[Swan] Possible to setup multiple connections, partly behind NAT?

Phil Nightowl phil.nightowl at gmail.com
Wed Feb 21 19:47:27 EET 2024 

OK. Thanks. Somewhat less confusion here. Tried to implement your advice, 
ended up with the following.

Client conf:

conn headq
    left=%defaultroute
    leftcert=remotehost1
    leftid=%fromcert
    leftsubnet=0.0.0.0/0
    right=198.51.100.33 (server public IP, i. e. post-NAT)
    rightid=%fromcert
    rightsubnet=192.168.1.253/32 (server int. IP, i. e. pre-NAT)
    narrowing=yes
    ikev2=insist
    auto=start
    authby=rsasig
    leftrsasigkey=%cert
    rightrsasigkey=%cert
    pfs=yes
    aggressive=no
    salifetime=1h
    negotiationshunt=hold
    failureshunt=drop
    rightca=%same

Server conf:

conn remotesite
     left=%defaultroute
     leftcert=server
     leftsubnet=192.168.1.253/32
     right=%any
     rightaddresspool=192.0.2.0/24
     auto=add
     ikev2=yes
     authby=rsasig
     leftid=%fromcert
     rightid=%fromcert
     leftrsasigkey=%cert
     rightrsasigkey=%cert
     pfs=yes
     aggressive=no
     salifetime=1h
     negotiationshunt=hold
     failureshunt=drop
     rekey=no

Unfortunately, I still don't get an ipsec conn established. During an 
attempt, the server says:

systemd[1]: Starting ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec...

< ... >

pluto[19335]: started thread for helper 1
pluto[19335]: helper(2) seccomp security for helper not supported
pluto[19335]: using Linux xfrm kernel support code on #1 SMP Debian 6.5.10-1~bpo12+1 (2023-11-23)
pluto[19335]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
pluto[19335]: selinux support is NOT enabled.
pluto[19335]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
pluto[19335]: watchdog: sending probes every 100 secs
pluto[19335]: seccomp security not supported
pluto[19335]: "privatelan-ssh": added passthrough connection
pluto[19335]: "remotesite": IKE SA proposals (connection add):
pluto[19335]: "remotesite":   1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[19335]: "remotesite":   2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[19335]: "remotesite":   3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[19335]: "remotesite":   4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[19335]: "remotesite": Child SA proposals (connection add):
pluto[19335]: "remotesite":   1:ESP=AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
pluto[19335]: "remotesite":   2:ESP=AES_GCM_C_128-NONE-NONE-ENABLED+DISABLED
pluto[19335]: "remotesite":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
pluto[19335]: "remotesite":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
pluto[19335]: "remotesite": loaded private key matching left certificate 'server'
pluto[19335]: "remotesite": added IKEv2 connection
pluto[19335]: "remotesite-ssh": added passthrough connection
pluto[19335]: listening for IKE messages
pluto[19335]: Kernel supports NIC esp-hw-offload
pluto[19335]: adding UDP interface eth2 192.168.1.253:500
pluto[19335]: adding UDP interface eth2 192.168.1.253:4500
pluto[19335]: adding UDP interface lo 127.0.0.1:500
pluto[19335]: adding UDP interface lo 127.0.0.1:4500
pluto[19335]: forgetting secrets
pluto[19335]: loading secrets from "/etc/ipsec.secrets"
pluto[19335]: no secrets filename matched "/etc/ipsec.d/*.secrets"
pluto[19335]: EXPECTATION FAILED: peer_client->ipproto == transport_proto->ipproto (bare_shunt_ptr() +1395 /programs/pluto/kernel.c)
pluto[19335]: EXPECTATION FAILED: src_client_proto == dst_client_proto (raw_policy() +126 /programs/pluto/kernel_ops.c)
pluto[19335]: EXPECTATION FAILED: selector_protocol(*dst_client) == client_proto (xfrm_raw_policy() +536 /programs/pluto/kernel_xfrm.c)
pluto[19335]: EXPECTATION FAILED: src_client_proto == dst_client_proto (raw_policy() +126 /programs/pluto/kernel_ops.c)
pluto[19335]: EXPECTATION FAILED: selector_protocol(*dst_client) == client_proto (xfrm_raw_policy() +536 /programs/pluto/kernel_xfrm.c)
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: sent IKE_SA_INIT reply {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,SA,TSi,TSr}
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: reloaded private key matching left certificate 'server'
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: responder established IKE SA; authenticated peer '8192-bit RSASSA-PSS with SHA2_512' digital signature using peer certificate 'C=GR, O=MyOrg, CN=remotehost1.privlan' issued by CA 'CN=MyOrg CA'
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1

< ... >

pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_PARENT_R1
systemd[1]: Stopping ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec...
whack[19377]: 002 shutting down
pluto[19335]: shutting down
pluto[19335]: Pluto is shutting down
pluto[19335]: "remotesite"[1] 203.0.113.55: deleting connection instance with peer 203.0.113.55 {isakmp=#1/ipsec=#0}
pluto[19335]: "remotesite"[1] 203.0.113.55 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 172.608475s and sending notification

< ... >

On the client, I get:

systemd[1]: Starting ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec...

