Project

General

Profile

Issue #3247

proposal selected but INVAL_KE returned

Added by Glen Huang 10 days ago. Updated 7 days ago.

Status:
Closed
Priority:
Normal
Category:
configuration
Affected version:
5.8.1
Resolution:
No change required

Description

I found a pretty strange thing in my logs

ECP_256 was selected, but returned INVAL_KE, and accepted it the second time.

Is this a bug or I didn't configure strongswan properly? The client is an iOS.

07[NET] received packet: from 2.2.2.2[500] to 192.168.1.2[500]
07[NET] waiting for data on sockets
14[MGR] checkout IKEv2 SA by message with SPIs 1xxxxxxxxx_i 0000000000000000_r
14[MGR] created IKE_SA (unnamed)[1]
14[NET] received packet: from 2.2.2.2[500] to 192.168.1.2[500] (604 bytes)
14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
14[CFG] looking for an IKEv2 config for 192.168.1.2...2.2.2.2
14[CFG]   candidate: %any...%any, prio 28
14[CFG]   candidate: %any...%any, prio 28
14[CFG]   candidate: %any...%any, prio 28
14[CFG] found matching ike config: %any...%any with prio 28
14[IKE] 2.2.2.2 is initiating an IKE_SA
14[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
14[CFG] selecting proposal:
14[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
14[CFG] selecting proposal:
14[CFG]   proposal matches
14[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
14[CFG] configured proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
14[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
14[IKE] local host is behind NAT, sending keep alives
14[IKE] remote host is behind NAT
14[IKE] DH group MODP_2048 unacceptable, requesting ECP_256
14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
14[NET] sending packet: from 192.168.1.2[500] to 2.2.2.2[500] (38 bytes)
14[MGR] checkin and destroy IKE_SA (unnamed)[1]
14[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
14[MGR] checkin and destroy of IKE_SA successful
02[JOB] next event in 19s 999ms, waiting
06[NET] sending packet: from 192.168.1.2[500] to 2.2.2.2[500]
07[NET] received packet: from 2.2.2.2[500] to 192.168.1.2[500]
07[NET] waiting for data on sockets
13[MGR] checkout IKEv2 SA by message with SPIs 1xxxxxxxxx_i 0000000000000000_r
13[MGR] created IKE_SA (unnamed)[2]
13[NET] received packet: from 2.2.2.2[500] to 192.168.1.2[500] (412 bytes)
13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
13[CFG] looking for an IKEv2 config for 192.168.1.2...2.2.2.2
13[CFG]   candidate: %any...%any, prio 28
13[CFG]   candidate: %any...%any, prio 28
13[CFG]   candidate: %any...%any, prio 28
13[CFG] found matching ike config: %any...%any with prio 28
13[IKE] 2.2.2.2 is initiating an IKE_SA
13[IKE] IKE_SA (unnamed)[2] state change: CREATED => CONNECTING
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
13[CFG] selecting proposal:
13[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
13[CFG] selecting proposal:
13[CFG]   proposal matches
13[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
13[CFG] configured proposals: IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
13[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
13[IKE] local host is behind NAT, sending keep alives
13[IKE] remote host is behind NAT
13[IKE] sending cert request for "CN=IKEv2 CA" 
13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
13[NET] sending packet: from 192.168.1.2[500] to 2.2.2.2[500] (289 bytes)
13[MGR] checkin IKE_SA (unnamed)[2]
13[MGR] checkin of IKE_SA successful

History

#1 Updated by Tobias Brunner 10 days ago

  • Category set to configuration
  • Status changed from New to Feedback

Nothing wrong or strange about this. The initiator guessed the "wrong" DH group for the public value in the KE payload (read RFC 7296, section 1.2 for details), so it has to retry with the group the responder selected from the proposal.

If you are fine with the group the initiator selected, you could disable charon.prefer_configured_proposals so any selection by the initiator that doesn't violate the responder's config is accepted (or just change the proposal to what the client proposes). Ideally you'd change the initiator's config so it proposed the DH group you actually want from the start.

#2 Updated by Glen Huang 7 days ago

Crystal clear, thanks.

I didn't use a configuration profile, so it defaults to modp1024.

#3 Updated by Tobias Brunner 7 days ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

I didn't use a configuration profile, so it defaults to modp1024.

Not sure what you are referring to but one of the groups above is modp2048 (the one proposed by the initiator), the other ecp256 (the one selected by the responder).

Also available in: Atom PDF