Project

General

Profile

Issue #1509

received netlink error: Function not implemented (89)

Added by G. V. almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.4.0
Resolution:
No change required

Description

Hi.

I'm trying to create a tunnel between an android device and an openwrt router. About a year ago, using the same configuration, everything was working fine. The only thing that was changed is strongswan (on android: 1.6.2 now vs 1.5.0 last year / latest version of strongswan on openwrt what was/is available (5.4.0 when reporting this bug)).

Also, tunnels between openwrt and linux works fine using more or less the same configuration.

The strongswan log is:

11[NET] received packet: from 213.x.y.z[23144] to 79.a.b.b[500] (732 bytes)
11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
11[IKE] 213.x.y.z is initiating an IKE_SA
11[IKE] remote host is behind NAT
11[IKE] DH group ECP_256 inacceptable, requesting MODP_3072
11[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) V ]
11[NET] sending packet: from 79.a.b.b[500] to 213.x.y.z[23144] (58 bytes)
05[NET] received packet: from 213.x.y.z[23144] to 79.a.b.b[500] (1052 bytes)
05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
05[IKE] 213.x.y.z is initiating an IKE_SA
11[MGR] ignoring request with ID 0, already processing
13[MGR] ignoring request with ID 0, already processing
05[IKE] remote host is behind NAT
05[IKE] sending cert request for "C=XX, ST=XXX, L=XXX, O=XXX, CN=XXX, E=user@dummy.host" 
05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) V ]
05[NET] sending packet: from 79.a.b.b[500] to 213.x.y.z[23144] (629 bytes)
08[NET] received packet: from 213.x.y.z[23272] to 79.a.b.b[4500] (3728 bytes)
08[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
08[IKE] received cert request for "C=XX, ST=XXX, L=XXX, O=XXX, CN=XXX, E=user@dummy.host" 
08[IKE] received end entity cert "C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host" 
08[CFG] looking for peer configs matching 79.a.b.b[%any]...213.x.y.z[C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host]
08[CFG] selected peer config 'openwrt-android'
08[CFG]   using trusted ca certificate "C=XX, ST=XXX, L=XXX, O=XXX, CN=XXX, E=user@dummy.host" 
08[CFG] checking certificate status of "C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host" 
08[CFG] certificate status is not available
08[CFG]   reached self-signed root ca with a path length of 0
08[CFG]   using trusted certificate "C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host" 
08[IKE] authentication of 'C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host' with RSA_EMSA_PKCS1_SHA512 successful
08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
08[IKE] peer supports MOBIKE
08[IKE] authentication of 'dummy-router' (myself) with RSA_EMSA_PKCS1_SHA384 successful
08[IKE] IKE_SA openwrt-android[3] established between 79.a.b.b[dummy-router]...213.x.y.z[C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host]
08[IKE] scheduling reauthentication in 9996s
08[IKE] maximum IKE_SA lifetime 10536s
08[IKE] peer requested virtual IP %any
08[CFG] assigning new lease to 'C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host'
08[IKE] assigning virtual IP 192.168.m.1 to peer 'C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host'
08[IKE] peer requested virtual IP %any6
08[IKE] no virtual IP found for %any6 requested by 'C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host'
08[KNL] received netlink error: Function not implemented (89)
08[KNL] unable to add SAD entry with SPI c1bbbdb9
08[KNL] received netlink error: Function not implemented (89)
08[KNL] unable to add SAD entry with SPI b351f7e6
08[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
08[IKE] failed to establish CHILD_SA, keeping IKE_SA
08[ENC] generating IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR) N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(NO_PROP) ]
08[NET] sending packet: from 79.a.b.b[4500] to 213.x.y.z[23272] (768 bytes)
06[NET] received packet: from 213.x.y.z[23272] to 79.a.b.b[4500] (80 bytes)
06[ENC] parsed INFORMATIONAL request 2 [ D ]
06[IKE] received DELETE for IKE_SA openwrt-android[3]
06[IKE] deleting IKE_SA openwrt-android[3] between 79.a.b.b[dummy-router]...213.x.y.z[C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host]
06[IKE] IKE_SA deleted
06[ENC] generating INFORMATIONAL response 2 [ ]
06[NET] sending packet: from 79.a.b.b[4500] to 213.x.y.z[23272] (80 bytes)
06[CFG] lease 192.168.m.1 by 'C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host' went offline

