Upgrading to 2.4.2 broke my IPSEC VPN!



  • When i try to connect, now I get this in my logs… No change to the config, was working a day before the upgrade. Help? Client is StrongSwan on Android.

    Time Process PID Message
    Dec 5 15:16:09 charon 01[NET] <3> sending packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[9313] (36 bytes)
    Dec 5 15:16:09 charon 01[ENC] <3> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
    Dec 5 15:16:09 charon 01[IKE] <3> received proposals inacceptable
    Dec 5 15:16:09 charon 01[IKE] <3> remote host is behind NAT
    Dec 5 15:16:09 charon 01[CFG] <3> received supported signature hash algorithms: sha256 sha384 sha512 identity
    Dec 5 15:16:09 charon 01[CFG] <3> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 5 15:16:09 charon 01[CFG] <3> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048
    Dec 5 15:16:09 charon 01[CFG] <3> no acceptable ENCRYPTION_ALGORITHM found
    Dec 5 15:16:09 charon 01[CFG] <3> selecting proposal:
    Dec 5 15:16:09 charon 01[CFG] <3> no acceptable DIFFIE_HELLMAN_GROUP found
    Dec 5 15:16:09 charon 01[CFG] <3> selecting proposal:

    Dec 5 15:16:09 charon 01[IKE] <3> xxx.xxx.xxx.xxx is initiating an IKE_SA
    Dec 5 15:16:09 charon 01[CFG] <3> found matching ike config: xxx.xxx.xxx.xxx…%any with prio 1052
    Dec 5 15:16:09 charon 01[CFG] <3> candidate: xxx.xxx.xxx.xxx…%any, prio 1052
    Dec 5 15:16:09 charon 01[CFG] <3> candidate: %any…%any, prio 24
    Dec 5 15:16:09 charon 01[CFG] <3> looking for an ike config for xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx
    Dec 5 15:16:09 charon 01[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Dec 5 15:16:09 charon 01[NET] <3> received packet: from xxx.xxx.xxx.xxx[9313] to xxx.xxx.xxx.xxx[500] (704 bytes)

    Client error is -

    Dec  5 15:46:50 00[DMN] Starting IKE charon daemon (strongSwan 5.6.1dr3, Android 7.0 - NRD90M.G955USQU1AQK3/2017-10-01, SM-G955U - samsung/dream2qltesq/samsung, Linux 4.4.16-11982677, aarch64)
    Dec  5 15:46:50 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey chapoly curve25519 pkcs1 pkcs8 pem xcbc hmac socket-default revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls x509
    Dec  5 15:46:50 00[JOB] spawning 16 worker threads
    Dec  5 15:46:50 08[IKE] initiating IKE_SA android[32] to xxx.xxx.xxx.xxx
    Dec  5 15:46:50 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Dec  5 15:46:50 08[NET] sending packet: from xxx.xxx.xxx.xxx[55518] to xxx.xxx.xxx.xxx[500] (704 bytes)
    Dec  5 15:46:50 09[NET] received packet: from xxx.xxx.xxx.xxx[500] to xxx.xxx.xxx.xxx[55518] (36 bytes)
    Dec  5 15:46:50 09[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
    Dec  5 15:46:50 09[IKE] received NO_PROPOSAL_CHOSEN notify error


  • LAYER 8 Netgate

    Your side is configured to use this:

    IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

    The other side is configured to use these:

    IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048 <– No MODP_1024
    IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048

    None of them match. PFS Group 2 (MODP_1024) is not acceptable to the other side in the Phase 1. Try Group 14 (MODP_2048) there.

    Might be a good time to switch to AES_CBC_128 and HMAC_SHA2_256_128 while you're messing with it.

    You might need to do the same kind of thing for the Phase 2. Those will look similar in the logs but be prefixed by ESP: instead of IKE:



  • Well honk my hooter you're right! When I'm back in the building later tonight I'll fiddle with it an update.

    Thank you very much, it's a pain for my old eyes to spot that stuff these days, it's much appreciated.



  • Update - you were absolutely right! Switching DH groups fixed it. Wish I had spotted that, thank you!


Log in to reply