authentication of 'vpn.demo.com' (myself) with RSA signature failed when use apple`s device connect #1408

askmhx · 2022-11-10T08:57:16Z

askmhx
Nov 10, 2022

swanctl.conf 

connections {

    ikev2-eap-mschapv2 {
        version = 2
        proposals = aes256-sha256-modp4096,aes256-sha256-modp2048,aes256gcm16-sha256-modp1024
        rekey_time = 0s
        pools = pool-ipv4
        fragmentation = yes
        dpd_delay = 30s
        send_cert=always
        unique = never
        local {
            id = vpn.demo.com
            certs = server.cert.pem
        }
        remote {
            auth = eap-mschapv2
            eap_id = %any
        }
        children {
            ikev2-eap-mschapv2 {
                local_ts = 0.0.0.0/0,::/0
                rekey_time = 0s
                dpd_action = clear
                esp_proposals = aes256-sha256-sha1
            }
        }
    }

    ikev2-cert {
        version = 2
        proposals = aes256-sha256-modp4096,aes256-sha256-modp2048,aes256gcm16-sha256-modp1024
        rekey_time = 0s
        pools = pool-ipv4
        fragmentation = yes
        dpd_delay = 30s
        send_cert=always
        unique = never
        local {
            id = vpn.demo.com
            certs = server.cert.pem
        }
        remote {
            auth = pubkey
        }
        children {
            ikev2-pubkey {
                remote_ts = 0.0.0.0/0,::/0
                dpd_action = clear
                esp_proposals = aes256-sha256-sha1
            }
        }
    }
}

pools {
    pool-ipv4 {
        addrs = 10.1.0.0/24
        dns = 1.1.1.1, 8.8.8.8
        split_exclude = 10.1.0.0/12
    }
}

secrets {
    eap-User1 {
        id = User1
        secret = "demodemodemodemodemodemo" 
    }
    eap-User2 {
        id = User2
        secret = "demodemodemodemodemodemo" 
    }
    eap-User3 {
        id = User3
        secret = "demodemodemodemodemodemo" 
    }
    eap-User4 {
        id = User4
        secret = "demodemodemodemodemodemo" 
    }
}

My Strongswan Start log

systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
charon-systemd[21665]: providers loaded by OpenSSL: default legacy
charon-systemd[21665]: loaded plugins: charon-systemd aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp t pkcs8 fips-prf gmp curve25519 chapoly cmac hmac kdf ctr ccm gcm drbg newhope curl attr kernel-netlink resolve socket-default farp vici updown eap-identity eap-mschapv2 ty counters
charon-systemd[21665]: dropped capabilities, running as uid 0, gid 0
charon-systemd[21665]: spawning 16 worker threads
swanctl[21682]: plugin 'sqlite': failed to load - sqlite_plugin_create not found and no plugin file available
charon-systemd[21665]: loaded certificate 'C=CN, O=DEMO, CN=SERVER.DEMO.COM'
charon-systemd[21665]: loaded certificate 'C=CN, O=DEMO, CN=CA.DEMO.COM'
charon-systemd[21665]: loaded ANY private key
charon-systemd[21665]: loaded ANY private key
charon-systemd[21665]: loaded EAP shared key with id 'eap-User1' for: 'User1'
charon-systemd[21665]: loaded EAP shared key with id 'eap-User2' for: 'User2'
charon-systemd[21665]: loaded EAP shared key with id 'eap-User3' for: 'User3'
charon-systemd[21665]: loaded EAP shared key with id 'eap-User4' for: 'User4'
charon-systemd[21665]: added vici pool pool-ipv4: 10.1.0.0, 254 entries
charon-systemd[21665]: added vici connection: ikev2-eap-mschapv2
charon-systemd[21665]: added vici connection: ikev2-cert
swanctl[21682]: loaded certificate from '/etc/strongswan/swanctl/x509/server.cert.pem'
swanctl[21682]: loaded certificate from '/etc/strongswan/swanctl/x509ca/ca.cert.pem'
swanctl[21682]: loaded private key from '/etc/strongswan/swanctl/private/ca.key.pem'
swanctl[21682]: loaded private key from '/etc/strongswan/swanctl/private/server.key.pem'
swanctl[21682]: loaded eap secret 'eap-User1'
swanctl[21682]: loaded eap secret 'eap-User2'
swanctl[21682]: loaded eap secret 'eap-User3'
swanctl[21682]: loaded eap secret 'eap-User4'
swanctl[21682]: no authorities found, 0 unloaded
swanctl[21682]: loaded pool 'pool-ipv4'
swanctl[21682]: successfully loaded 1 pools, 0 unloaded
swanctl[21682]: loaded connection 'ikev2-eap-mschapv2'
swanctl[21682]: loaded connection 'ikev2-cert'
swanctl[21682]: successfully loaded 2 connections, 0 unloaded
systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.

