[Swan] Interoperability test

Mirsad Goran Todorovac mirsad.todorovac at alu.unizg.hr
Mon Jan 31 21:41:11 EET 2022

On 1/31/2022 6:32 PM, Paul Wouters wrote:
>>> I have just checked the January 1st, 2022 security upgrade for 
>>> Samsung Android 11, and it still requires USE_DH2 compile time 
>>> option to connect L2TP IKEv1 VPN.
>>> I just thought of a vendor compatibility/interoperability matrix 
>>> that we would maintain. Do we already have such a thing implemented?
> We don't. We do keep a list of supported algorithms. Interoperability
> almost often can be fixed with configuration changes. It is rare that
> two devices do not have an overlap in supported algorithms.
Ah, I understand. That is similar to the algorithm negotiation in TLS?
>> Android uses mtpd for its L2TP and PPTP implementations and 
>> ipsec-tools for IKEv1, here are the corresponding AOSP (i.e. Android 
>> Open Source Project) repositories :
>> https://android.googlesource.com/platform/external/mtpd/
>> https://android.googlesource.com/platform/external/ipsec-tools/
>> I think the Android hardware manufactures hardly ever deviate from 
>> the AOSP implementations of mtpd and ipsec-tools.
>> If you have a look at the master source code of setup.c in ipsec-tools :
>> https://android.googlesource.com/platform/external/ipsec-tools/+/refs/heads/master/setup.c 
>> You'll note for the add_proposal() function that 
>> OAKLEY_ATTR_GRP_DESC_MODP1024 is hard coded for the DH group.
> This is good to know. I'll add an entry to our FAQ.
It looks like aged source (2011). Is it still maintained?
>> Google decided to remove L2TP (and PPTP) from their Pixel 6 Android 
>> 12 phone, so I don't think there is much hope in Android ever 
>> supporting something better than modp1024 (DH2) for its L2TP/IPsec 
>> VPN implementation.
> Yes, IKEv1 stuff really should not be shipped anymore. The only reason
> Android did it for so long was because they had no IKEv2 support at all
> (libreswan and strongswan are GPL licensed, so they could not use it)

I am not that certain. L2TP is going to be around for a while more 
because it is so easy to set up with PSK.

And you have yourself said that governments break MODP1024 DH group in 
offline attacks, so theoretically Iran could record VPNs of humanitarian 
workers or North Korea of South Koreans and break that when they have 
stronger computers available.

What is today theoretical could be a practical attack in just a few years.

IMHO Google should patch L2TP client, since many servers offer only 
that. It is still the first VPN I was introduced with, so I guess may 
will go the same path. My $0.02.

Kind regards,

Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355

More information about the Swan mailing list