[Swan] Bringing up strongSwan+Libreswan transport connection

Andrew Cagney andrew.cagney at gmail.com
Mon Sep 30 01:34:48 UTC 2019 

On Sun, 29 Sep 2019 at 17:27, Pavel Volkov <sailor at lists.xtsubasa.org> wrote:
>
> Please help me debug my connection problem.
>
> I have:
>
> 2. Libreswan 3.29 behind NAT for a client.
>
> conn server
>         ike=aes256-sha256
>         esp=aes256-sha256
>         dpdaction=restart
>         dpddelay=35
>         dpdtimeout=300
>         fragmentation=yes
>         rekey=yes
>         auto=start
>         type=transport
>         encapsulation=auto
>         ikev2=insist
>         left=server.example.com
>         leftid=@server.example.com
>         leftrsasigkey=%cert
>         right=%defaultroute
>         rightcert=client.example.com
>         rightid=%fromcert
>         rightrsasigkey=%cert

> However, Libreswan isn't able to finish the process:
>
> pluto[26303]: "server" #1: initiating v2 parent SA
> pluto[26303]: "server": constructed local IKE proposals for server (IKE SA
> initiator selecting KE):
> 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
> pluto[26303]: "server" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
> pluto[26303]: "server": constructed local ESP/AH proposals for server (IKE
> SA initiator emitting ESP/AH proposals):
> 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
> pluto[26303]: "server" #2: STATE_PARENT_I2: sent v2I2, expected v2R2
> {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256
> group=MODP2048}
> pluto[26303]: "server" #2: loading root certificate cache
> pluto[26303]: "server" #2: certificate verified OK: CN=server.example.com
> pluto[26303]: "server" #2: IKEv2 mode peer ID is ID_FQDN:
> '@server.example.com'
> pluto[26303]: "server" #2: Authenticated using RSA

(is this from whack or the log file?)

two things are happening here:

- first pluto authenticates that the response did indeed come from the
server, and hence, the contents can be trusted
(this seems to have worked so certs should be ok)
- it uses the network configuration information from the now trusted
packet to establish the tunnel;

I suspect the second step failed, but for some reason it didn't log
it.  Perhaps there's something wrong with the network configuration.
However to spot this you might need to add:
    plutodebug=all
to the config

> pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 0.5
> seconds for response
> pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
> == NULL (in decode_certs() at x509.c:696)

The comment that goes with the pexpect() is:

         * Since the MITM has already failed their first
         * attempt at proving their credentials, there's no
         * point in giving them a second chance.

because the authenticated packet was, in the end, rejected, things are
going no where.
I'll tone down the error.

> pluto[26303]: "server" #2: EXPECTATION FAILED:
> ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
> ikev2_parent.c:3684)
> pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
> pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 1
> seconds for response
> pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
> == NULL (in decode_certs() at x509.c:696)
> pluto[26303]: "server" #2: EXPECTATION FAILED:
> ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
> ikev2_parent.c:3684)
> pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
> pluto[26303]: "server" #2: STATE_PARENT_I2: retransmission; will wait 2
> seconds for response
> pluto[26303]: "server" #2: EXPECTATION FAILED: st->st_remote_certs.verified
> == NULL (in decode_certs() at x509.c:696)
> pluto[26303]: "server" #2: EXPECTATION FAILED:
> ike->sa.st_remote_certs.verified == NULL (in ikev2_parent_inR2() at
> ikev2_parent.c:3684)
> pluto[26303]: "server" #2: X509: CERT payload bogus or revoked
>
> Security associations creation is also unfinished:
>
> $ sudo ip xfrm state show
> src xxx.xxx.149.202 dst 192.168.1.2
>         proto esp spi 0x9d338af9 reqid 16389 mode tunnel
>         replay-window 0
>         anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
>         sel src xxx.xxx.149.202/32 dst 192.168.1.2/32
>
> Since I use Gentoo here on Libreswan side, maybe I miss something in my
> kernel?
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list