Ubuntu
strongswan package

regression: failing connection for clients with ikev1&psk (fritzbox)

Bug #1978568 reported by Tobias Mark
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

After upgrading from 18.04 to 22.04 fritzbox clients can't connect anymore.

apt-cache policy strongswan-starter => 5.9.5-2ubuntu2

22.04 relevant log part:
05[IKE] <Client-IP> is initiating a Aggressive Mode IKE_SA
05[IKE] <Client-IP> is initiating a Aggressive Mode IKE_SA
05[CFG] looking for pre-shared key peer configs matching <Host-IP>...<Client-IP>[<keyid>]
05[CFG] selected peer config "<keyid>"
05[IKE] no shared key found for '%any'[<Host-IP>] - '<keyid>'[<Client-IP>]
05[IKE] no shared key found for <Host-IP> - <Client-IP>

18.04 relevant log part:
05[IKE] <Client-IP> is initiating a Aggressive Mode IKE_SA
16[CFG] looking for pre-shared key peer configs matching <Host-IP>..<Client-IP>[<keyid>]
16[CFG] selected peer config "<keyid>"
16[ENC] generating AGGRESSIVE response 0 [ SA KE No ID V V V NAT-D NAT-D HASH ]

See also this similar Question:
https://answers.launchpad.net/ubuntu/+source/strongswan/+question/699583

Config is more less like this (actual config is using multiple levels of also="...")

conn vpn-conn-1
    leftsubnet=172.17.0.0/16
    rightsubnet=172.17.101.0/24
    rightdns=172.17.1.1
    right=%any
    leftauth=psk
    aggressive=yes
    keyexchange=ikev1
    rightauth=psk
    ike=aes256-sha-modp1024
    esp=aes256-sha1-modp1024
    leftid=<keyid>
    rightid=keyid:<keyid>
    rightsourceip=172.17.101.31/24

Workaround is using an Secret with a selector of %any. As this would require the same secret for all clients this is not very useful.

Also there is a second bug with the dpd-logic killing the connection. (After using a single secret for all clients) It seems the dpd packets are slightly different so that the client does not recognizes them anymore. Resulting in connection loss after ~3 minutes of inactivity depending on dpd settings.

DPD with 22.04 (broken):
08[ENC] generating INFORMATIONAL_V1 request 1052382832 [ HASH N(DPD) ]
08[NET] sending packet: from <Host-IP>[4500] to <Client-IP>[500] (92 bytes)
09[JOB] DPD check timed out, enforcing DPD action

DPD with 18.04 (working):
09[ENC] generating INFORMATIONAL_V1 request 1542446007 [ HASH N(DPD) ]
09[NET] sending packet: from <Host-IP>[4500] to <Client-IP>[4500] (92 bytes)
11[NET] received packet: from <Client-IP>[4500] to <Host-IP>[4500] (92 bytes)
11[ENC] parsed INFORMATIONAL_V1 response 1542446007 [ HASH N(DPD_ACK) ]

Downgrading the strongswan package-version to the 20.04 version fixes the shared key bug but not the dpd bug.
Downgrading to the 18.04. package-version fixes both but creates other bugs with windows-clients.

I've tried compiling without -flto like suggested in here https://bugs.launchpad.net/ubuntu/+source/xl2tpd/+bug/1951832 but this doesn't seem to work either - or i failed to compile it correctly.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hello Tobias,

Thanks for filing this bug.

Would you be able to provide shorter reproducers for each of the issues you are experiencing (minimal setups and configuration files) so we can better assist in debugging and finding a root cause? Then when we can confirm we are dealing with 2 different issues, we can split this in 2 different bugs as well.

Revision history for this message
Simon Déziel (sdeziel) wrote :

@Tobias, in case you didn't know combining Aggressive mode and PreShared key is insecure and discouraged by upstream: https://wiki.strongswan.org/projects/1/wiki/FAQ#Aggressive-Mode

If you can, it's recommended to switch to IKEv2.

Revision history for this message
Tobias Mark (tbsmark86) wrote :

@Simon: Yes, but like i said this is about fritzbox devices which can't do anything else: https://wiki.strongswan.org/projects/strongswan/wiki/AVM_FRITZ_(FRITZ!Box_)_brand_devices

Revision history for this message
Tobias Mark (tbsmark86) wrote :
Download full text (6.1 KiB)

Minimal config with a fresh install of strongswan-starter:

