ipsec: support multiple phase 1 proposals

[fichtner]

Goal is to have single phase 1 compatibility with multiple mobile platforms.

• Hash algos as selectpickers with multiple values phase1/2
• Dh groups as selectpickers with multiple values phase1
• Disable strict policy in phase1/2 under advanced (only if strictly necessary)

[mimugmail]

This would be very nice feature since it guarantuees compatibility to older and newer clients.
For the beginning, a checkbox with a warning for unsetting the "!" in ike and/or esp would be enough.

Then older clients would negotiate lower encryption:

              Defaults  to  aes128-sha256.   The  daemon  adds  its  extensive
              default proposal to this default or the  configured  value.   To
              restrict  it  to the configured proposal an exclamation mark (!)
              can be added at the end.

              Note: As a responder, the daemon defaults to selecting the first
              configured  proposal that's also supported by the peer. This may
              be changed via strongswan.conf(5) to selecting the first accept-
              able  proposal  sent by the peer instead. In order to restrict a
              responder to only accept specific cipher suites, the strict flag
              (!,  exclamation mark) can be used, e.g: aes256-sha512-modp4096!

[mimugmail]

https://forum.opnsense.org/index.php?topic=6544.0

This could fit the thing with "!" .. a button "Disable strict policy" would be nice.

[mimugmail]

For me it seems if the other endpoint has multiple offers and the first one doesn't match, the connections fails (see newest reply in forum). If the "!" is removed it tries the next one and so one.

So I'd still suggest a new Checkbox "Disable strict policy" to remove it (default unchecked).

It's a compatibilty enhancement for devices supporting multiple values for P1 and P2 like ASA.

[GurliGebis]

This would be nice, since I have to configure both Android 8 and Windows 10 roadwarrior clients, which is not possible, since there is no configuration that both support.

[mimugmail]

I'm also fighting ATM since Android 7 only support 1024 PFS in P1 and Mac requires 2048.
Trying to build a support matrix which client supports which VPN types .. but right now it doesn't make sense. Perhaps also multiple DHs would be nice.

Some months ago I opened an issue to add a checkbox which would just remove the ! from the ike and esp .. perhaps calling it Disable strict cipher selection

[fichtner]

@mimugmail first part in 037a92f -- it only works in IKEv2, IKEv1 only takes the first and maybe we should warn users in the GUI about this. The enc algo modelling is less flexible and we need glue to bring it all together but we'll have a solution for 19.1 in any case. :)

Please test!

[fichtner]

@mimugmail 36cde51 job done? :D

[mimugmail]

This looks great!! Thanks! :)
Do you think we ca reverse the sort order?
ATM it's sha1 and 1024 first and sha512 and 2048 at last ...

[fichtner]

Hmm, we could reverse the write order, assuming that the values are filled from smallest to highest, but it's somewhat dependent on the browser.

[mimugmail]

Legacy code doesn't support ordering so we could order from config.xml to ipsec.conf?

[fichtner]

The issue is that in the current modelling it supported only one entry, so there is no order by intention... now that we can choose multiple values we're left to guess what the best order is. 2 hashes and 2 dh groups are 4 combinations and even if we order by both hashes and dh groups from best to worst we have a middle gap where order is subject to interpretation due to the inner and outer loop. I'll add a final reverse, but that's as far as we can go before rewriting the entire handling of ike and esp entries.

[fichtner]

@mimugmail see c1c27c3 -- do we still want overrides for "!" or close as is? I'd add them only if strictly needed.

[mimugmail]

Thanks, I'll test. But for this I'd left P2 untouched (which also has wrong ordering regarding hash) since it could break existing setups

[fichtner]

I haven't changed P2 other than changing the hash checkboxes to a selectpicker for unified style.

[mimugmail]

Ok, works perfect. Tested with Andoid, before the patch both devices were DH1024, now Android is DH1024 and iPAD is at DH2048, so, working as expected with highest security available 👍

[fichtner]

Ok, close?

[mimugmail]

Close, thanks 🥇

[fichtner]

Pew pew!