My configuration is:

conn openwrt-android
        left=%defaultroute
        leftsubnet=192.168.p.0/24
        leftcert=dummy-router_cert.der
        leftsendcert=no
        leftid="dummy-router" 
        lefthostaccess=yes
        leftfirewall=yes
        right=%any
        rightsourceip=192.168.40.0/24
        rightcert=android_cert.der
        rightid="C=XX, ST=XXX, L=XXX, O=XXX, CN=YYY, E=user@dummy.host" 
        auto=add
        dpdaction=clear
        keyingtries=%forever

I something I can do to make-it work again?
Thank you.

Sincerely,
G.V.

bug-log.txt (4.08 KB) bug-log.txt G. V., 12.06.2016 14:28

History

#1 Updated by G. V. almost 3 years ago

#2 Updated by Tobias Brunner almost 3 years ago

  • Tracker changed from Bug to Issue
  • Description updated (diff)
  • Category changed from android to configuration
  • Status changed from New to Feedback

The default proposals changed with 5.4.0. Looks like your kernel can't handle one of the selected algorithms (SHA2-256 probably).

I something I can do to make-it work again?

Change your ESP proposal (esp keyword), see ConnSection and IKEv2CipherSuites.

#3 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Change your ESP proposal (esp keyword), see ConnSection and IKEv2CipherSuites.

If I can edit a configuration file, yes, I can do this. But how do I do this in android? The strongswan application does not allow me specify ESP proposal (btw, there are a lot of options which I would like to change but I can't). Is there a hidden menu or something? Or should I set ESP proposal only on server side and hope that strongswan on android would just work?
Thank you.

Sincerely,
G.V.

#4 Updated by Tobias Brunner almost 3 years ago

Change your ESP proposal (esp keyword), see ConnSection and IKEv2CipherSuites.

If I can edit a configuration file, yes, I can do this. But how do I do this in android?

Why would you need to change the configuration on the client?

btw, there are a lot of options which I would like to change but I can't

For instance?

Or should I set ESP proposal only on server side and hope that strongswan on android would just work?

Yes, that's the whole point of the proposal negotiation.

#5 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Why would you need to change the configuration on the client?

On linux I have something like this on both client and server:
ike=aes256gcm16-sha2_512-modp2048!
esp=aes128gcm8-sha2_384-modp1024!

I would like to have something like this - if possible - also on android.

For instance?

the ability to specify left=, right=, rightsubnet= leftsubnet=, auto=route.
I can't remember all (The last time I did this was a year ago).

auto=route would be nice and the ability to start strongswan in android when OS start (with the possibility to switch this on/off)

Yes, that's the whole point of the proposal negotiation.

Maybe. But why not negotiation with user defined proposals?

Sincerely,
G.V.

#6 Updated by Tobias Brunner almost 3 years ago

Why would you need to change the configuration on the client?

On linux I have something like this on both client and server:
ike=aes256gcm16-sha2_512-modp2048!
esp=aes128gcm8-sha2_384-modp1024!

I would like to have something like this - if possible - also on android.

Just set that on the server. The client proposes all supported algorithms for IKE (includes all the algorithms you have there) and for ESP you might want to go with aes128gcm16-ecp256 (to see all proposed ESP proposals set the log level for cfg to 2 or look in the source - source:src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c#L789).

For instance?

the ability to specify left=, right=, rightsubnet= leftsubnet=, auto=route.
I can't remember all (The last time I did this was a year ago).

right is what you set as server address/hostname. left is determined automatically. leftsubnet is not useful as virtual IPs are used. rightsubnet can be set on the server (as leftsubnet).

auto=route would be nice and the ability to start strongswan in android when OS start (with the possibility to switch this on/off)

That's not possible on Android due to how it is implemented via VpnService API.

#7 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Just set that on the server. The client proposes all supported algorithms for IKE (includes all the algorithms you have there) and for ESP you might want to go with aes128gcm16-ecp256 (to see all proposed ESP proposals set the log level for cfg to 2 or look in the source - source:src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c#L789).

That's exactly that I would like to avoid on client. The client to try all supported algorithms for ike and esp. I would like the client to try only my specific subset of algorithms. It's a wish.

