IPsec fails with 'No public key found'



  • Hi,

    I tried to setup an IPsec connection between pfSesne and centos with strongswan. In my example the centos box is 8.8.8.8 and the pfSense is 4.4.4.4. For that I created a CA using the webgui and two certs (server.vpn.com and client.vpn.com).  The centos box is supposed to be the server and the pfsense should establish the connection. Private networks are 192.168.178.0/24 on pfsense and 10.0.0.0/24 on centos.
    On my centos box the strongswan config looks like this:

    conn adelheid
          left=8.8.8.8
          leftid=server.vpn.com
          leftsubnet=0.0.0.0/0
          leftcert=vpnServerCert.crt
          leftsendcert=never
          right=%any
          rightid=client.vpn.com
          rightsubnet=192.168.178.0/24
          leftfirewall=yes
          rightcert=vpnClientCert.crt
          keyexchange=ikev2
          type=tunnel
          auto=add
    

    Using pfsense webgui the configuration was created like this:

    conn con1
            fragmentation = yes
            keyexchange = ikev2
            reauth = yes
            forceencaps = no
            mobike = no
    
            rekey = no
            installpolicy = yes
            type = tunnel
            dpdaction = restart
            dpddelay = 10s
            dpdtimeout = 60s
            auto = route
            left = 192.168.178.246
            right = hostname.domain.tld
            leftid = fqdn:client.vpn.com
            ikelifetime = 28800s
            lifetime = 3600s
            ike = aes256-sha1-modp1024!
            esp = aes256-sha1,aes256-sha256,aes256-sha384,aes256-sha512,aes192-sha1,aes192-sha256,aes192-sha384,aes192-sha512,aes128-sha1,aes128-sha256,aes128-sha384,aes128-sha512,aes192gcm128-sha1,aes192gcm128-sha256,aes192gcm128-sha384,aes192gcm128-sha512,aes192gcm96-sha1,aes192gcm96-sha256,aes192gcm96-sha384,aes192gcm96-sha512,aes192gcm64-sha1,aes192gcm64-sha256,aes192gcm64-sha384,aes192gcm64-sha512,aes256gcm128-sha1,aes256gcm128-sha256,aes256gcm128-sha384,aes256gcm128-sha512,aes256gcm96-sha1,aes256gcm96-sha256,aes256gcm96-sha384,aes256gcm96-sha512,aes256gcm64-sha1,aes256gcm64-sha256,aes256gcm64-sha384,aes256gcm64-sha512,blowfish256-sha1,blowfish256-sha256,blowfish256-sha384,blowfish256-sha512,blowfish192-sha1,blowfish192-sha256,blowfish192-sha384,blowfish192-sha512,blowfish128-sha1,blowfish128-sha256,blowfish128-sha384,blowfish128-sha512!
            leftauth = pubkey
            rightauth = pubkey
            leftcert=/var/etc/ipsec/ipsec.d/certs/cert-1.crt
            leftsendcert=always
            rightca="/C=DE/ST=BY/L=Germering/O=Acme Inc/emailAddress=user@host.com/CN=internal-ca/"
            rightid = fqdn:server.vpn.com
            rightsubnet = 10.0.0.0/24
            leftsubnet = 192.168.178.0/24
    

    So far so good, when starting the VPN on the centos box everything looks good until pfSense kills the connection:

