[Swan] IKEv2 connection from Android drops after a few minutes

Paul Wouters paul at nohats.ca
Wed Mar 11 20:30:19 UTC 2020


On Wed, 11 Mar 2020, Beat Zahnd wrote:

> Only one step more
>
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,CERTREQ,AUTH,CP,N,SA,TSi,TSr,N,N,N,N}
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: certificate verified OK: CN=bz
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: certificate subjectAltName extension does not match ID_IPV4_ADDR '178.197.x.x'
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: Peer CERT payload SubjectAltName does not match peer ID for this connection

You do not have a subjectAltName=178.197.x.x in our certificate as a valid ID.
The IKE ID has to match a subjectAltName= to prevent another certificate
that is valid, but or a different ID, to spood this IKE ID. Since many
people have generated bad certificates, we provide the override option.

> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: switched from "ikev2-cp"[13] 178.197.x.x to "ikev2-cp"
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[13] 178.197.x.x #10: X509: connection allows unmatched IKE ID and certificate SAN
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[14] 178.197.x.x #10: deleting connection "ikev2-cp"[13] 178.197.x.x instance with peer 178.197.x.x {isakmp=#0/ipsec=#0}
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[14] 178.197.x.x #10: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'CN=bz'
> Mar 11 20:34:23 core pluto[29856]: "ikev2-cp"[14] 178.197.x.x #10: No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for rsasig in I2 Auth Payload

What is your authby= line? Perhaps try authby=rsa-sha1 ? It looks like
it is trying rsa-sha1 but the remote peer does not support that and is
(against RFC 8472) trying to use rsa-sha1 with the RFC 7427 method.

Paul


More information about the Swan mailing list