>Synopsis: [isakmpd] IPSEC SA is established with different keys
>key_authkey and key_encrypt on both peers. The problem repeats every few days.
>Category: system kernel
>Environment:
System : OpenBSD 4.8
Details : OpenBSD 4.8 (GENERIC_RAID) #0: Thu Dec 2 15:25:26 CET
2010
root@peer1:/usr/src/sys/arch/i386/compile/GENERIC_RAID
Architecture: OpenBSD.i386
Machine : i386
>Description:
The VPN connection between two networks usually works fine but
sometimes the Security Association is being negotiated by IKE with different
keys key_authkey and key_encrypt for the same spi on both peers. Therefore the
traffic cannot be properly decrypted and therefore the traffic is invisible on
enc0 interface, even thoug ESP traffic is visible on external interface.
After such a wrong SA times out the new is being negotiated and
established with correct (the same) kesys key_authkey and key_encrypt for the
same spi on both peers.
Here the problem is reported for two peers running OpenBSD 4.8 (peer1)
and 4.6 (peer2), but the same problem appears using (main auth hmac-sha1 enc
3des group modp1024 and quick auth hmac-sha1 enc 3des group modp1024) between
OpenBSD 4.8 and a peer which introduces itself by:
payload: VENDOR len: 20 (supports Cisco Unity)
payload: VENDOR len: 20 (supports DPD v1.0)
payload: VENDOR len: 20
payload: VENDOR len: 12 (supports draft-ietf-ipsra-isakmp-xauth-06.txt)
I do not know its exact model.
======================================
* Below some traffice dumped on external interface of peer1:
peer1# tcpdump -i fxp1 -nvvvl 'ip[20:4] = 0xe69952e0' or 'ip[20:4] = 0xe6f4119c'
[...]
11:36:12.327090 esp <peer2_ip> > <peer1_ip> spi 0xe69952e0 seq 200 len 132 (DF)
(ttl 56, id 27840, len 152)
11:36:13.327137 esp <peer2_ip> > <peer1_ip> spi 0xe69952e0 seq 201 len 132 (DF)
(ttl 56, id 9046, len 152)
[...]
peer1# sudo tcpdump -i enc0 -nvvvl
[no corresponding traffic was logged!!!!!]
* Below some traffic dumped on external and enc0 interface of peer2:
peer2# tcpdump -i vlan997 -nvvvl 'ip[20:4] = 0xe69952e0' or 'ip[20:4] =
0xe6f4119c'
[...]
11:36:12.329058 esp <peer2_ip> > <peer1_ip> spi 0xe69952e0 seq 200 len 132 (DF)
(ttl 64, id 27840, len 152)
11:36:13.329075 esp <peer2_ip> > <peer1_ip> spi 0xe69952e0 seq 201 len 132 (DF)
(ttl 64, id 9046, len 152)
[...]
peer2# sudo tcpdump -i enc0 -nvvvl host <peer1_ip>
[...]
11:36:12.329015 (authentic,confidential): SPI 0xe69952e0: <peer2_ip> >
<peer1_ip>: 192.168.0.13 > 10.60.0.1: icmp: echo request (id:4d8a seq:166) (DF)
(ttl 62, id 0, len 84) (DF) (ttl 64, id 27840, len 104, bad cksum 0! differs by
1539)
11:36:13.329026 (authentic,confidential): SPI 0xe69952e0: <peer2_ip> >
<peer1_ip>: 192.168.0.13 > 10.60.0.1: icmp: echo request (id:4d8a seq:167) (DF)
(ttl 62, id 0, len 84) (DF) (ttl 64, id 9046, len 104, bad cksum 0! differs by
5ea3)
[...]
Below I present the data when problematic SA existed (different keys exist).
