Project

General

Profile

Issue #3354

Apple iPhone (iOS 12.4.5) not able to connect

Added by Michael Schlapa 5 months ago. Updated 5 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.7.1
Resolution:

Description

Hi all,

we're hitting an issue where iPhones (verified with iOS version 12.4.5, but others may be affected) can't connect to our strongSwan server.

The server logs seem fine:

strongswan: 179[IKE] received end entity cert "CN=ios.<ClientID>" 
strongswan: 179[CFG] looking for peer configs matching <ServerIP>[<ServerID>]...<ClientIP>[ios.<ClientID>]
strongswan: 179[CFG]   candidate "android", match: 1/1/28 (me/other/ike)
strongswan: 179[CFG]   candidate "iosV2", match: 1/1/28 (me/other/ike)
strongswan: 179[CFG]   candidate "test", match: 20/1/28 (me/other/ike)
strongswan: 179[CFG] selected peer config 'test'
strongswan: 179[CFG]   using certificate "CN=ios.<ClientID>" 
strongswan: 179[CFG]   certificate "CN=ios.<ClientID>" key: 2048 bit RSA
strongswan: 179[CFG]   using trusted ca certificate "CN=test" 
strongswan: 179[CFG] checking certificate status of "CN=ios.<ClientID>" 
strongswan: 179[CFG] ocsp check skipped, no ocsp found
strongswan: 179[CFG] certificate status is not available
strongswan: 179[CFG]   certificate "CN=test" key: 2048 bit RSA
strongswan: 179[CFG]   reached self-signed root ca with a path length of 0
strongswan: 179[IKE] authentication of 'ios.<ClientID>' with RSA signature successful
strongswan: 179[IKE] processing INTERNAL_IP4_ADDRESS attribute
strongswan: 179[IKE] processing INTERNAL_IP4_DHCP attribute
strongswan: 179[IKE] processing INTERNAL_IP4_DNS attribute
strongswan: 179[IKE] processing INTERNAL_IP4_NETMASK attribute
strongswan: 179[IKE] processing INTERNAL_IP6_ADDRESS attribute
strongswan: 179[IKE] processing INTERNAL_IP6_DHCP attribute
strongswan: 179[IKE] processing INTERNAL_IP6_DNS attribute
strongswan: 179[IKE] processing (25) attribute
strongswan: 179[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
strongswan: 179[IKE] peer supports MOBIKE
strongswan: 179[IKE] authentication of '<ServerID>' (myself) with RSA signature successful
strongswan: 179[IKE] IKE_SA test[49] established between <ServerIP>[<ServerID>]...<ClientIP>[ios.<ClientID>]
strongswan: 179[IKE] IKE_SA test[49] state change: CONNECTING => ESTABLISHED
strongswan: 179[IKE] scheduling rekeying in 10090s
strongswan: 179[IKE] maximum IKE_SA lifetime 10630s
strongswan: 179[IKE] sending end entity cert "CN=<ServerID>" 
strongswan: 179[IKE] sending issuer cert "C=US, O=thawte, Inc., CN=thawte SSL CA - G2" 
strongswan: 179[IKE] peer requested virtual IP %any
strongswan: 179[CFG] assigning new lease to 'ios.<ClientID>'
strongswan: 179[IKE] assigning virtual IP 172.20.0.3 to peer 'ios.<ClientID>'
strongswan: 179[IKE] peer requested virtual IP %any6
strongswan: 179[IKE] no virtual IP found for %any6 requested by 'ios.<ClientID>'
strongswan: 179[IKE] building INTERNAL_IP4_DNS attribute
strongswan: 179[CFG] looking for a child config for 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0
strongswan: 179[CFG] proposing traffic selectors for us:
strongswan: 179[CFG]  0.0.0.0/0
strongswan: 179[CFG] proposing traffic selectors for other:
strongswan: 179[CFG]  172.20.0.3/32
strongswan: 179[CFG]   candidate "test" with prio 10+2
strongswan: 179[CFG] found matching child config "test" with prio 12
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable ENCRYPTION_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable ENCRYPTION_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable ENCRYPTION_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable ENCRYPTION_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable INTEGRITY_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable ENCRYPTION_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   no acceptable INTEGRITY_ALGORITHM found
strongswan: 179[CFG] selecting proposal:
strongswan: 179[CFG]   proposal matches
strongswan: 179[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
strongswan: 179[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_GCM_16_128/ECP_256/NO_EXT_SEQ, ESP:AES_GCM_16_256/ECP_384/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/ECP_384/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_4096/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_4096/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1536/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/MODP_1536/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_1536/NO_EXT_SEQ, ESP:AES_GCM_16_128/NO_EXT_SEQ, ESP:AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
strongswan: 179[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
strongswan: 179[CFG] selecting traffic selectors for us:
strongswan: 179[CFG]  config: 0.0.0.0/0, received: 0.0.0.0/0 => match: 0.0.0.0/0
strongswan: 179[CFG]  config: 0.0.0.0/0, received: ::/0 => no match
strongswan: 179[CFG] selecting traffic selectors for other:
strongswan: 179[CFG]  config: 172.20.0.3/32, received: 0.0.0.0/0 => match: 172.20.0.3/32
strongswan: 179[CFG]  config: 172.20.0.3/32, received: ::/0 => no match
strongswan: 179[IKE] CHILD_SA test{29} established with SPIs cc38394b_i 04ee6e2f_o and TS 0.0.0.0/0 === 172.20.0.3/32

But we're seeing something in the client logs:

trustd[117] <Notice>: cert[0]: Revocation =(leaf)[force]> 0
trustd[117] <Notice>: cert[0]: Revocation =(leaf)[force]> 0
trustd[117] <Notice>: cert[0]: Revocation =(path)[force]> 0
neagent(Security)[1128] <Notice>:  [leaf Revocation0]
neagent(NetworkExtension)[1128] <Error>: ikev2_crypto_cert_is_trusted:2902 Certificate evaluation error = kSecTrustResultFatalTrustFailure
neagent(NetworkExtension)[1128] <Error>: ikev2_crypto_remote_cert_and_s:3166 Certificate is not trusted
neagent(NetworkExtension)[1128] <Error>: ikev2_ike_auth_initiator_recei:259  Certificate authentication data could not be verified
neagent(NetworkExtension)[1128] <Error>: ikev2_fsm_connect_block_invoke:737  Failed to process IKE Auth packet (connect)

It seems related to https://wiki.strongswan.org/issues/2789, but we checked the RootCA.
It is Thawte and neither the RootCA nor the Intermediate is revoked.

Any more ideas?

Best regards,
Michael Schlapa

History

#1 Updated by Michael Schlapa 5 months ago

Some additional information: The issue started on 2020-02-28 and affected all iOS devices we know of.

#2 Updated by Tobias Brunner 5 months ago

  • Category set to configuration
  • Status changed from New to Feedback
  • Priority changed from High to Normal

It is Thawte and neither the RootCA nor the Intermediate is revoked.

What about the end-entity cert? That's what the client seems to complain about. Is it valid/expired/revoked? Does it contain the server's hostname (<ServerID>) as subjectAltName extension?

#3 Updated by Michael Schlapa 5 months ago

The server certificate is valid till July, 26th and not revoked. The subjectAltName contains the server's hostname.

The Android clients are not affected and are working lika a charm.

#4 Updated by Tobias Brunner 5 months ago

The Android clients are not affected and are working lika a charm.

Then I'd say, please ask Apple about it.

#5 Updated by Michael Schlapa 5 months ago

I feared that this would be your reply. Thanks for the fast help so far.

Could you keep this ticket open till the day after tomorrow? I'll try to get back to give you the solution of the problem.

Also available in: Atom PDF