Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES128-GCM 96 with AES-XCBC on IKEv2 Phase 2 doesn't work

    2.4 Development Snapshots
    2
    9
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bradsm87
      last edited by

      I only run 2.4 now so I can't comment on if this works on 2.3.x or not.

      If I set the phase 2 on an IKEv2 tunnel to AES128-GCM 96 with AES-XCBC, it doesn't come up and nothing in the log seems to identify why.

      As soon as I set it back to AES-128 SHA1, it works immediately.

      Am I doing something wrong?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Curious why you are setting a hash algorithm on AES-GCM when it is an authenticated cipher and none is required?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • B
          bradsm87
          last edited by

          @Derelict:

          Curious why you are setting a hash algorithm on AES-GCM when it is an authenticated cipher and none is required?

          I read on another forum post to use that.

          My issue may be as simple as that. I'll try without. Thanks!

          1 Reply Last reply Reply Quote 0
          • B
            bradsm87
            last edited by

            I tried without a hashing algorithm ticked. No luck. No phase 2 initiates and no traffic passes. Back to AES-128 SHA1 and everything works.

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              AES-GCM works fine. You'll have to provide more details.

              You are changing both sides, I trust. pfSense on both sides?

              The IPsec logs will tell you what is happening. The responder side is usually better about saying what, exactly, it didn't like when it rejected the tunnel config.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • B
                bradsm87
                last edited by

                Identical pfsense version and settings on both sides. I managed to catch the related item in the log on the responder side in amongst all the DPD stuff related to other tunnels:

                11[NET] <con1|5>received packet: from x.x.x.x[500] to x.x.x.x[500] (204 bytes)
                Aug 22 12:30:53
                charon

                11[ENC] <con1|5>parsed CREATE_CHILD_SA request 11 [ N(ESP_TFC_PAD_N) SA No TSi TSr ]
                Aug 22 12:30:53
                charon

                11[IKE] <con1|5>received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
                Aug 22 12:30:53
                charon

                11[CFG] <con1|5>looking for a child config for 192.168.2.0/24|/0 === 192.168.4.0/24|/0
                Aug 22 12:30:53
                charon

                11[IKE] <con1|5>traffic selectors 192.168.2.0/24|/0 === 192.168.4.0/24|/0 inacceptable
                Aug 22 12:30:53
                charon

                11[IKE] <con1|5>failed to establish CHILD_SA, keeping IKE_SA
                Aug 22 12:30:53
                charon

                11[ENC] <con1|5>generating CREATE_CHILD_SA response 11 [ N(TS_UNACCEPT) ]
                Aug 22 12:30:53
                charon

                Phase 2 settings page screenshot attached. As soon as I change it back to AES-128 SHA1, it works again. Have tried rebooting both ends etc.

                Phase2.PNG
                Phase2.PNG_thumb</con1|5></con1|5></con1|5></con1|5></con1|5></con1|5></con1|5>

                1 Reply Last reply Reply Quote 0
                • B
                  bradsm87
                  last edited by

                  OK so the phase 2 works with a 128 authentication tag length but not 96. Phase 1 works fine with 96.

                  Is this deliberate or a bug?

                  1 Reply Last reply Reply Quote 0
                  • B
                    bradsm87
                    last edited by

                    Is AES128-GCM supposed to work on a phase 2 with a 96-bit authentication tag?

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Doesn't look like FreeBSD likes it hard set like that:

                      Aug 25 00:40:43 charon 13[KNL] <con3000|21>unable to add SAD entry with SPI cf9ff216: Invalid argument (22)</con3000|21>

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.