======================================
* Here is the result of SA database for peer1:
# ipsecctl -s sa -v -k
esp tunnel from <peer2_ip> to <peer1_ip> spi 0xe69952e0 auth hmac-sha1 enc aes \
authkey 0xf46a10c394dbed78b774b3c6c6d977c15344ff57 \
enckey 0xb325765b9fed01e36d71c1f457a6c94d
sa: spi 0xe69952e0 auth hmac-sha1 enc aes
state mature replay 16 flags 4
lifetime_cur: alloc 0 bytes 9952 add 1305019869 first 1305019969
lifetime_hard: alloc 0 bytes 0 add 600 first 0
lifetime_soft: alloc 0 bytes 0 add 540 first 0
address_src: <peer2_ip>
address_dst: <peer1_ip>
key_auth: bits 160: f46a10c394dbed78b774b3c6c6d977c15344ff57
key_encrypt: bits 128: b325765b9fed01e36d71c1f457a6c94d
identity_src: type prefix id 0: <peer2_ip>/32
identity_dst: type prefix id 0: <peer1_ip>/32
src_mask: 255.255.0.0
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 192.168.0.0
dst_flow: 10.60.0.0
esp tunnel from <peer1_ip> to <peer2_ip> spi 0xe6f4119c auth hmac-sha1 enc aes \
authkey 0xf402ee410bf51ce9d1e2e69c66627e4256ea68e7 \
enckey 0x605e7f3a61b39ef94b5a09f28c7342ec
sa: spi 0xe6f4119c auth hmac-sha1 enc aes
state mature replay 16 flags 4
lifetime_cur: alloc 0 bytes 1260 add 1305019869 first 1305019917
lifetime_hard: alloc 0 bytes 0 add 600 first 0
lifetime_soft: alloc 0 bytes 0 add 540 first 0
address_src: <peer1_ip>
address_dst: <peer2_ip>
key_auth: bits 160: f402ee410bf51ce9d1e2e69c66627e4256ea68e7
key_encrypt: bits 128: 605e7f3a61b39ef94b5a09f28c7342ec
identity_src: type prefix id 0: <peer1_ip>/32
identity_dst: type prefix id 0: <peer2_ip>/32
src_mask: 255.255.0.0
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type use direction out
src_flow: 10.60.0.0
dst_flow: 192.168.0.0
lifetime_lastuse: alloc 0 bytes 0 add 0 first 1305020038
* Here is the result of SA database for peer2:
# ipsecctl -s sa -v -k
esp tunnel from <peer2_ip> to <peer1_ip> spi 0xe69952e0 auth hmac-sha1 enc aes \
authkey 0x57c89ccc114a2ef54ff986bb134eae3070776f94 \
enckey 0x8cf4d7303f52224bfcaac9f2b04bd5d1
sa: spi 0xe69952e0 auth hmac-sha1 enc aes
state mature replay 16 flags 4
lifetime_cur: alloc 0 bytes 7452 add 1305019869 first 1305019969
lifetime_hard: alloc 0 bytes 0 add 600 first 0
lifetime_soft: alloc 0 bytes 0 add 540 first 0
address_src: <peer2_ip>
address_dst: <peer1_ip>
key_auth: bits 160: 57c89ccc114a2ef54ff986bb134eae3070776f94
key_encrypt: bits 128: 8cf4d7303f52224bfcaac9f2b04bd5d1
identity_src: type prefix id 0: <peer2_ip>/32
identity_dst: type prefix id 0: <peer1_ip>/32
src_mask: 255.255.0.0
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type use direction out
src_flow: 192.168.0.0
dst_flow: 10.60.0.0
lifetime_lastuse: alloc 0 bytes 0 add 0 first 1305020061
esp tunnel from <peer1_ip> to <peer2_ip> spi 0xe6f4119c auth hmac-sha1 enc aes \
authkey 0x0c12b7b84ddf01dd4e8f1f349bfbf5c7ead484f7 \
enckey 0x99f09dd47d1b605b45f4cc3672466c24
sa: spi 0xe6f4119c auth hmac-sha1 enc aes
state mature replay 16 flags 4
lifetime_cur: alloc 0 bytes 1440 add 1305019869 first 1305019917
lifetime_hard: alloc 0 bytes 0 add 600 first 0
lifetime_soft: alloc 0 bytes 0 add 540 first 0
address_src: <peer1_ip>
address_dst: <peer2_ip>
key_auth: bits 160: 0c12b7b84ddf01dd4e8f1f349bfbf5c7ead484f7
key_encrypt: bits 128: 99f09dd47d1b605b45f4cc3672466c24
identity_src: type prefix id 0: <peer1_ip>/32
identity_dst: type prefix id 0: <peer2_ip>/32
src_mask: 255.255.0.0
dst_mask: 255.255.0.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.60.0.0
dst_flow: 192.168.0.0
======================================
* Some logs from isakmpd on peer1:
# tail -f /var/log/isakmpd
May 10 11:04:31 peer1 isakmpd[24688]: isakmpd: phase 1 done: initiator id
<peer1_ip>, responder id <peer2_ip>, src: <peer1_ip> dst: <peer2_ip>
May 10 11:04:32 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:13:44 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:22:23 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:31:09 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:32:21 peer1 isakmpd[24688]: isakmpd: phase 1 done: initiator id
<peer1_ip>, responder id <peer2_ip>, src: <peer1_ip> dst: <peer2_ip>
May 10 11:39:47 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:48:47 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