connect log

charon-systemd[19644]: received packet: from 101.88.88.88[1011] to 45.88.88.88[500] (604 bytes)
charon-systemd[19644]: parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
charon-systemd[19644]: 101.88.88.88 is initiating an IKE_SA
charon-systemd[19644]: selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
charon-systemd[19644]: remote host is behind NAT
charon-systemd[19644]: sending cert request for "C=CN, O=DEMO, CN=CA.DEMO.COM"
charon-systemd[19644]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
charon-systemd[19644]: sending packet: from 45.88.88.88[500] to 101.88.88.88[1011] (481 bytes)
charon-systemd[19644]: received packet: from 101.88.88.88[64916] to 45.88.88.88[4500] (512 bytes)
charon-systemd[19644]: unknown attribute type INTERNAL_DNS_DOMAIN
charon-systemd[19644]: parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi 
charon-systemd[19644]: looking for peer configs matching 45.88.88.88[vpn.demo.com]...101.88.88.88[10.0.123.32]
charon-systemd[19644]: selected peer config 'ikev2-eap-mschapv2'
charon-systemd[19644]: initiating EAP_IDENTITY method (id 0x00)
charon-systemd[19644]: peer supports MOBIKE
charon-systemd[19644]: received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
charon-systemd[19644]: authentication of 'vpn.demo.com' (myself) with RSA signature failed
charon-systemd[19644]: generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
charon-systemd[19644]: sending packet: from 45.88.88.88[4500] to 101.88.88.88[64916] (80 bytes)

When i install strongswan on centos8 rocky linux 8 almalinux8

My macOS 16, iOS 16 connect success.

But when i install strongswan on centos9 rockylinux9 almalinux9

Android connnect success but when i use Apple`s device connect It show error log; authentication of 'vpn.demo.com' (myself) with RSA signature failed

I have replease real ip daemon with fake ip daemon;

Answered by tobiasbrunner

Nov 10, 2022

Android connnect success but when i use Apple`s device connect It show error log;

It looks like the Apple device doesn't support IKEv2 signature authentication, so the RSA signature is done with SHA-1 (the Android client uses signature authentication with SHA-2). Maybe the OpenSSL 3 version (or its configuration) on the newer system refuses to do that. You could try increasing the priority of the gmp plugin (or reducing the one of the openssl plugin, or disable the latter completely).

View full answer

misch42 · 2022-11-10T09:15:13Z

misch42
Nov 10, 2022

First of all, why do you load you CA private key in strongswan?

swanctl[21682]: loaded private key from '/etc/strongswan/swanctl/private/ca.key.pem'

This potentially exposes the private key of you CA in case of a breach. Jackpot!

0 replies

misch42 · 2022-11-10T09:19:43Z

misch42
Nov 10, 2022

What ID does yout server certificate confirm .The ID is the DSN of the CN or the SAN of your certificate.

The logs tell me that the cert CN is 'C=CN, O=DEMO, CN=SERVER.DEMO.COM'

So please change the leftid = 'C=CN, O=DEMO, CN=SERVER.DEMO.COM'

0 replies

askmhx · 2022-11-10T09:53:09Z

askmhx
Nov 10, 2022
Author

thank you for your remind, I have remove ca.key，and change lieftid=server.demo.com, it still does not work,
my server.cert.pem
has san
vpn.demo.com
blog.demo.com

0 replies

misch42 · 2022-11-10T09:55:58Z

misch42
Nov 10, 2022

I told you to set leftid to 'C=CN, O=DEMO, CN=SERVER.DEMO.COM'.

0 replies

tobiasbrunner · 2022-11-10T17:08:45Z

tobiasbrunner
Nov 10, 2022
Maintainer

Android connnect success but when i use Apple`s device connect It show error log;

It looks like the Apple device doesn't support IKEv2 signature authentication, so the RSA signature is done with SHA-1 (the Android client uses signature authentication with SHA-2). Maybe the OpenSSL 3 version (or its configuration) on the newer system refuses to do that. You could try increasing the priority of the gmp plugin (or reducing the one of the openssl plugin, or disable the latter completely).

5 replies

askmhx Nov 11, 2022
Author

Let me try this solution

askmhx Nov 11, 2022
Author

when i disable openssl plugin it works ,thank you.

tobiasbrunner Nov 11, 2022
Maintainer

Note that you may also adjust the system-wide policy to allow RSA signatures with SHA-1 in OpenSSL via sudo update-crypto-policies --set DEFAULT:SHA1 (this basically sets rh-allow-sha1-signatures = yes in openssl.cnf, so this could theoretically also be set for strongSwan only if you get it to load its own openssl.cnf e.g. via OPENSSL_CONF).

askmhx Nov 14, 2022
Author

Got it, thank you for your patience

itbj Jul 29, 2024

when i disable openssl plugin it works ,thank you.

👍。

authentication of 'vpn.demo.com' (myself) with RSA signature failed when use apple`s device connect #1408

Uh oh!

Uh oh!

askmhx Nov 10, 2022

Replies: 5 comments · 5 replies

Uh oh!

misch42 Nov 10, 2022

Uh oh!

misch42 Nov 10, 2022

Uh oh!

askmhx Nov 10, 2022 Author

Uh oh!

misch42 Nov 10, 2022

Uh oh!

tobiasbrunner Nov 10, 2022 Maintainer

Uh oh!

askmhx Nov 11, 2022 Author

Uh oh!

askmhx Nov 11, 2022 Author

Uh oh!

tobiasbrunner Nov 11, 2022 Maintainer

Uh oh!

askmhx Nov 14, 2022 Author

Uh oh!

itbj Jul 29, 2024

askmhx
Nov 10, 2022

Replies: 5 comments 5 replies

misch42
Nov 10, 2022

misch42
Nov 10, 2022

askmhx
Nov 10, 2022
Author

misch42
Nov 10, 2022

tobiasbrunner
Nov 10, 2022
Maintainer

askmhx Nov 11, 2022
Author

askmhx Nov 11, 2022
Author

tobiasbrunner Nov 11, 2022
Maintainer

askmhx Nov 14, 2022
Author