Upgrading to 2.4.2 broke my IPSEC VPN!

XakEp

When i try to connect, now I get this in my logs… No change to the config, was working a day before the upgrade. Help? Client is StrongSwan on Android.

Time Process PID Message
Dec 5 15:16:09 charon 01[NET] <3> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[9313] (36 bytes)
Dec 5 15:16:09 charon 01[ENC] <3> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Dec 5 15:16:09 charon 01[IKE] <3> received proposals inacceptable
Dec 5 15:16:09 charon 01[IKE] <3> remote host is behind NAT
Dec 5 15:16:09 charon 01[CFG] <3> received supported signature hash algorithms: sha256 sha384 sha512 identity
Dec 5 15:16:09 charon 01[CFG] <3> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 5 15:16:09 charon 01[CFG] <3> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048
Dec 5 15:16:09 charon 01[CFG] <3> no acceptable ENCRYPTION_ALGORITHM found
Dec 5 15:16:09 charon 01[CFG] <3> selecting proposal:
Dec 5 15:16:09 charon 01[CFG] <3> no acceptable DIFFIE_HELLMAN_GROUP found
Dec 5 15:16:09 charon 01[CFG] <3> selecting proposal:
Dec 5 15:16:09 charon 01[IKE] <3> xxx.xxx.xxx.xxx is initiating an IKE_SA
Dec 5 15:16:09 charon 01[CFG] <3> found matching ike config: xxx.xxx.xxx.xxx…%any with prio 1052
Dec 5 15:16:09 charon 01[CFG] <3> candidate: xxx.xxx.xxx.xxx…%any, prio 1052
Dec 5 15:16:09 charon 01[CFG] <3> candidate: %any…%any, prio 24
Dec 5 15:16:09 charon 01[CFG] <3> looking for an ike config for xxx.xxx.xxx.xxx…xxx.xxx.xxx.xxx
Dec 5 15:16:09 charon 01[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec 5 15:16:09 charon 01[NET] <3> received packet: from xxx.xxx.xxx.xxx[9313] to xxx.xxx.xxx.xxx[500] (704 bytes)

Client error is -

Dec  5 15:46:50 00[DMN] Starting IKE charon daemon (strongSwan 5.6.1dr3, Android 7.0 - NRD90M.G955USQU1AQK3/2017-10-01, SM-G955U - samsung/dream2qltesq/samsung, Linux 4.4.16-11982677, aarch64)
Dec  5 15:46:50 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey chapoly curve25519 pkcs1 pkcs8 pem xcbc hmac socket-default revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls x509
Dec  5 15:46:50 00[JOB] spawning 16 worker threads
Dec  5 15:46:50 08[IKE] initiating IKE_SA android[32] to xxx.xxx.xxx.xxx
Dec  5 15:46:50 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Dec  5 15:46:50 08[NET] sending packet: from xxx.xxx.xxx.xxx[55518] to xxx.xxx.xxx.xxx[500] (704 bytes)
Dec  5 15:46:50 09[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[55518] (36 bytes)
Dec  5 15:46:50 09[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
Dec  5 15:46:50 09[IKE] received NO_PROPOSAL_CHOSEN notify error

Derelict

Your side is configured to use this:

IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

The other side is configured to use these:

IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048 <– No MODP_1024
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048

None of them match. PFS Group 2 (MODP_1024) is not acceptable to the other side in the Phase 1. Try Group 14 (MODP_2048) there.

Might be a good time to switch to AES_CBC_128 and HMAC_SHA2_256_128 while you're messing with it.

You might need to do the same kind of thing for the Phase 2. Those will look similar in the logs but be prefixed by ESP: instead of IKE:

XakEp

Well honk my hooter you're right! When I'm back in the building later tonight I'll fiddle with it an update.

Thank you very much, it's a pain for my old eyes to spot that stuff these days, it's much appreciated.

XakEp

Update - you were absolutely right! Switching DH groups fixed it. Wish I had spotted that, thank you!