Project

General

Profile

Issue #2808

Windows 10 IKEv2 connection to StrongSwan always degrades after minutes or few hours

Added by Alexander B about 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
configuration
Affected version:
5.7.1
Resolution:
No change required

Description

I am using StrongSwan on Ubuntu (€3 virtual server offered by Hetzner) to provide VPN for family and friends. My setup uses SSL certificate provided by Let's encrypt and individual logins/passwords.

While iOS and Android users experience no issues, Windows 10 works with StrongSwan unreliably. After minutes or hours of regular use I see an exclamation point in the system tray and web sites stop loading.

Syslog gets filled with itens of thousands of identical lines:

Oct 24 19:51:18 algo charon: 16[ENC] parsed CREATE_CHILD_SA request 31291 [ SA No TSi TSr KE ]
Oct 24 19:51:18 algo charon: 16[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 19:51:18 algo charon: 16[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
Oct 24 19:51:18 algo charon: 16[ENC] generating CREATE_CHILD_SA response 31291 [ N(NO_PROP) ]
Oct 24 19:51:18 algo charon: 09[ENC] parsed CREATE_CHILD_SA request 31292 [ SA No TSi TSr KE ]
Oct 24 19:51:18 algo charon: 09[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 19:51:18 algo charon: 09[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
Oct 24 19:51:18 algo charon: 09[ENC] generating CREATE_CHILD_SA response 31292 [ N(NO_PROP) ]

Disconnecting and reconnecting built-in VPN client in Windows solves the problem, but later it reoccurs again.

I use strongSwan 5.5.1. My system is "Linux algo 4.13.0-46-generic #51-Ubuntu SMP" (Ubuntu 17.10). I also use DNSmasq on the same machine to block known adware hosts and torrent trackers.

As a client, I use 64-bit version of Windows 10 Professional 1803 build 17134.345.

My syslog is saved (with redundant lines removed) at https://pastebin.com/xHw1N30K

My /etc/ipsec.conf is below. My server has FQN v.bougakov.com, 172.16.0.1 is the internal IP where dnsmasq is working on:

config setup
        strictcrlpolicy=yes
        uniqueids=never
        charondebug="cfg 1, dmn 1, ike 0, net 0" 
conn roadwarrior
        auto=add
        compress=no
        type=tunnel
        keyexchange=ikev2
        fragmentation=no # changing from yes to no didn't help
        forceencaps=yes
        ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384!
        esp=aes256gcm16-sha256!
        dpdaction=clear
        dpddelay=35s
        rekey=no
        left=%any
        leftid=@v.bougakov.com
        leftcert=cert.pem
        leftsendcert=always
        leftsubnet=0.0.0.0/0,::/0
        right=%any
        rightid=%any
        rightauth=eap-mschapv2
        eap_identity=%any
        rightsendcert=never
        rightsourceip=10.19.48.0/24,fd9d:bc11:4020::/48
        rightdns=172.16.0.1

Here is my iptables (blocked IPs in there are hosts known to be used by Russian authorities to detect VPN servers, ignore those lines): https://pastebin.com/AMVXriGE

I used the following PowerShell script to create VPN connection in Windows 10:

Add-VpnConnection -Name "v.bougakov.com" `
  -ServerAddress "v.bougakov.com" `
  -TunnelType IKEv2 `
  -RememberCredential `
  -EncryptionLevel Maximum `
  -AuthenticationMethod EAP

Set-VpnConnectionIPsecConfiguration -ConnectionName "v.bougakov.com" `
  -AuthenticationTransformConstants GCMAES256 `
  -CipherTransformConstants GCMAES256 `
  -EncryptionMethod AES256 `
  -IntegrityCheckMethod SHA256 `
  -DHGroup ECP384 `
  -PfsGroup ECP384 `
  -Force

Registry parameter called NegotiateDH2048_AES256 isn't present in my system (so it defaults to "0"). Adding it and setting it to 1 or 2 caused connection error "policy mismatch".

iOS devices use the following configuration profile: https://v.bougakov.com/assets/setupfiles/vpn.mobileconfig Android users connect with StrongSwan app from Google play using just login + password and correct host name. Both have zero issues and can use VPN for days.

I tried to spot the exact factor that triggers the connection to become broken but I can't find it in the logs. I tried changing various options, for example, make_before_break = yes in charon.conf - it didn't help. I am not sure whether it is a bug or some issue with my config. I am confused by NO_PROP in generating CREATE_CHILD_SA response XXX [ N(NO_PROP) ] in the log, but couldn't figure it out.

Any advice would be appreciated.

