1

Linux Server is Ubuntu 18.04 running in Google cloud. I followed the following excellent tutorial to configure StrongSwan server:

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2

I have opened ports UDP 500 and 4500 in Google cloud and enabled logging of the charon daemon. Most everything seems to go as planned, until I try to connect from a Windows 10 VPN connection, which fails with an error "Policy Match error". The charon log file (at level 1) contains the following after the failed attempt to connect:

Jan 22 17:17:40 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1034-gcp, x86_64)
Jan 22 17:17:40 00[CFG] PKCS11 module '<name>' lacks library path
Jan 22 17:17:40 00[CFG] disabling load-tester plugin, not configured
Jan 22 17:17:40 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Jan 22 17:17:40 00[CFG] dnscert plugin is disabled
Jan 22 17:17:40 00[CFG] ipseckey plugin is disabled
Jan 22 17:17:40 00[CFG] attr-sql plugin: database URI not set
Jan 22 17:17:40 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 22 17:17:40 00[CFG]   loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'
Jan 22 17:17:40 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 22 17:17:40 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 22 17:17:40 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 22 17:17:40 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 22 17:17:40 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 22 17:17:40 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/server-key.pem'
Jan 22 17:17:40 00[CFG]   loaded EAP secret for ejohanson
Jan 22 17:17:40 00[CFG] sql plugin: database URI not set
Jan 22 17:17:40 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
Jan 22 17:17:40 00[CFG] eap-simaka-sql database URI missing
Jan 22 17:17:40 00[CFG] loaded 0 RADIUS server configurations
Jan 22 17:17:40 00[CFG] HA config misses local/remote address
Jan 22 17:17:40 00[CFG] no threshold configured for systime-fix, disabled
Jan 22 17:17:40 00[CFG] coupling file path unspecified
Jan 22 17:17:40 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
Jan 22 17:17:40 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 22 17:17:40 00[JOB] spawning 16 worker threads
Jan 22 16:50:23 05[CFG] received stroke: add connection 'ikev2-vpn'
Jan 22 16:50:23 05[CFG] adding virtual IP address pool 10.10.11.0/16
Jan 22 16:50:23 05[CFG]   loaded certificate "CN=devsrv.valmarc.com" from 'server-cert.pem'
Jan 22 16:50:23 05[CFG] added configuration 'ikev2-vpn'
Jan 22 16:50:32 07[KNL] interface ens7 activated
Jan 22 16:50:32 10[KNL] interface ens6 activated
Jan 22 16:50:32 13[KNL] interface ens5 activated
Jan 22 16:50:32 10[KNL] 10.4.1.2 appeared on ens7
Jan 22 16:50:32 07[KNL] 10.3.1.2 appeared on ens6
Jan 22 16:50:33 12[KNL] 10.2.1.2 appeared on ens5
Jan 22 16:50:33 06[KNL] fe80::4001:aff:fe04:102 appeared on ens7
Jan 22 16:50:33 16[KNL] fe80::4001:aff:fe02:102 appeared on ens5
Jan 22 16:50:34 08[KNL] fe80::4001:aff:fe03:102 appeared on ens6
Jan 22 16:53:42 01[NET] received packet: from 73.249.XXX.YYY[500] to 10.1.1.2[500] (1104 bytes)
Jan 22 16:53:42 01[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jan 22 16:53:42 01[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Jan 22 16:53:42 01[IKE] received MS-Negotiation Discovery Capable vendor ID
Jan 22 16:53:42 01[IKE] received Vid-Initial-Contact vendor ID
Jan 22 16:53:42 01[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jan 22 16:53:42 01[IKE] 73.249.XXX.YYY is initiating an IKE_SA
Jan 22 16:53:42 01[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_192/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA1/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA1/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_1024
Jan 22 16:53:42 01[CFG] configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Jan 22 16:53:42 01[IKE] local host is behind NAT, sending keep alives
Jan 22 16:53:42 01[IKE] remote host is behind NAT
Jan 22 16:53:42 01[IKE] received proposals inacceptable
Jan 22 16:53:42 01[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Jan 22 16:53:42 01[NET] sending packet: from 10.1.1.2[500] to 73.249.XXX.YYY[500] (36 bytes)

For reference, here is my /etc/ipsec.conf file:

config setup
        charondebug="ike 1, knl 1, cfg 0"
        uniqueids=no

conn ikev2-vpn
        auto=add
        compress=no
        type=tunnel
        keyexchange=ikev2
        fragmentation=yes
        forceencaps=yes
        dpdaction=clear
        dpddelay=300s
        rekey=no
        left=%any
        leftid=@ZZZZZ.example.com
        leftcert=server-cert.pem
        leftsendcert=always
        leftsubnet=0.0.0.0/0
        right=%any
        rightid=%any
        rightauth=eap-mschapv2
        rightsourceip=10.10.11.0/16
        rightdns=8.8.8.8,8.8.4.4
        rightsendcert=never
        eap_identity=%identity

Can someone advise on how to troubleshoot this problem?

deltamind106
  • 158
  • 1
  • 7

1 Answers1

1

The problem is that the IKE proposal doesn't match:

Jan 22 16:53:42 01[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_192/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_192/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA1/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA1/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/MODP_1024
Jan 22 16:53:42 01[CFG] configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Jan 22 16:53:42 01[IKE] local host is behind NAT, sending keep alives
Jan 22 16:53:42 01[IKE] remote host is behind NAT
Jan 22 16:53:42 01[IKE] received proposals inacceptable
Jan 22 16:53:42 01[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]

That's because the only Diffie-Hellman group Windows clients propose by default is the weak MODP_1024, which strongSwan removed from its default proposal years ago.

You can either modify the client so it uses a stronger DH group (preferred), or the server's config so it accepts the weak group proposed by the client. Please refer to a previous answer of mine for details.

ecdsa
  • 3,800
  • 12
  • 26
  • Thank you for the answer. In your reference to your previous answer you mention setting "ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024" to allow Strongswan to accept the weak Windows 1024-bit MODP DH group. Where does this configuration belong? In /etc/ipsec.conf in the "conn" section? Can you post a reference to the docs on enabling this key-exchange? – deltamind106 Jan 26 '21 at 14:06
  • Yes, you can add that to your existing [conn section](https://wiki.strongswan.org/projects/strongswan/wiki/Connsection). But as I mentioned, getting the Windows client to propose a stronger DH group is definitely preferred. – ecdsa Jan 26 '21 at 14:58
  • Thank you, the solution worked. I agree on fixing the Windows client, but the trouble with that solution is that there are multitudes of Windows client users with their own personal laptops (not on a company domain), and trying get all of them to go into the registry and tweak a setting is basically a non-starter. – deltamind106 Jan 27 '21 at 18:17