That's not possible on Android due to how it is implemented via VpnService API.

Then it's almost useless to me.

One more thing about android application. Not sure if I have to open a new ticket or maybe is an OS issue.

Create a new profile. Install a certificate (a pfx file) for this profile. Test the profile. Everything seems OK. Remove the pfx file from the device.
Use the profile for a while (several weeks). Then, suddenly, the profile does not work anymore. Choose edit profile. The user certificate is not there anymore.
I have to manually copy the pfx file on my device, edit profile, install the user certificate again. Use-it for another couple of weeks. Repeat. Annoying.
This is why I did not use strongswan for almost a year. Also, I don't want to keep the pfx file on the device.

Sincerely,
G.V.

#8 Updated by Tobias Brunner almost 3 years ago

Just set that on the server. The client proposes all supported algorithms for IKE (includes all the algorithms you have there) and for ESP you might want to go with aes128gcm16-ecp256 (to see all proposed ESP proposals set the log level for cfg to 2 or look in the source - source:src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c#L789).

That's exactly that I would like to avoid on client. The client to try all supported algorithms for ike and esp. I would like the client to try only my specific subset of algorithms. It's a wish.

The client does not try anything. It proposes to the server, the server selects. Done. As you apparently control the server I don't see a problem here.

That's not possible on Android due to how it is implemented via VpnService API.

Then it's almost useless to me.

Then don't use it. If it's just automatically starting connections, that can be done using shortcuts (see AndroidVPNClient).

One more thing about android application. Not sure if I have to open a new ticket or maybe is an OS issue.

Create a new profile. Install a certificate (a pfx file) for this profile. Test the profile. Everything seems OK. Remove the pfx file from the device.
Use the profile for a while (several weeks). Then, suddenly, the profile does not work anymore. Choose edit profile. The user certificate is not there anymore.

strongSwan does not manage private keys. These are stored in the system keystore, which does not rely on the PKCS#12 file after the key/certificate got imported. Perhaps some system updates regularly invalidate the keystore or just clear all keys/certs. Nothing the app can do about it, though.

#9 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

The client does not try anything. It proposes to the server, the server selects. Done. As you apparently control the server I don't see a problem here.

OK.

Then don't use it. If it's just automatically starting connections, that can be done using shortcuts (see AndroidVPNClient).

As you can see I don't use-it often.

strongSwan does not manage private keys. These are stored in the system keystore, which does not rely on the PKCS#12 file after the key/certificate got imported. Perhaps some system updates regularly invalidate the keystore or just clear all keys/certs. Nothing the app can do about it, though.

The application perhaps can read certificate from a file (like it does on Linux).

Anyway, thank you for your help. Later this day I will try to change ESP proposal on the server side and see if it works.

Sincerely,
G.V.

#10 Updated by G. V. almost 3 years ago

G. V. wrote:

Tobias Brunner wrote:
Change your ESP proposal (esp keyword), see ConnSection and IKEv2CipherSuites.

I did a small test whit a linux server (non openwrt). Does not appear to work correctly:

server configuration:
ike=aes256gcm16-sha2_512-modp8192!
esp=aes256gcm16-sha2_512-modp8192-esn-noesn!

server log:
charon: 15[IKE] DH group ECP_256 inacceptable, requesting MODP_2048

android client:
[IKE] peer didn't accept DH group ECP_256, it requested MODP_2048.

  1. ipsec statusall
    IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_512/MODP_2048
    xxxxx{6}: INSTALLED, TUNNEL, reqid 4, ESP in UDP SPIs: ....
    xxxxx{6}: AES_GCM_16_256, 0 bytes_i, 0 bytes_o, rekeying in 41 minutes

Why the server choose MODP_2048? I would expect MODP_8192 as instructed.

Sincerely,
G.V.

#11 Updated by Tobias Brunner almost 3 years ago

Why the server choose MODP_2048? I would expect MODP_8192 as instructed.

What other connections do you have defined in ipsec.conf? As responder only the IP addresses and IKE version are used to select a config. And if there are multiple connections that match (e.g. with right=%any) the first one is used. So check the IKE proposals of all your configs and change/reorder them.

#12 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Why the server choose MODP_2048? I would expect MODP_8192 as instructed.

