On 2023/02/24 12:49, Tobias Heider wrote: > On Fri, Feb 24, 2023 at 09:24:29AM -0000, Stuart Henderson wrote: > > On 2023-02-23, Thomas Bohl <openbsd-misc-518...@aloof.de> wrote: > > > I have several OpenBSD 7.2 connected to a commercial VPN-Router (LANCOM > > > 1781EW+) using iked. It works, except every time the Child SA > > > negotiation starts, iked answers NO_PROPOSAL_CHOSEN to the router. Which > > > leads to closed connections and a new IKE SA negotiation. > > > I don't understand this because the proposal looks supported to me. > > > > Child SA failing after the initial tunnel comes up usually relates to a > > mismatch with PFS (DH groups). > > Right, it is a huge fail in the protocol desing that those incompatibilities > aren't detected until the first refresh which can happen hours after it > seemingly worked just fine. > > The only solution I could think of to make it more obvious would be > forcing a rekey handshake right after the initial one, but that would > increase the network load and might have other downsides.
I think I have seen some vendor with an "renegotiate child SA at connect" option but I forget who.. > > > > > I got desperate and tried adding this to iked.conf, which didn't help: > > > > > > childsa group modp2048 \ > > > childsa group modp2048 noesn\ > > > childsa enc aes-256-gcm group modp2048 \ > > > childsa enc aes-256-gcm group modp2048 noesn \ > > > childsa enc aes-256 group modp2048 \ > > > childsa enc aes-256 group modp2048 noesn \ > > > childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 \ > > > childsa enc aes-256-gcm group modp2048 prf hmac-sha2-256 noesn \ > > > childsa enc aes-256 group modp2048 prf hmac-sha2-256 \ > > > childsa enc aes-256 group modp2048 prf hmac-sha2-256 noesn \ > > > childsa enc aes-256 group modp2048 prf hmac-sha1 \ > > > childsa enc aes-256 group modp2048 prf hmac-sha1 noesn \ > > > > > > Any ideas? > > > > Try adding some non-modp2048 options. Maybe look at the SA installed > > from the initial negotiation (ipsecctl -vvsa) for ideas. > > I think this is the right answer. The log tells you what the other side sent: > > spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_CBC-256 > spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA2_256_128 > spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 INTEGR=HMAC_SHA1_96 > spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ESN=NONE > > There isn't any DH group for PFS here, so drop the modp2048 or add it on the > other side. > > > > > > > -- > > Please keep replies on the mailing list. > >