< ... >

pluto[17925]: watchdog: sending probes every 100 secs
pluto[17925]: seccomp security for helper not supported
pluto[17925]: seccomp security for helper not supported
pluto[17925]: seccomp security not supported
pluto[17925]: "headq": loaded private key matching left certificate 'remotehost1'
pluto[17925]: "headq": added IKEv2 connection
pluto[17925]: "headq-ssh-pass": added passthrough connection
pluto[17925]: listening for IKE messages
pluto[17925]: Kernel supports NIC esp-hw-offload
pluto[17925]: adding UDP interface enp2s0 10.0.1.138:500
pluto[17925]: adding UDP interface enp2s0 10.0.1.138:4500
pluto[17925]: adding UDP interface lo 127.0.0.1:500
pluto[17925]: adding UDP interface lo 127.0.0.1:4500
pluto[17925]: forgetting secrets
pluto[17925]: loading secrets from "/etc/ipsec.secrets"
pluto[17925]: no secrets filename matched "/etc/ipsec.d/*.secrets"
pluto[17925]: "headq"[1] 198.51.100.33: instantiated connection
pluto[17925]: "headq"[1] 198.51.100.33 #1: initiating IKEv2 connection
pluto[17925]: "headq"[1] 198.51.100.33: local IKE proposals (IKE SA initiator selecting KE):
pluto[17925]: "headq"[1] 198.51.100.33:   1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[17925]: "headq"[1] 198.51.100.33:   2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[17925]: "headq"[1] 198.51.100.33:   3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[17925]: "headq"[1] 198.51.100.33:   4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
pluto[17925]: "headq"[1] 198.51.100.33 #1: sent IKE_SA_INIT request
pluto[17925]: "headq"[1] 198.51.100.33 #1: reloaded private key matching left certificate 'remotehost1'
pluto[17925]: "headq"[1] 198.51.100.33: local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals):
pluto[17925]: "headq"[1] 198.51.100.33:   1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
pluto[17925]: "headq"[1] 198.51.100.33:   2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
pluto[17925]: "headq"[1] 198.51.100.33:   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
pluto[17925]: "headq"[1] 198.51.100.33:   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
pluto[17925]: "headq"[1] 198.51.100.33 #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
pluto[17925]: "headq"[1] 198.51.100.33 #2: STATE_PARENT_I2: retransmission; will wait 0.5 seconds for response
pluto[17925]: "headq"[1] 198.51.100.33 #2: STATE_PARENT_I2: retransmission; will wait 1 seconds for response
pluto[17925]: "headq"[1] 198.51.100.33 #2: STATE_PARENT_I2: retransmission; will wait 2 seconds for response
pluto[17925]: "headq"[1] 198.51.100.33 #2: dropping unexpected IKE_AUTH message containing TS_UNACCEPTABLE notification; message payloads: SKF; encrypted payloads: IDr,CERT,AUTH,N; unexpected payloads: IDr,CERT,AUTH
pluto[17925]: "headq"[1] 198.51.100.33 #2: encountered fatal error in state STATE_PARENT_I2
pluto[17925]: "headq"[1] 198.51.100.33 #2: deleting state (STATE_PARENT_I2) aged 2.469758s and NOT sending notification
systemd[1]: Stopping ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec...
pluto[17925]: shutting down
pluto[17925]: "headq"[1] 198.51.100.33: deleting connection instance with peer 198.51.100.33 {isakmp=#0/ipsec=#0}
pluto[17925]: "headq"[1] 198.51.100.33 #1: deleting state (STATE_PARENT_I2) aged 75.707667s and NOT sending notification
whack[18070]: 002 shutting down

< ... >

>From what I understand from the logs, the problem is that after an IKE SA is 
established on the server, the client receives a handshake packet that it 
considers malformed ("dropping unexpected IKE_AUTH message ..."). However, I 
have no idea why and what to do about it. Is perhaps a debug log needed at 
this point?

Phil

More information about the Swan mailing list