What other connections do you have defined in ipsec.conf? As responder only the IP addresses and IKE version are used to select a config. And if there are multiple connections that match (e.g. with right=%any) the first one is used. So check the IKE proposals of all your configs and change/reorder them.

Yes, I have some connections (in separate files) that use %any and one of them is using MODP_2048:
ike=aes256gcm16-sha2_512-modp2048!
esp=aes128gcm8-sha2_384-modp1024!

But from the server's log file the connections file is loaded correctly for adroid connection:
....
charon: 09[CFG] selected peer config 'linux_host_name-android_device_name'
....
The connections that use MODP_2048 did not have rightauth2=eap-md5.'linux_host_name-android_device_name' have. And I cannot connect without user+password from android.
If I rename connection files and if android connection be loaded before the connection that use MODP_2048, the later will try to use MODP_8192 and this is not an option for me.

Anything else I can do?

#13 Updated by Tobias Brunner almost 3 years ago

The connections that use MODP_2048 did not have rightauth2=eap-md5.

That doesn't matter as only the IP addresses (and IKE version) are known when selecting an IKE config. Later the connection is chosen/switched based on the identities/authentication method.

Anything else I can do?

Define a proposal that works for all your clients (e.g. define one with multiple suites separated by commas).

#14 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Change your ESP proposal (esp keyword), see ConnSection and IKEv2CipherSuites.

This kind of work. Kind of.

Added the following lines to connection file:

ike=aes256gcm16-sha2_512-modp2048!
esp=aes128gcm8-sha2_384-modp1024!

start the tunnel from android and there is no go:
08[CFG] received proposals: ESP:AES_GCM_16_128/AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/H
MAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/HMAC_SHA
08[CFG] configured proposals: ESP:AES_GCM_8_128/MODP_1024/NO_EXT_SEQ

Changed esp to aes128gcm16-sha2_384-modp1024 and now is working.
Still, I cannot understand why is not working with aes128gcm8. There is no aes128gcm8 available on android?

Define a proposal that works for all your clients (e.g. define one with multiple suites separated by commas).

This only work if I can enforce proposal on client side.

This following configuration works since aes256gcm16-sha2_512-modp2048 can be enforced from the Linux client (first proposal is for android client, second for an slow Linux client):

ike=aes256gcm16-sha2_512-modp8192,aes256gcm16-sha2_512-modp2048!
esp=aes256gcm16-sha2_512-modp8192-esn-noesn,aes128gcm8-sha2_384-modp1024!

But if I need a one android connection (aes256gcm16-sha2_512-modp8192), one Linux connection (aes256gcm16-sha2_512-modp2048) and another android connection with an entirely different proposal, there is now way of doing-it. Right? Or I'm missing something?

Sincerely,
G.V.

#15 Updated by Tobias Brunner almost 3 years ago

Still, I cannot understand why is not working with aes128gcm8. There is no aes128gcm8 available on android?

Technically it is supported but as you can see it's not proposed because the 16-byte ICV is generally recommended.

But if I need a one android connection (aes256gcm16-sha2_512-modp8192), one Linux connection (aes256gcm16-sha2_512-modp2048) and another android connection with an entirely different proposal, there is now way of doing-it. Right? Or I'm missing something?

Not for IKE (unless you use different IPs on the server) but for ESP it is possible (as identities - except those for EAP - are used to switch connections).

#16 Updated by G. V. almost 3 years ago

Tobias Brunner wrote:

Technically it is supported but as you can see it's not proposed because the 16-byte ICV is generally recommended.

aes256gcm16 is going to kill my openwrt router. aes128gcm8 works more or less acceptable. For now, aes256gcm16 it is.

Not for IKE (unless you use different IPs on the server) but for ESP it is possible (as identities - except those for EAP - are used to switch connections).

OK, thank you.

You can close this issue since I do not receive "received netlink error: Function not implemented (89)" anymore (added ike=... and esp=... to on server side as you suggested).

Thank you for your help.

Sincerely,
Gabriel

#17 Updated by Tobias Brunner almost 3 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Technically it is supported but as you can see it's not proposed because the 16-byte ICV is generally recommended.

aes256gcm16 is going to kill my openwrt router. aes128gcm8 works more or less acceptable. For now, aes256gcm16 it is.

You may also use aes128gcm16 as the client proposes AES-GCM with both key sizes.

Also available in: Atom PDF