[Swan] Libreswan 4.3 | Failing with dropping unexpected IKE_SA_INIT message containing NO_PROPOSAL_CHOSEN notification

Thu Mar 25 19:04:10 UTC 2021

On Thu, 25 Mar 2021, Blue Aquan wrote:

> Server side. Replaced Server's public Ip with 1.2.3.4
> 
> conn MOBILE
> left=1.2.3.4
>      leftsubnet=192.168.0.0/24
>      leftcert=europa.abc.com
>      leftid=@europa.abc.com
>      leftrsasigkey=%cert
>      leftsendcert=always
>      right=%any
>      rightsubnet=0.0.0.0/0

here you use 0.0.0.0/0

> Client side
> 
> conn EUROPA
> left=%defaultroute
> leftcert=ceres.xyz.com
> leftid=%fromcert
> leftrsasigkey=%cert
> leftsubnet=10.10.128.0/24

Here you use 10.10.128.0/24

So on the MOBILE conn, specify rightsubnet=10.10.128.0/24

> leftmodecfgclient=yes
> right=1.2.3.4
> rightsubnet=192.168.0.0/24
> rightid=@europa.abc.com
> rightrsasigkey=%cert
> ikev2=insist
> rekey=yes
> fragmentation=yes
> narrowing=yes
> mobike=yes
> auto=add

> On the client side when an attempt is made.
> 
> # ipsec auto --up EUROPA
> 181 "EUROPA"[2] 1.2.3.4 #5: initiating IKEv2 connection
> 181 "EUROPA"[2] 1.2.3.4 #5: sent IKE_SA_INIT request
> 182 "EUROPA"[2] 1.2.3.4 #5: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a
> prf=HMAC_SHA2_512 group=MODP2048}
> 002 "EUROPA"[2] 1.2.3.4 #5: certificate verified OK: O=Europa,CN=europa.abc.com
> 002 "EUROPA"[2] 1.2.3.4 #5: IKEv2 mode peer ID is ID_FQDN: '@europa.abc.com'
> 003 "EUROPA"[2] 1.2.3.4 #5: authenticated using RSA with SHA2_512
> 003 "EUROPA"[2] 1.2.3.4 #6: missing v2CP reply, not attempting to setup child SA

That's strange because you do show that you have it configured. Can you
see if fixing the ip range solves this. If not, please send me the
client and matching server logs (privately) so I can have a look?

> SK{IDi,CERT,IDr,AUTH,CP,SA,TSi,TSr,N}
> Mar 25 20:18:03.452836: "MOBILE"[3] 6.7.8.9 #9: certificate verified OK: O=Europa,CN=ceres.xyz.com
> Mar 25 20:18:03.452857: "MOBILE"[3] 6.7.8.9 #9: certificate subjectAltName extension does not match
> ID_IPV4_ADDR '6.7.8.9'
> Mar 25 20:18:03.452862: "MOBILE"[3] 6.7.8.9 #9: Peer CERT payload SubjectAltName does not match peer
> ID for this connection
> Mar 25 20:18:03.452880: "MOBILE"[3] 6.7.8.9 #9: X509: connection failed due to unmatched IKE ID in
> certificate SAN

Did you put any subjectAltName in the certificate? Then use that as the
leftid= instead of %fromcert. If you have a recent libreswan, you can
disable this check using require-id-on-certificate=no

> Mar 25 20:18:03.452964: "MOBILE"[4] 6.7.8.9 #9: IKEv2 mode peer ID is ID_DER_ASN1_DN:
> 'CN=ceres.xyz.com, O=Europa'
> Mar 25 20:18:03.453185: "MOBILE"[4] 6.7.8.9 #9: authenticated using RSA with SHA2_512

weird that it succeeded later? Are you sure you weren't looking at older
logs from previous attempts?

Also, be aware that you have the exclude NAT for packets from
10.10.128.0/24 <-> 192.168.0.0/24 if these libreswan machines also do
NAT. Otherwise these packets will be SNAT'ed before the IPsec matching
for source/dest, and will no longer match the tunnel policy, and go out
SNAT'ed and in the clear.

eg something like:

iptables -I POSTROUTING -t nat -s 10.10.128.0/24 -d 192.168.0.0/24 -j return
iptables -I POSTROUTING -t nat -d 10.10.128.0/24 -s 192.168.0.0/24 -j return

Paul