTC 2019
Please help me debug my connection problem.
I have:
1. strongSwan with public IP, acting as a server/responder.
2. Libreswan 3.29 behind NAT for a client.
I wish to establish a transport-mode connection between the two.
I use X.509 certificates for auth.
The process seems to proceed well on the strongSwan side.
Strange stuff happens with Libreswan, that's why I chose this list to
report to :)
strongSwan's ipsec.conf config:
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
include /var/lib/strongswan/ipsec.conf.inc
conn %default
dpdaction=clear
dpddelay=35s
fragmentation=yes
rekey=no
ike=aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
esp=aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,aes128-aes256-sha1-sha256,aes128-sha1,3des-sha1!
keyexchange=ikev2
conn client-transport
auto=add
type=transport
forceencaps=no
left=%any
leftauth=pubkey
leftid=server.example.com
leftcert=server.example.com.crt
leftsendcert=always
right=xxx.xxx.94.200
rightauth=pubkey
rightid="CN=client.example.com"
conn vpn
<skipped>
Libreswan's config:
conn server
ike=aes256-sha256
esp=aes256-sha256
dpdaction=restart
dpddelay=35
dpdtimeout=300
fragmentation=yes
rekey=yes
auto=start
type=transport
encapsulation=auto
ikev2=insist
left=server.example.com
leftid=@server.example.com
leftrsasigkey=%cert
right=%defaultroute
rightcert=client.example.com
rightid=%fromcert
rightrsasigkey=%cert
After I start the service (systemctl start ipsec) SAs seem to be
well-formed on the strongSwan side and it verifies both certificates:
$ sudo ip xfrm state
src xxx.xxx.149.202 dst xxx.xxx.94.200
proto esp spi 0x897dcd9f reqid 1 mode transport
replay-window 0
auth-trunc hmac(sha256)
0x0f3c8733623e0c36514a6da5c3900d0eafe7299592221c64e54728f7bcb9642f 128
enc cbc(aes)
0xc86902e16750e7b66d7298edf1de9c7382e8e5225e05fae3c5bd9a85daebb5fa
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
sel src xxx.xxx.149.202/32 dst xxx.xxx.94.200/32
src xxx.xxx.94.200 dst xxx.xxx.149.202
proto esp spi 0xcbaa7ca4 reqid 1 mode transport
replay-window 32
auth-trunc hmac(sha256)
0x4102de8f68467e88051b1a67d11b0d368646757188356fef35bc10046b03cf1e 128
enc cbc(aes)
0xc0b4a9297acdb33808ef6fe4ae48909cb5e16290c5a6c9db06f3fa6b2f7ca017
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
sel src xxx.xxx.94.200/32 dst xxx.xxx.149.202/32
However, Libreswan isn't able to finish the process:
pluto[26303]: "server" #1: initiating v2 parent SA
pluto[26303]: "server": constructed local IKE proposals for server (IKE SA
initiator selecting KE):
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
pluto[26303]: "server" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
pluto[26303]: "server": constructed local ESP/AH proposals for server (IKE
SA initiator emitting ESP/AH proposals):
1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
pluto[26303]: "server" #2: STATE_PARENT_I2: sent v2I2, expected v2R2
{auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256
group=MODP2048}
pluto[26303]: "server" #2: loading root certificate cache
pluto[26303]: "server" #2: certificate verified OK: CN=server.example.com
pluto[26303]: "server" #2: IKEv2 mode peer ID is ID_FQDN:
'@server.example.com'
pluto[26303]: "server" #2: Authenticated using RSA
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 0.5
seconds for response
pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
== NULL (in decode_certs() at x509.c:696)
pluto[26303]: "server" #2: EXPECTATION FAILED:
ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
ikev2_parent.c:3684)
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 1
seconds for response
pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
== NULL (in decode_certs() at x509.c:696)
pluto[26303]: "server" #2: EXPECTATION FAILED:
ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
ikev2_parent.c:3684)
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 2
seconds for response
pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
== NULL (in decode_certs() at x509.c:696)
pluto[26303]: "server" #2: EXPECTATION FAILED:
ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
ikev2_parent.c:3684)
pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
Security associations creation is also unfinished:
$ sudo ip xfrm state show
src xxx.xxx.149.202 dst 192.168.1.2
proto esp spi 0x9d338af9 reqid 16389 mode tunnel
replay-window 0
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
sel src xxx.xxx.149.202/32 dst 192.168.1.2/32
Since I use Gentoo here on Libreswan side, maybe I miss something in my
kernel?
More information about the Swan
mailing list