On Fri, Feb 24, 2023 at 09:24:29AM -0000, Stuart Henderson wrote: > On 2023-02-23, Thomas Bohl <openbsd-misc-518...@aloof.de> wrote: > > I have several OpenBSD 7.2 connected to a commercial VPN-Router (LANCOM > > 1781EW+) using iked. It works, except every time the Child SA > > negotiation starts, iked answers NO_PROPOSAL_CHOSEN to the router. Which > > leads to closed connections and a new IKE SA negotiation. > > I don't understand this because the proposal looks supported to me. > > Child SA failing after the initial tunnel comes up usually relates to a > mismatch with PFS (DH groups).
Right, it is a huge fail in the protocol desing that those incompatibilities aren't detected until the first refresh which can happen hours after it seemingly worked just fine. The only solution I could think of to make it more obvious would be forcing a rekey handshake right after the initial one, but that would increase the network load and might have other downsides. > > > I got desperate and tried adding this to iked.conf, which didn't help: > > > > childsa group modp2048 \ > > childsa group modp2048 noesn\ > > childsa enc aes-256-gcm group modp2048 \ > > childsa enc aes-256-gcm group modp2048 noesn \ > > childsa enc aes-256 group modp2048 \ > > childsa enc aes-256 group modp2048 noesn \ > > childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 \ > > childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 noesn \ > > childsa enc aes-256 group modp2048 prf hmac-sha2-256 \ > > childsa enc aes-256 group modp2048 prf hmac-sha2-256 noesn \ > > childsa enc aes-256 group modp2048 prf hmac-sha1 \ > > childsa enc aes-256 group modp2048 prf hmac-sha1 noesn \ > > > > Any ideas? > > Try adding some non-modp2048 options. Maybe look at the SA installed > from the initial negotiation (ipsecctl -vvsa) for ideas. I think this is the right answer. The log tells you what the other side sent: spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_CBC-256 spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA2_256_128 spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA1_96 spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ESN=NONE There isn't any DH group for PFS here, so drop the modp2048 or add it on the other side. > > > -- > Please keep replies on the mailing list. >
