Frequently Asked Questions (FAQ) » History » Version 7
Daniel Mentz, 13.11.2009 17:03
Can't disable NAT traversal in charon
| 1 | 5 | Martin Willi | h1. Frequently Asked Questions |
|---|---|---|---|
| 2 | 1 | Martin Willi | |
| 3 | 1 | Martin Willi | |
| 4 | 6 | Tobias Brunner | *Q:* _I'm trying to set up a VPN tunnel with a ZyXELL/Linksys/X router but the other side keeps on telling me "no proposal chosen" when strongSwan initiates the connection._ |
| 5 | 5 | Martin Willi | |
| 6 | 6 | Tobias Brunner | *A:* Make sure that the peer supports all the algorithms (including the key lengths) which strongSwan proposes for IKE and ESP. In terms of IKE, the proposal consists of the following parts: Encryption algorithm, hash algorithm (PRF) and DH group. In terms of ESP the proposal includes the following: Encryption algorithm, hash algorithm, pfs group (DH group) and *compression algorithm*. There are lots of IPsec implementations out there that do *not* support compression or have implemented it erronously. So the first thing to try in this situation is to switch compression off on the peer. strongSwan's default setting is |
| 7 | 5 | Martin Willi | <pre> |
| 8 | 1 | Martin Willi | compress=no |
| 9 | 1 | Martin Willi | </pre> |
| 10 | 1 | Martin Willi | See also Chapter "14.1 Authentication and encryption algorithms":http://www.strongswan.org/docs/readme4.htm#section_14.1 of the strongSwan documentation. It has good information about the relevant parameters. |
| 11 | 1 | Martin Willi | |
| 12 | 6 | Tobias Brunner | *Q:* _I'm getting the error message "no RSA public key known for '....' ". What am I doing wrong?_ |
| 13 | 1 | Martin Willi | |
| 14 | 6 | Tobias Brunner | *A:* If you are using RSA based signatures for authentication strongSwan needs to have the peer's RSA public key in order to verify its authentication. This public key can be provided either by using the @rightrsasigkey@ directive in the configuration file which was popular with FreeS/WAN or it can be extracted from the peer's X.509 certificate. This certificate can in turn be preloaded via the @rightcert@ directive if it is available locally or it can be requested from the remote end by a _certificate request_. Now if the certificate is missing one reason might be that the remote end refused to send it. Another reason could be that strongSwan did not send a _certificate request_. This happens if you set the @nocrsend@ option to @yes@. The Astaro Security Gateway which uses strongSwan behind the scene is known to do that. In order to make the IPsec connection work in that scenario you need to set @leftsendcert@ to @yes@ on the other end. With @leftsendcert=yes@ strongSwan sends its certificate across even if no _certificate request_ was received. This helps to interoperate with some misconfigured peers. |
| 15 | 5 | Martin Willi | |
| 16 | 1 | Martin Willi | *Q:* _I want to set up strongSwan to interoperate with Microsoft Windows using L2TP/IPsec. I'm getting the error message "NAT-Traversal: Transport mode disabled due to security concerns" which results in strongSwan sending an encrypted notification BAD_PROPOSAL_SYNTAX_ |
| 17 | 5 | Martin Willi | |
| 18 | 6 | Tobias Brunner | *A:* Here is a quote from strongSwan lead developer Andreas Steffen on how to deal with this problem: |
| 19 | 1 | Martin Willi | |
| 20 | 6 | Tobias Brunner | NAT-Traversal with IPsec transport mode has some inherent security risks. Since Microsoft doesn't care about this please compile strongSwan with the option |
| 21 | 3 | Martin Willi | <pre> |
| 22 | 3 | Martin Willi | ./configure --enable-nat-transport |
| 23 | 1 | Martin Willi | </pre> |
| 24 | 5 | Martin Willi | |
| 25 | 3 | Martin Willi | *Q:* _Does strongSwan support IKEv1 Aggressive Mode?_ |
| 26 | 1 | Martin Willi | |
| 27 | 6 | Tobias Brunner | *A:* Quote from Andreas Steffen: |
| 28 | 6 | Tobias Brunner | bq. No, strongSwan does *not* support IKEv1 Aggressive Mode and *never* will. Otherwise we would have called the project "weakSwan". |
| 29 | 4 | Martin Willi | |
| 30 | 6 | Tobias Brunner | *Q:* _strongSwan fails to initiate a connection to a peer. I'm using RSA authentication and I noticed the two error messages:_ |
| 31 | 5 | Martin Willi | <pre> |
| 32 | 4 | Martin Willi | discarding duplicate packet; already STATE_MAIN_I3 |
| 33 | 5 | Martin Willi | </pre> |
| 34 | 6 | Tobias Brunner | _on the initiator side and_ |
| 35 | 5 | Martin Willi | <pre> |
| 36 | 4 | Martin Willi | max number of retransmissions (2) reached STATE_MAIN_R2 |
| 37 | 5 | Martin Willi | </pre> |
| 38 | 6 | Tobias Brunner | _on the responder side._ |
| 39 | 1 | Martin Willi | |
| 40 | 5 | Martin Willi | *A:* This problem might be related to the Path MTU (Maximum Transmission Unit). The IKE protocol is transported in UDP datagrams. As result the UDP datagrams also contain the X.509 certificate you are using. Now, if you're using a large certificate the UDP datagram might get bigger than the PMTU. That's the point where IP fragmentation kicks in and cuts your IP packet / UDP datagram in two or more pieces. There are some firewalls out there that strictly block IP fragments and therefore hamper your IKE connection. Large X.509 certificates could result from long Distinguished names or from long RSA keys (2048 bit). As a workaround you can reconfigure your firewall, try to make your certificates smaller or preload the certificates on both sides and thereby get away without transmitting the certificates over UDP. |
| 41 | 7 | Daniel Mentz | |
| 42 | 7 | Daniel Mentz | *Q:* How can I turn off NAT traversal in charon (IKEv2) ? |
| 43 | 7 | Daniel Mentz | |
| 44 | 7 | Daniel Mentz | *A:* NAT traversal cannot be disabled in the IKEv2 charon daemon. If you don't like automatic port floating to UDP/4500 due to the MOBIKE protocol (RFC 4555) which happens even if no NAT situation exists then you can disable MOBIKE by adding |
| 45 | 7 | Daniel Mentz | <pre> |
| 46 | 7 | Daniel Mentz | mobike=no |
| 47 | 7 | Daniel Mentz | </pre> |
| 48 | 7 | Daniel Mentz | to ipsec.conf in the connection definition. |