May 10 11:57:57 peer1 isakmpd[24688]: isakmpd: quick mode done: src: <peer1_ip>
dst: <peer2_ip>
* Some logs from isakmpd on peer2:
# tail -f /var/log/isakmpd
May 10 11:04:31 peer2 isakmpd[2422]: isakmpd: phase 1 done: initiator id
<peer1_ip>, responder id <peer2_ip>, src: <peer2_ip> dst: <peer1_ip>
May 10 11:04:32 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:13:44 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:22:23 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:31:09 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:32:21 peer2 isakmpd[2422]: isakmpd: phase 1 done: initiator id
<peer1_ip>, responder id <peer2_ip>, src: <peer2_ip> dst: <peer1_ip>
May 10 11:39:47 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:48:47 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
May 10 11:57:57 peer2 isakmpd[2422]: isakmpd: quick mode done: src: <peer2_ip>
dst: <peer1_ip>
======================================
* The state from isakmpd daemon for peer1 at 11:34 CEST:
peer1# echo 'S' > /var/run/isakmpd.fifo
peer1# cat /var/run/isakmpd.results
SA name: peer-<peer2_ip>-local-<peer1_ip> (Phase 1/Initiator)
src: <peer1_ip> dst: <peer2_ip>
Lifetime: 1800 seconds
Soft timeout in 1482 seconds
Hard timeout in 1646 seconds
Flags 0x00000083
icookie 26b893d332628349 rcookie 5c3b520ae56f0a1e
SA name: from-10.60.0.0/16-to-192.168.0.0/16 (Phase 2)
src: <peer1_ip> dst: <peer2_ip>
Lifetime: 600 seconds
Soft timeout in 292 seconds
Hard timeout in 375 seconds
Flags 0x00000003
SPI 0: e6f4119c
SPI 1: e69952e0
Transform: IPsec ESP
Encryption key length: 16
Authentication key length: 20
Encryption algorithm: AES-128 (CBC)
Authentication algorithm: HMAC-SHA1
* The state from isakmpd daemon for peer2 at 11:34 CEST:
peer2# echo 'S' > /var/run/isakmpd.fifo
peer2# cat /var/run/isakmpd.results
SA name: peer-<peer1_ip>-local-<peer2_ip> (Phase 1/Responder)
src: <peer2_ip> dst: <peer1_ip>
Lifetime: 1800 seconds
Soft timeout in 1393 seconds
Hard timeout in 1651 seconds
Flags 0x00000081
icookie 26b893d332628349 rcookie 5c3b520ae56f0a1e
SA name: from-192.168.0.0/16-to-10.60.0.0/16 (Phase 2)
src: <peer2_ip> dst: <peer1_ip>
Lifetime: 600 seconds
Soft timeout in 324 seconds
Hard timeout in 379 seconds
Flags 0x00000001
SPI 0: e69952e0
SPI 1: e6f4119c
Transform: IPsec ESP
Encryption key length: 16
Authentication key length: 20
Encryption algorithm: AES-128 (CBC)
Authentication algorithm: HMAC-SHA1
======================================
* Chosen isakmp traffic on external interfaces logged by isakmpd to
isakmpd.pcap for peer1:
peer1# tcpdump -r /var/run/isakmpd.ipcap -nvvvl
11:04:31.039982 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->0000000000000000 msgid: 00000000 len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 1800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 212)
11:04:31.044082 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 00000000 len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 1800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 212)
11:04:31.300436 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 00000000 len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 [ttl 0] (id 1, len 256)
11:04:31.315290 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 00000000 len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 [ttl 0] (id 1, len 256)
11:04:31.354822 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 00000000 len: 64
payload: ID len: 12 type: IPV4_ADDR = <peer1_ip>
payload: HASH len: 24 [ttl 0] (id 1, len 92)
11:04:31.357880 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 00000000 len: 76
payload: ID len: 12 type: IPV4_ADDR = <peer2_ip>
payload: HASH len: 24 [ttl 0] (id 1, len 104)
11:04:32.280859 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 96bda13a len: 292
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0x451e77f4
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 320)
11:04:32.297327 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 96bda13a len: 300
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0x48cfd74f
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 328)
11:04:32.298045 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 96bda13a len: 52
payload: HASH len: 24 [ttl 0] (id 1, len 80)
[...]
