[Swan] Libreswan 3.3.0 breakage

John Crisp jcrisp at safeandsoundit.co.uk
Mon Feb 17 18:08:23 UTC 2020

On 17/02/20 18:25, Paul Wouters wrote:
> On Mon, 17 Feb 2020, John Crisp wrote:
>> However, I was using authby=rsasig already which *was* working.
> Yes. This used to mean "rsa-sha1". Now it means "rsa-sha1,rsa-sha2".
> This triggers a bug in strongswan. which returns ONLY an RFC 7427 style
> SHA1, which RFC 8247 disallows. Besides, we did not advertise support
> for SHA1 using RFC 7427 style support, so they are not allowed to
> "select" it. You can either reconfigure strongswan or go back to
> only using sha1 and not sha1,sha2.

OK - thanks for the heads up on that.

I can confirm setting authby=rsa-sha1 allows the tunnel up.

>>>> responding to Main Mode from unknown peer
>>>> OAKLEY_GROUP 2 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION
>>> If you _really_ want you can enable it at compile time with USE_DH2=true
>> Ain't going to happen :-( Easier just to use 3.29 (and there is the nub
>> of the problem)
> Then there is no more hope for you in the future. Your VPNs are insecure
> against the most powerful attackers, and any future bugs and features
> you will miss. If you cannot update a configuration in 20 years, then
> you are simply not offering security services. Sorry. You can tell your
> client the author of RFC 8247 and RFC 8221 said so.

I'm not offering anything ;-) I don't run an IT business.....

And it happens because I, and many like me, are reliant on Google for
this (it's a Ipsec/l2tpd connection off a Android handset), and not keen
on compiling my own code on the basis I may make things worse, not

I am trying to push forward and drag others with me, but clearly
handicapped by certain companies. I guess it will be Libre for tunnels
and openvpn for mobile then.

>> Someone ought to tell Google to fix their crappy phone system then ;-)
>> That is an Android v10 ipsec l2tpd connection....
> I've been shaming google android for years at every change I get.
> Speaking to their developers and at conferences. Android 11 will have
> IKEv2 finally. But I guess you might need 5 years for the phones to
> upgrade or be replaced to get the feature.

Get all that, and thank you. They are an awful company, period.

Android 11 - during which time MOST people will be using insecure VPNs,
as they have for the last 20 years..... many like me would like to
change, but if we don't have ipsec v2 in our handset, what choices do we
have? Governments must be laughing....

I do take the view that something is better than nothing, and I try to
make it as secure as I have the ability and tools to do so. I do
recommend people use openvpn for more secure mobile, but the app suck
batteries dead and certs and setup is a real pain.

(Think of all those M$ users still using PPTP.....)

>> Why on earth don't they do something? Or have the nation states asked
>> them not too?
> Google is a TLS organization. their business model is "host all your
> data with us, behind TLS, and you won't need a VPN". It took a lot of
> shaming for them to finally work on this. (also they needed to write
> it from scratch because all opensource IKEv2 was/is basically GPL, not
> BSD licensed)

Shocking. They hold back software development, not push it forward.

>> (we are using ipsec/l2tpd for mobile remote access - as opposed to
>> network-network tunnels - because it is on most devices by default and
>> can be easily linked to the local user for allowing access and IP
>> allocation etc - IKE v2 doesn't handle Pam Authent as far as I can
>> see.....)
> yeah, for IKEv2 you need EAP-TLS or EAP-mschapv2, which libreswan does
> not yet support :/

Yes, it is a REAL shame. Having something like pam-authorize would be
extremely handy. For many users certs are a pain to manage.

Sorry - it is frustrating trying to be up-to-date and being so handicapped!

And thanks for the education as ever. I am always a tad wiser after
reading here.

B. Rgds

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200217/bdf3f467/attachment-0001.sig>

More information about the Swan mailing list