History

#1 Updated by Alexander B about 2 months ago

A problem must be occurring somewhere here, where NO_PROP is first encountered:

Oct 24 16:19:22 algo charon: 05[ENC] parsed INFORMATIONAL request 144 [ ]
Oct 24 16:19:22 algo charon: 05[ENC] parsed INFORMATIONAL response 154 [ ]
Oct 24 16:19:27 algo charon: 08[ENC] parsed CREATE_CHILD_SA request 7 [ N(REKEY_SA) SA No TSi TSr KE ]
Oct 24 16:19:27 algo charon: 08[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 16:19:27 algo charon: 08[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
Oct 24 16:19:27 algo charon: 08[ENC] generating CREATE_CHILD_SA response 7 [ N(NO_PROP) ]
Oct 24 16:19:32 algo charon: 11[ENC] parsed CREATE_CHILD_SA request 7 [ N(REKEY_SA) SA No TSi TSr KE ]
Oct 24 16:19:32 algo charon: 06[ENC] parsed CREATE_CHILD_SA request 7 [ N(REKEY_SA) SA No TSi TSr KE ]
Oct 24 16:19:32 algo charon: 07[ENC] parsed CREATE_CHILD_SA request 7 [ N(REKEY_SA) SA No TSi TSr KE ]
Oct 24 16:19:39 algo charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Oct 24 16:19:39 algo charon: 16[IKE] 31.173.85.196 is initiating an IKE_SA
Oct 24 16:19:39 algo charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Oct 24 16:19:39 algo charon: 09[ENC] unknown attribute type (25)
Oct 24 16:19:39 algo charon: 09[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(EAP_ONLY) ]
Oct 24 16:19:39 algo charon: 09[CFG] looking for peer configs matching 195.201.92.0[v.bougakov.com]...31.173.85.196[v.bougakov.com]
Oct 24 16:19:39 algo charon: 09[CFG] selected peer config 'roadwarrior'
Oct 24 16:19:39 algo charon: 09[ENC] generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
Oct 24 16:19:39 algo charon: 09[ENC] splitting IKE message with length of 3595 bytes into 3 fragments
Oct 24 16:19:39 algo charon: 09[ENC] generating IKE_AUTH response 1 [ EF(1/3) ]
Oct 24 16:19:39 algo charon: 09[ENC] generating IKE_AUTH response 1 [ EF(2/3) ]
Oct 24 16:19:39 algo charon: 09[ENC] generating IKE_AUTH response 1 [ EF(3/3) ]
Oct 24 16:19:39 algo charon: 05[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Oct 24 16:19:39 algo charon: 05[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Oct 24 16:19:39 algo charon: 14[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Oct 24 16:19:39 algo charon: 14[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Oct 24 16:19:40 algo charon: 13[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Oct 24 16:19:40 algo charon: 13[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
Oct 24 16:19:40 algo charon: 12[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Oct 24 16:19:40 algo charon: 12[IKE] IKE_SA roadwarrior[14] established between 195.201.92.0[v.bougakov.com]...31.173.85.196[v.bougakov.com]
Oct 24 16:19:40 algo charon: 12[CFG] assigning new lease to 'user0030'
Oct 24 16:19:40 algo charon: 12[CFG] assigning new lease to 'user0030'
Oct 24 16:19:40 algo charon: 12[IKE] CHILD_SA roadwarrior{14} established with SPIs c0945a9f_i 090e1a65_o and TS 0.0.0.0/0 ::/0 === 10.19.48.7/32 fd9d:bc11:4020::7/128
Oct 24 16:19:40 algo charon: 12[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR ADDR6 DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) ]
Oct 24 16:19:54 algo charon: 06[CFG] lease fd9d:bc11:4020::6 by 'bougakov' went offline
Oct 24 16:19:54 algo charon: 06[CFG] lease 10.19.48.6 by 'bougakov' went offline
Oct 24 16:19:57 algo charon: 09[ENC] generating INFORMATIONAL request 155 [ ]
Oct 24 16:20:02 algo charon: 14[ENC] parsed INFORMATIONAL request 6 [ N(UPD_SA_ADDR) N(NATD_S_IP) N(NATD_D_IP) ]
Oct 24 16:20:02 algo charon: 14[ENC] generating INFORMATIONAL response 6 [ N(NATD_S_IP) N(NATD_D_IP) ]
Oct 24 16:20:35 algo charon: 05[ENC] parsed CREATE_CHILD_SA request 8 [ N(REKEY_SA) SA No TSi TSr KE ]
Oct 24 16:20:35 algo charon: 09[MGR] ignoring request with ID 8, already processing
Oct 24 16:20:35 algo charon: 15[MGR] ignoring request with ID 8, already processing
Oct 24 16:20:35 algo charon: 05[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 16:20:35 algo charon: 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
Oct 24 16:20:35 algo charon: 05[ENC] generating CREATE_CHILD_SA response 8 [ N(NO_PROP) ]
Oct 24 16:20:44 algo charon: 08[ENC] parsed INFORMATIONAL request 9 [ D ]
Oct 24 16:20:44 algo charon: 08[IKE] closing CHILD_SA roadwarrior{6} with SPIs c17f0a47_i (2958318 bytes) 01f4fd70_o (31879725 bytes) and TS 0.0.0.0/0 ::/0 === 10.19.48.2/32 fd9d:bc11:4020::2/128
Oct 24 16:20:44 algo charon: 11[MGR] ignoring request with ID 9, already processing
Oct 24 16:20:44 algo charon: 11[MGR] ignoring request with ID 9, already processing
Oct 24 16:20:44 algo charon: 08[ENC] generating INFORMATIONAL response 9 [ D ]
Oct 24 16:20:46 algo charon: 06[ENC] parsed CREATE_CHILD_SA request 10 [ SA No TSi TSr KE ]
Oct 24 16:20:46 algo charon: 06[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 16:20:46 algo charon: 06[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ
Oct 24 16:20:46 algo charon: 06[ENC] generating CREATE_CHILD_SA response 10 [ N(NO_PROP) ]
Oct 24 16:20:48 algo charon: 09[ENC] parsed CREATE_CHILD_SA request 10 [ SA No TSi TSr KE ]
Oct 24 16:20:54 algo charon: 14[ENC] parsed CREATE_CHILD_SA request 11 [ SA No TSi TSr KE ]
Oct 24 16:20:54 algo charon: 13[MGR] ignoring request with ID 11, already processing
Oct 24 16:20:54 algo charon: 10[MGR] ignoring request with ID 11, already processing
Oct 24 16:20:54 algo charon: 14[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 16:20:54 algo charon: 14[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ

after this snippet nothing substantial happens, just thousands of identical lines fill the syslog.

#2 Updated by Noel Kuntze about 2 months ago

The configured and received proposals are obviously not the same or the received one is not a subset of the configured one.

Oct 24 16:20:35 algo charon: 05[CFG] received proposals: ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ
Oct 24 16:20:35 algo charon: 05[CFG] configured proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ

#3 Updated by Noel Kuntze about 2 months ago

  • Category changed from windows to configuration
  • Status changed from New to Feedback

#4 Updated by Alexander B about 2 months ago

Noel, why would Windows 10 VPN client change its behavior during the session? It connects and works some time just OK..
Can you please suggest the edit to my configuration that would address this problem? Thank you in advance.

#5 Updated by Noel Kuntze about 2 months ago

It doesn't change its behaviour. It does exactly what it is supposed to be doing. It tries to rekey the CHILD_SA, but that fails, because you did not configure PFS on the server side, but the Windows client wants to use PFS.
You need to change your phase two cipher configuration to use PFS with ecp384.
That looks like that: esp=aes256gcm16-ecp384
Enable fragmentation or you will have more fun problems later.
Also, your cipher proposals in phase one are invalid.
Change ike=aes256gcm16-sha256-ecp521,aes256-sha256-ecp384! to ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 to make them valid. You can not propose a HMAC with AEAD algorithm. the AEAD algorithm always provides confidentiality and authenticity for the messages. You can not mix that and make the HMAC provide authenticity and the AEAD algorithm only confidentiality.

#6 Updated by Alexander B about 2 months ago

Noel, thank you. I figured no. 1 out after your hint myself, and fixed no. 2 as well.

Since understanding various ciphers is clearly above my paygrade, I "borrowed" that setting in my setup either from https://github.com/trailofbits/algo project, or from https://github.com/jawj/IKEv2-setup . I will try to figure out where the wrong configuration was posted and send pull request with a fix there to address this.

#7 Updated by Alexander B about 2 months ago

Tracked the source of the incorrect setting and created a ticket: https://github.com/jawj/IKEv2-setup/issues/72

Noel, once again thanks for patient and clear explanation, it is very much appreciated.

#8 Updated by Noel Kuntze about 2 months ago

  • Status changed from Feedback to Closed
  • Assignee set to Noel Kuntze
  • Resolution set to No change required

You're welcome.

#9 Updated by George MacKerron about 2 months ago

I'm the maintainer of the IKEv2-setup project Alexander B refers to above. I think I've now fixed the cipher setup. Choosing ciphers was evidently above my paygrade too!

The project has a few hundred stars and forks, so if anyone on the strongSwan team were willing to review the settings in general, that could be helpful and would be much appreciated.

Also available in: Atom PDF