Project

General

Profile

Issue #506

modp8192 not working in my setup

Added by Christian Liebscher over 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Affected version:
5.0.3
Resolution:
No feedback

Description

Hi,

I'm facing a problem with DH Group 18 (modp8192).

This is my current configuration:

ipsec.conf -> Responder

config setup

conn from_number7
  auto = add
  esp = aes256-sha512-modp8192!
  ike = aes256-sha512-modp8192!
  keyexchange = ikev2
  margintime = 3m
  left = 10.10.10.58
  leftauth = psk
  leftid = "number6" 
  leftsubnet = 192.168.10.0/24
  right = 10.10.10.53
  rightauth = psk
  rightid ="number7" 
  rightsubnet = 192.168.100.0/24

There are no settings in strongswan.conf, except for a filelog. The PSK is obviously the same on both endpoint.

ipsec.conf -> Initiator

config setup

conn to_number6
  auto = start
  dpdaction = restart
  esp = aes256-sha512-modp8192!
  ike = aes256-sha512-modp8192!
  keyexchange = ikev2
  keyingtries = %forever
  margintime = 3m
  left = 10.10.10.53
  leftauth = psk
  leftid = "number7" 
  leftsubnet = 192.168.100.0/24
  right = 10.10.10.58
  rightauth = psk
  rightid ="number6" 
  rightsubnet = 192.168.10.0/24

With this configuration the connection will not establish. If i swap modp8192 with modp4096 the connection works.

I attached both logs from the responder side for both modp4096 and modp8192.

It looks like there is a problem with the DH exchange with modp8192:

Jan  1 01:52:13 16[ENC] <1> fouproposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192
Jan  1 01:52:13 16[CFG] <1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192
Jan  1 01:52:13 16[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192
Jan  1 01:52:13 16[LIB] <1> size of DH secret exponent: 8190 bits
Jan  1 01:52:13 01[JOB] next event in 29s 359ms, waiting

Nothing seams to happen on the responder after that. There is now answer.
4 seconds later there is a retry from the initiator:

Jan  1 01:52:17 04[NET] received packet: from 10.10.10.53[500] to 10.10.10.58[500]
Jan  1 01:52:17 04[ENC] parsing header of message
...
Jan  1 01:52:17 15[MGR] ignoring request with ID 0, already processing
...

The initiator retries a couple of times.

I'm running Strongswan 5.0.3 on an ARM Cortex A8 embedded plattform with a custom linux distribution. My kernel version is 3.2. Let me know if you need more information or what I can do to debug this problem further.

Thanks in advance.

modp4096.txt (77.7 KB) modp4096.txt Christian Liebscher, 31.01.2014 14:40
modp8192.txt (29.5 KB) modp8192.txt Christian Liebscher, 31.01.2014 14:40

History

#1 Updated by Martin Willi over 6 years ago

  • Status changed from New to Feedback
  • Assignee set to Martin Willi

Hi Christian,

Jan  1 01:52:13 16[LIB] <1> size of DH secret exponent: 8190 bits
...
Jan  1 01:52:45 16[ENC] <1> added payload of type SECURITY_ASSOCIATION to message
...
Jan  1 01:52:45 12[JOB] <1> deleting half open IKE_SA after timeout
Jan  1 01:52:45 12[MGR] <1> checkin and destroy IKE_SA (unnamed)[1]

Such large DH exponents are computationally very expensive. On your ARM board, it takes 32 seconds on the responder to complete the computation.

Charon has a timeout on the responder for created-but-not-established IKE_SAs, which defaults to 30 seconds. Therefore, the IKE_SA just gets discarded once the computation is done.

If you really need such strong DH exponents, you may try to increase the half-open timeout using the charon.half_open_timeout strongswan.conf option.

Regards
Martin

#2 Updated by Martin Willi almost 6 years ago

  • Status changed from Feedback to Closed
  • Resolution set to No feedback

Also available in: Atom PDF