    Dec 25 17:27:54 server strongswan: 07[IKE] 4.4.4.4 is initiating an IKE_SA
    Dec 25 17:27:54 server strongswan: 07[IKE] remote host is behind NAT
    Dec 25 17:27:54 server strongswan: 07[IKE] sending cert request for "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"
    Dec 25 17:27:54 server strongswan: 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
    Dec 25 17:27:54 server strongswan: 07[NET] sending packet: from 8.8.8.8[500] to 4.4.4.4[62453] (353 bytes)
    Dec 25 17:27:54 server strongswan: 16[NET] received packet: from 4.4.4.4[62454] to 8.8.8.8[4500] (2860 bytes)
    Dec 25 17:27:54 server strongswan: 16[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
    Dec 25 17:27:54 server strongswan: 16[IKE] received cert request for "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"
    Dec 25 17:27:54 server strongswan: 16[IKE] received end entity cert "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 server strongswan: 16[CFG] looking for peer configs matching 8.8.8.8[server.vpn.com]…4.4.4.4[client.vpn.com]
    Dec 25 17:27:54 server strongswan: 16[CFG] selected peer config 'adelheid'
    Dec 25 17:27:54 server strongswan: 16[CFG]  using trusted ca certificate "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"
    Dec 25 17:27:54 server charon: 16[IKE] received cert request for "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"Dec 25 17:27:54 server strongswan: 16[CFG] checking certificate status of "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 server charon: 16[IKE] received end entity cert "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 server charon: 16[CFG] looking for peer configs matching 8.8.8.8[server.vpn.com]…4.4.4.4[client.vpn.com]Dec 25 17:27:54 server charon: 16[CFG] selected peer config 'adelheid'
    Dec 25 17:27:54 server charon: 16[CFG]  using trusted ca certificate "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"Dec 25 17:27:54 server charon: 16[CFG] checking certificate status of "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 server charon: 16[CFG] certificate status is not available
    Dec 25 17:27:54 server charon: 16[CFG]  reached self-signed root ca with a path length of 0Dec 25 17:27:54 server charon: 16[CFG]  using trusted certificate "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 server charon: 16[IKE] authentication of 'client.vpn.com' with RSA_EMSA_PKCS1_SHA256 successful
    Dec 25 17:27:54 server charon: 16[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
    Dec 25 17:27:54 server charon: 16[IKE] authentication of 'server.vpn.com' (myself) with RSA_EMSA_PKCS1_SHA256 successful
    Dec 25 17:27:54 server charon: 16[IKE] IKE_SA adelheid[2] established between 8.8.8.8[server.vpn.com]…4.4.4.4[client.vpn.com]
    Dec 25 17:27:54 server charon: 16[IKE] scheduling reauthentication in 10122s
    Dec 25 17:27:54 server charon: 16[IKE] maximum IKE_SA lifetime 10662s
    Dec 25 17:27:54 server charon: 16[IKE] CHILD_SA adelheid{1} established with SPIs ce7228dc_i c6295052_o and TS 10.0.0.0/24 === 192.168.178.0/24
    Dec 25 17:27:54 server vpn: + client.vpn.com 192.168.178.0/24 == 4.4.4.4 – 8.8.8.8 == 10.0.0.0/24
    Dec 25 17:27:54 server charon: 16[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
    Dec 25 17:27:54 server charon: 16[NET] sending packet: from 8.8.8.8[4500] to 4.4.4.4[62454] (476 bytes)
    Dec 25 17:27:54 server charon: 06[NET] received packet: from 4.4.4.4[62454] to 8.8.8.8[4500] (76 bytes)
    Dec 25 17:27:54 server charon: 06[ENC] parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
    Dec 25 17:27:54 server charon: 06[IKE] received DELETE for IKE_SA adelheid[2]
    Dec 25 17:27:54 server charon: 06[IKE] deleting IKE_SA adelheid[2] between 8.8.8.8[server.vpn.com]…4.4.4.4[client.vpn.com]
    Dec 25 17:27:54 server charon: 06[IKE] IKE_SA deleted
    Dec 25 17:27:54 server vpn: - client.vpn.com 192.168.178.0/24 == 4.4.4.4 – 8.8.8.8 == 10.0.0.0/24
    Dec 25 17:27:54 server charon: 06[ENC] generating INFORMATIONAL response 2 [ ]
    Dec 25 17:27:54 server charon: 06[NET] sending packet: from 8.8.8.8[4500] to 4.4.4.4[62454] (76 bytes)

    Now on pfsense the connection is killed because pfSense seems not to trust the certificate for server.vpn.com:

