You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the following configuration Opnsense with OpenSSL flavor fails to start additional phase 2 tunnels of IPsec connections. According to further reports the rekeying is also affected by this issue.
Flavor: OpenSSL 1.x
Version: Opnsense 22.7.4 (probably all Opnsense versions are affected)
Using the LibreSSL flavor solves the problem. Due to LibreSSL is scheduled for removal from future Opnsense releases, this is no long term solution and can only be a temporary workaround.
To Reproduce
Steps to reproduce the behavior:
Create a new IPsec S2S connection and configure it at least with modp8192 (DH group 18) or higher for DH key exchange
Create multiple isolated phase 2 tunnels even with a DH group of modp8192 or higher
Start the first tunnel. It should come up without any problems
Start the second tunnel. It should fail without notice.
Expected behavior
The expected behavior is that all tunnels will come up without any problems (and re-keying works as designed).
Describe alternatives you considered
Temporary workarounds:
Switch back to LibreSSL despite the announcement that LibreSSL is discontinued in the future
Lower DH key exchange security by using modp4096 or lower
Relevant log files
The log file shows the following error message: "unable to install inbound and outbound IPsec SA (SAD) in kernel".
Additional context
The problem resides in OpenSSL versions 1.x. During creation of CHILD_SAs or re-keying, parameters of a called key derive function exceed a predefined buffer of 1024 bytes with the consequence that the function returns with an error. The issue has been fixed in OpenSSL 3.0.5. It looks like there is no backport available and actually OpenSSL 3.x does not seem to be ready for FreeBSD prod systems. Maybe, there are 3 different solutions:
Backport the patch to OpenSSL 1.x (see references)
Switch to OpenSSL 3.x branch (under the premise it is stable enough)
After careful consideration adding that patch to OpenSSL 1.x will break ABI so that is a hard no from here. Likely also why this is only available in 3.x.
I don't have an overview of the whole call graph of dependent functions. But, the C file looks good. Memory for the structure with the fixed sized buffer is allocated dynamically and function calls are call by reference. Which ABI do you mean?
Nevertheless, I cannot rule out that there are no issues when extending the buffer. Maybe, it is better to wait for a stable OpenSSL 3.x coming into the FreeBSD repo.
Oh, I thought this struct is only used internally and not exported. If this is not the case, indeed it will break the ABI. So, let's wait OpenSSL 3.x is integrated into stable FreeBSD. When phasing out LibreSSL there should be a limitation notice in the change log.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
In the following configuration Opnsense with OpenSSL flavor fails to start additional phase 2 tunnels of IPsec connections. According to further reports the rekeying is also affected by this issue.
Using the LibreSSL flavor solves the problem. Due to LibreSSL is scheduled for removal from future Opnsense releases, this is no long term solution and can only be a temporary workaround.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The expected behavior is that all tunnels will come up without any problems (and re-keying works as designed).
Describe alternatives you considered
Temporary workarounds:
Relevant log files
The log file shows the following error message: "unable to install inbound and outbound IPsec SA (SAD) in kernel".
Additional context
The problem resides in OpenSSL versions 1.x. During creation of CHILD_SAs or re-keying, parameters of a called key derive function exceed a predefined buffer of 1024 bytes with the consequence that the function returns with an error. The issue has been fixed in OpenSSL 3.0.5. It looks like there is no backport available and actually OpenSSL 3.x does not seem to be ready for FreeBSD prod systems. Maybe, there are 3 different solutions:
References:
Environment
Not applicable here.
The text was updated successfully, but these errors were encountered: