modp8192 not working in my setup
I'm facing a problem with DH Group 18 (modp8192).
This is my current configuration:
ipsec.conf -> Responder
config setup conn from_number7 auto = add esp = aes256-sha512-modp8192! ike = aes256-sha512-modp8192! keyexchange = ikev2 margintime = 3m left = 10.10.10.58 leftauth = psk leftid = "number6" leftsubnet = 192.168.10.0/24 right = 10.10.10.53 rightauth = psk rightid ="number7" rightsubnet = 192.168.100.0/24
There are no settings in strongswan.conf, except for a filelog. The PSK is obviously the same on both endpoint.
ipsec.conf -> Initiator
config setup conn to_number6 auto = start dpdaction = restart esp = aes256-sha512-modp8192! ike = aes256-sha512-modp8192! keyexchange = ikev2 keyingtries = %forever margintime = 3m left = 10.10.10.53 leftauth = psk leftid = "number7" leftsubnet = 192.168.100.0/24 right = 10.10.10.58 rightauth = psk rightid ="number6" rightsubnet = 192.168.10.0/24
With this configuration the connection will not establish. If i swap modp8192 with modp4096 the connection works.
I attached both logs from the responder side for both modp4096 and modp8192.
It looks like there is a problem with the DH exchange with modp8192:
Jan 1 01:52:13 16[ENC] <1> fouproposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192 Jan 1 01:52:13 16[CFG] <1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192 Jan 1 01:52:13 16[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_8192 Jan 1 01:52:13 16[LIB] <1> size of DH secret exponent: 8190 bits Jan 1 01:52:13 01[JOB] next event in 29s 359ms, waiting
Nothing seams to happen on the responder after that. There is now answer.
4 seconds later there is a retry from the initiator:
Jan 1 01:52:17 04[NET] received packet: from 10.10.10.53 to 10.10.10.58 Jan 1 01:52:17 04[ENC] parsing header of message ... Jan 1 01:52:17 15[MGR] ignoring request with ID 0, already processing ...
The initiator retries a couple of times.
I'm running Strongswan 5.0.3 on an ARM Cortex A8 embedded plattform with a custom linux distribution. My kernel version is 3.2. Let me know if you need more information or what I can do to debug this problem further.
Thanks in advance.
#1 Updated by Martin Willi over 6 years ago
- Status changed from New to Feedback
- Assignee set to Martin Willi
Jan 1 01:52:13 16[LIB] <1> size of DH secret exponent: 8190 bits ... Jan 1 01:52:45 16[ENC] <1> added payload of type SECURITY_ASSOCIATION to message ... Jan 1 01:52:45 12[JOB] <1> deleting half open IKE_SA after timeout Jan 1 01:52:45 12[MGR] <1> checkin and destroy IKE_SA (unnamed)
Such large DH exponents are computationally very expensive. On your ARM board, it takes 32 seconds on the responder to complete the computation.
Charon has a timeout on the responder for created-but-not-established IKE_SAs, which defaults to 30 seconds. Therefore, the IKE_SA just gets discarded once the computation is done.
If you really need such strong DH exponents, you may try to increase the half-open timeout using the charon.half_open_timeout strongswan.conf option.