    Dec 25 17:27:53 charon          10[IKE] <con1|14>IKE_SA con1[14] state change: CREATED => CONNECTING
    Dec 25 17:27:53 charon          10[CFG] <con1|14>configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 25 17:27:53 charon          10[CFG] <con1|14>sending supported signature hash algorithms: sha1 sha256 sha384 sha512 identity
    Dec 25 17:27:53 charon          10[ENC] <con1|14>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
    Dec 25 17:27:53 charon          10[NET] <con1|14>sending packet: from 192.168.178.246[500] to 8.8.8.8[500] (338 bytes)
    Dec 25 17:27:54 charon          10[NET] <con1|14>received packet: from 8.8.8.8[500] to 192.168.178.246[500] (353 bytes)
    Dec 25 17:27:54 charon          10[ENC] <con1|14>parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
    Dec 25 17:27:54 charon          10[IKE] <con1|14>received SIGNATURE_HASH_ALGORITHMS notify
    Dec 25 17:27:54 charon          10[CFG] <con1|14>selecting proposal:
    Dec 25 17:27:54 charon          10[CFG] <con1|14>proposal matches
    Dec 25 17:27:54 charon          10[CFG] <con1|14>received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 25 17:27:54 charon          10[CFG] <con1|14>configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 25 17:27:54 charon          10[CFG] <con1|14>selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Dec 25 17:27:54 charon          10[CFG] <con1|14>received supported signature hash algorithms: sha1 sha256 sha384 sha512
    Dec 25 17:27:54 charon          10[IKE] <con1|14>local host is behind NAT, sending keep alives
    Dec 25 17:27:54 charon          10[IKE] <con1|14>received cert request for "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"
    Dec 25 17:27:54 charon          10[IKE] <con1|14>reinitiating already active tasks
    Dec 25 17:27:54 charon          10[IKE] <con1|14>IKE_CERT_PRE task
    Dec 25 17:27:54 charon          10[IKE] <con1|14>IKE_AUTH task
    Dec 25 17:27:54 charon          10[IKE] <con1|14>sending cert request for "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=internal-ca"
    Dec 25 17:27:54 charon          10[IKE] <con1|14>authentication of 'client.vpn.com' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
    Dec 25 17:27:54 charon          10[IKE] <con1|14>sending end entity cert "C=DE, ST=BY, L=Germering, O=Acme Inc, E=user@host.com, CN=client.vpn.com"
    Dec 25 17:27:54 charon          10[CFG] <con1|14>proposing traffic selectors for us:
    Dec 25 17:27:54 charon          10[CFG] <con1|14>192.168.178.0/24|/0
    Dec 25 17:27:54 charon          10[CFG] <con1|14>proposing traffic selectors for other:
    Dec 25 17:27:54 charon          10[CFG] <con1|14>10.0.0.0/24|/0
    Dec 25 17:27:54 charon          10[CFG] <con1|14>configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_512_256/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_512_256/NO_EXT_SEQ, ESP:AES_GCM_16_192/NO_EXT_SEQ, ESP:AES_GCM_12_192/NO_EXT_SEQ, ESP:AES_GCM_8_192/NO_EXT_SEQ, ESP:AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_GCM_12_256/NO_EXT_SEQ, ESP:AES_GCM_8_256/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:BLOWFISH_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ, ESP:BLOWFISH_CBC_192/HMAC_SHA1_96/NO
    Dec 25 17:27:54 charon          10[IKE] <con1|14>establishing CHILD_SA con1{20}
    Dec 25 17:27:54 charon          10[ENC] <con1|14>generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
    Dec 25 17:27:54 charon          10[NET] <con1|14>sending packet: from 192.168.178.246[4500] to 8.8.8.8[4500] (2860 bytes)
    Dec 25 17:27:54 charon          08[NET] <con1|14>received packet: from 8.8.8.8[4500] to 192.168.178.246[4500] (476 bytes)
    Dec 25 17:27:54 charon          08[ENC] <con1|14>parsed IKE_AUTH response 1 [ IDr AUTH SA TSi TSr N(AUTH_LFT) ]
    Dec 25 17:27:54 charon          08[IKE] <con1|14>no trusted RSA public key found for 'server.vpn.com'
    Dec 25 17:27:54 charon          08[ENC] <con1|14>generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
    Dec 25 17:27:54 charon          08[NET] <con1|14>sending packet: from 192.168.178.246[4500] to 8.8.8.8[4500] (76 bytes)
    Dec 25 17:27:54 charon          08[CHD] <con1|14>CHILD_SA con1{20} state change: CREATED => DESTROYING
    Dec 25 17:27:54 charon          08[IKE] <con1|14>IKE_SA con1[14] state change: CONNECTING => DESTROYING</con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14></con1|14>

    The key message being these two lines:

    Dec 25 17:27:54 charon          08[IKE] <con1|14>no trusted RSA public key found for 'server.vpn.com'
    Dec 25 17:27:54 charon          08[ENC] <con1|14>generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]</con1|14></con1|14>

    I though because both certificates were created using pfSense's CA the certificate for server.vpn.com would be trusted. But this seems not to be the case. Can anybody point me in the right direction?