--- /dev/null
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>, as does gateway <b>sun</b>. While <b>carol</b> and
+<b>sun</b> support negotiating KE methods during IKE_AUTH, <b>dave</b> does not.
+The configured KE methods don't match for <b>carol</b> and <b>dave</b>. However,
+only <b>carol</b> will notice this immediately, while <b>dave</b> only notices
+when rekeying the SA. <b>sun</b> also rekeys the Child SA to ensure that the
+previously negotiated KE group is used and no INVALID_KE_PAYLOAD notify is
+necessary.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, client <b>alice</b> behind the
+gateway <b>moon</b> pings both <b>dave</b> and <b>sun</b>.
--- /dev/null
+# the connection with sun shows the negotiated (but unused) KE methods
+sun::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.2 local-port=4500 local-id=sun.strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ake1=ML_KEM_768.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519 ake1=ML_KEM_768.*local-ts=\[192.168.0.2/32] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.2 remote-port=4500 remote-id=sun.strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ake1=ML_KEM_768.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128 dh-group=CURVE_25519 ake1=ML_KEM_768.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.2/32]::YES
+alice::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::YES
+# initiate the connection from carol, which should fail with NO_PROPOSAL_CHOSEN during IKE_AUTH
+carol::swanctl --initiate --child home 2> /dev/null
+carol::cat /var/log/daemon.log::IKE_SA_INIT.*N(CHILD_PFS_SUP)::2
+carol::cat /var/log/daemon.log::received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built::YES
+moon::cat /var/log/daemon.log::received proposals: ESP:AES_GCM_16_128/CURVE_25519/NO_EXT_SEQ::YES
+moon::cat /var/log/daemon.log::no acceptable proposal found::YES
+# initiate the connection from dave, which works because no KE methods are negotiated
+dave::swanctl --initiate --child home 2> /dev/null
+dave::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ake1=ML_KEM_768.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon::swanctl --list-sas --ike-id 3 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ake1=ML_KEM_768.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+dave::cat /var/log/daemon.log::IKE_SA_INIT.*N(CHILD_PFS_SUP)::NO
+dave::cat /var/log/daemon.log::selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+# however, rekeying with dave fails as the proposals mismatch (the existing SA remains until it expires)
+dave::swanctl --rekey --child home
+moon::sleep 1
+moon::cat /var/log/daemon.log::received proposals: ESP:AES_GCM_16_128/CURVE_25519/NO_EXT_SEQ::2
+moon::cat /var/log/daemon.log::no acceptable proposal found::2
+dave::cat /var/log/daemon.log::received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built::YES
+dave::cat /var/log/daemon.log::CHILD_SA rekeying failed::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+# rekey the SA from sun, which proposes the negotiated KE method and not its preferred one
+sun::swanctl --rekey --child home
+sun::sleep 1
+sun::cat /var/log/daemon.log::parsed CREATE_CHILD_SA.*N(INVAL_KE)::NO
+alice::ping -c 1 192.168.0.2::64 bytes from 192.168.0.2: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+moon::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
+}
--- /dev/null
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ # this is missing ke1_mlkem768 to force a mismatch
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519-ke1_mlkem768
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
+ # disabled for testing purposes
+ child_sa_pfs_info = no
+}
--- /dev/null
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ # this is missing ke1_mlkem768 to force a mismatch
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519-ke1_mlkem768
+ }
+}
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
+}
--- /dev/null
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519-ke1_mlkem768
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519-ke1_mlkem768
+ }
+}
--- /dev/null
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce openssl pem pkcs1 revocation constraints curl kernel-netlink socket-default updown vici
+}
--- /dev/null
+connections {
+
+ home {
+ local_addrs = 192.168.0.2
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = sunCert.pem
+ id = sun.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ # list modp3072 first to test if x25519 is used during rekeying
+ esp_proposals = aes128gcm128-modp3072-x25519-ke1_mlkem768
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519-ke1_mlkem768
+ }
+}
--- /dev/null
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+sun::swanctl --terminate --ike home
+carol::systemctl stop strongswan
+dave::systemctl stop strongswan
+sun::systemctl stop strongswan
+moon::systemctl stop strongswan
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
+sun::iptables-restore < /etc/iptables.flush
--- /dev/null
+moon::iptables-restore < /etc/iptables.rules
+sun::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan
+sun::systemctl start strongswan
+carol::systemctl start strongswan
+dave::systemctl start strongswan
+moon::expect-connection rw
+sun::expect-connection home
+sun::swanctl --initiate --child home 2> /dev/null
+carol::expect-connection home
+dave::expect-connection home
--- /dev/null
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon sun carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d-s.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
projects / thirdparty / strongswan.git / commitdiff