11:31:09.817410 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: de943f2a len: 292
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0xe69952e0
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 320)
11:31:09.833645 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: de943f2a len: 300
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0xe6f4119c
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 328)
11:31:09.834668 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: de943f2a len: 52
payload: HASH len: 24 [ttl 0] (id 1, len 80)
11:31:57.841563 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 68bbf750 len: 92
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE seq 7879 [ttl 0] (id 1, len 120)
11:31:57.841933 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 8a13d5ca len: 84
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE_ACK seq 7879 [ttl 0] (id 1, len
112)
11:32:21.373016 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->0000000000000000 msgid: 00000000 len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 1800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 212)
11:32:21.376769 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 00000000 len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 1800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 212)
11:32:21.633742 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 00000000 len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 [ttl 0] (id 1, len 256)
11:32:21.647883 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 00000000 len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 [ttl 0] (id 1, len 256)
11:32:21.687432 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 00000000 len: 64
payload: ID len: 12 type: IPV4_ADDR = <peer1_ip>
payload: HASH len: 24 [ttl 0] (id 1, len 92)
11:32:21.690282 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 00000000 len: 76
payload: ID len: 12 type: IPV4_ADDR = <peer2_ip>
payload: HASH len: 24 [ttl 0] (id 1, len 104)
11:33:21.702886 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: dfdb3368 len: 84
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE seq 14005 [ttl 0] (id 1, len 112)
11:33:21.706264 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 77d516a0 len: 92
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE_ACK seq 14005 [ttl 0] (id 1, len
120)
11:34:21.721026 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: be4e5bb2 len: 92
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE seq 16506 [ttl 0] (id 1, len 120)
11:34:21.721378 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: 52fa76d2 len: 84
payload: HASH len: 24
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE_ACK seq 16506 [ttl 0] (id 1, len
112)
11:34:31.370663 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 msgid: 2ee168b0 len: 92
payload: HASH len: 24
payload: DELETE len: 28 DOI: 1(IPSEC) proto: ISAKMP nspis: 1
cookie: 17dce5f47a3b6df8->30a75801cb9258d8 [ttl 0] (id 1, len 120)
[...]
11:39:47.174321 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: e73d3c19 len: 292
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0x42387ae9
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 320)
11:39:47.189220 <peer2_ip>.500 > <peer1_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: e73d3c19 len: 300
payload: HASH len: 24
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: IPSEC_ESP spisz: 4
xforms: 1 SPI: 0x2010ba18
payload: TRANSFORM len: 32
transform: 1 ID: AES
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 600
attribute ENCAPSULATION_MODE = TUNNEL
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute GROUP_DESCRIPTION = 2
attribute KEY_LENGTH = 128
payload: NONCE len: 20
payload: KEY_EXCH len: 132
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.60.0.0/255.255.0.0
payload: ID len: 16 type: IPV4_ADDR_SUBNET = 192.168.0.0/255.255.0.0
[ttl 0] (id 1, len 328)
11:39:47.189818 <peer1_ip>.500 > <peer2_ip>.500: [udp sum ok] isakmp v1.0
exchange QUICK_MODE
cookie: 26b893d332628349->5c3b520ae56f0a1e msgid: e73d3c19 len: 52
payload: HASH len: 24 [ttl 0] (id 1, len 80)
[...]
After establishing SA at 11:39:47 the connection started working and keys were
the same on peer1 and peer2.
======================================
My configuration is as the following:
peer1# cat /etc/ipsec.conf
ike active esp from { 10.60.0.0/16 } to { 192.168.0.0/16 } local <peer1_ip>
peer <peer2_ip> main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1
enc aes group modp1024 psk "<shared_key>"
peer2# cat /etc/ipsec.conf
ike passive esp from { 192.168.0.0/16 } to { 10.60.0.0/16 } local <peer2_ip>
peer <peer1_ip> main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1
enc aes group modp1024 psk '<shared_key>'
peer1# cat /etc/isakmpd/isakmpd.conf
[General]
Listen-on=<peer1_ip>
DPD-check-interval=60
Default-phase-1-lifetime=1800,60:1800
Default-phase-2-lifetime=600,60:1800
peer2# cat /etc/isakmpd/isakmpd.conf
[General]
Listen-on=<peer2_ip>
DPD-check-interval=60
The isakmpd daemon is run using the following process
peer1# ps aux|grep isakmp
root 38 0.0 0.2 1368 576 ?? Is 7:29PM 0:00.01 isakmpd:
monitor [priv] (isakmpd)
_isakmpd 24688 0.0 1.2 3456 3168 ?? S 7:29PM 0:44.74 /sbin/isakmpd
-K -vv -4 -L
* On VPN host peer1, the kernel is customized, but only RAIDframe support was
added, with the following kernel configuration file:
peer1:/usr/src/sys/arch/i386/conf# cat GENERIC_RAID
include "arch/i386/conf/GENERIC"
option RAID_AUTOCONFIG # Automatically configure RAID at boot
pseudo-device raid 4 # RAIDframe disk driver
* On VPN host peer2, the kernel is GENERIC:
System : OpenBSD 4.6
Details : OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
Architecture: OpenBSD.i386
Machine : i386
>How-To-Repeat:
The problem repeats every few days with the above configuration.
>Fix:
I have no fix. The workaround is to set short default lifetimes in
isakmpd, but it is not acceptable in production environment as during such time
the connection will be unvailable. The second workaround is to restart isakmpd
and run ipsecctl -f /etc/ipsec.conf, which is also not acceptable.
Do you know what exactly is the problem, which part of code?
If you need any further information, I will supply it.
I am looking to hearing from you.
Pawel Wieleba