/etc/ipsec.conf:

conn vpn-user
    auto=add

    leftsubnet=172.17.0.0/16

    rightsubnet=172.17.101.0/24
    rightsourceip=172.17.101.1/24

    leftauth=psk
    rightauth=psk
    <email address hidden>
    rightid=keyid:<email address hidden>

    aggressive=yes
    keyexchange=ikev1
    ike=aes256-sha-modp1024
    esp=aes256-sha1-modp1024

    dpdaction=clear

/etc/ipsec.secrets

   <email address hidden> : PSK "eiW?ee3Ay3quoh7EXAMPLE"

/etc/strongswan.d/custom.conf

   charon {
      i_dont_care_about_security_and_use_aggressive_mode_psk=yes
   }

Client is a AVM Fritz!Box 7360 with the latest firmware 06.87

Result:

    10[NET] received packet: from <CLIENT-IP>[500] to <HOST-IP>[500] (672 bytes)
    10[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    10[IKE] received XAuth vendor ID
    10[IKE] received DPD vendor ID
    10[IKE] received NAT-T (RFC 3947) vendor ID
    10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    10[ENC] received unknown vendor ID: a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b
    10[IKE] <CLIENT-IP> is initiating a Aggressive Mode IKE_SA
    10[IKE] <CLIENT-IP> is initiating a Aggressive Mode IKE_SA
    10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    10[CFG] looking for pre-shared key peer configs matching <HOST-IP>...<CLIENT-IP>[<email address hidden>]
    10[CFG] selected peer config "vpn-user"
    10[IKE] no shared key found for '%any'[<HOST-IP>] - '<email address hidden>'[<CLIENT-IP>]
    10[IKE] no shared key found for <HOST-IP> - <CLIENT-IP>
    10[ENC] generating INFORMATIONAL_V1 request 1178843998 [ N(INVAL_KE) ]
    10[NET] sending packet: from <HOST-IP>[500] to <CLIENT-IP>[500] (56 bytes)
    11[NET] received packet: from <CLIENT-IP>[500] to <HOST-IP>[500] (672 bytes)
    11[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
    11[IKE] received XAuth vendor ID
    11[IKE] received DPD vendor ID
    11[IKE] received NAT-T (RFC 3947) vendor ID
    11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    11[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    11[ENC] received unknown vendor ID: a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b
    11[IKE] <CLIENT-IP> is initiating a Aggressive Mode IKE_SA
    11[IKE] <CLIENT-IP> is initiating a Aggressive Mode IKE_SA
    11[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    11[CFG] looking for pre-shared key peer configs matching <HOST-IP>...<CLIENT-IP>[<email address hidden>]
    11[CFG] selected peer config "vpn-user"
    11[IKE] no shared key found for '%any'[<HOST-IP>] - '<email address hidden>'[<CLIENT-IP>]
    11[IKE] no shared key found for <HOST-IP> - <CLIENT-IP>
    11[ENC] generating INFORMATIONAL_V1 request 102147980 [ N(INVAL_KE) ]
    11[NET] sending packet: from <HOST-IP>[500] to <CLIENT-IP>[500] (56 bytes)

Now when changing the ipsecrets.conf to:

    <email address hidden> %any : PSK "eiW?ee3Ay3quoh7EXAMPLE"

(As Reminder: Now every connection would use this PSK so will only work for a single client ...)
Connection succeed but is killed by dea...

Read more...

Revision history for this message
Tobias Brunner (tobias-strongswan) wrote :

keyid:<email address hidden> and <email address hidden> are not the same thing. The latter is parsed as identity of type USER_FQDN/RFC822 and won't match an identity of type KEY_ID. So you have to use the same prefix in ipsec.secrets too.

No idea why the FRITZ!Box would only reply to the first DPD.

Revision history for this message
Tobias Mark (tbsmark86) wrote :

@Tobias: Thanks.
I've always wondered why this config sometimes used keyid (I'am just keeping the system alive without any real knowledge in the field)

Seems like strongswan got more stricter with this somewhere between 5.8.2 and 5.9.5 without it appearing as a breaking change in the change log.

Revision history for this message
Tobias Brunner (tobias-strongswan) wrote :

18.04 actually shipped 5.6.2 (5.8.2 was shipped with 20.04), but this particular aspect has not changed between either of these versions (the type of identities always had to match).

But what did change is that the actual local identity of the IKE_SA is now used for the PSK lookup, not any potentially configured one. So it was the identity you configured in leftid that matched the PSK in older versions, never the remote identity. When using aggressive mode, the local identity is now %any at this point and the PSK won't match anymore. I've pushed a fix for this to the aggressive-local-id branch.

Revision history for this message
Tobias Mark (tbsmark86) wrote :

Explanation of Tobias Bruner on required config changed fixed this for me somehow.

The Problem with the failing DPD on Fritzbox is still presented i worked around with a manual keepalive using a simple ping cronjob.

Changed in strongswan (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.