IKEv2 VPN rekeying does not work correctly
| Originator: | neilalexanderr | ||
| Number: | rdar://29821241 | Date Originated: | 28/12/2016 |
| Status: | Closed | Resolved: | 31/01/2017 |
| Product: | macOS, iOS | Product Version: | |
| Classification: | Serious | Reproducible: | Always |
Summary: When configured using the GUI (as opposed to mobileconfig), the IKEv2 rekey timeout is set to approximately 8 minutes. At this 8 minute interval, the VPN attempts to rekey the CHILD SA. Unless the DH group of the VPN is set to 14, this rekey fails every single time and the CHILD SA is deleted. Steps to Reproduce: 1. Create IKEv2 VPN responder using Strongswan or other software such as Racoon, configure using certificate authentication (but not XAuth) using aes256-aes256-modp4096. 2. Connect the VPN. 3. After 8 minutes, iOS/macOS attempts to rekey the CHILD SA. The proposal sent for the rekey does not match the initial SA proposal. 4. The VPN disconnects. Expected Results: The rekey proposal should match the initial proposal (i.e. DH group 2 or 14). The CHILD SA should not be deleted. Actual Results: The rekey proposal is not the same as the initial SA proposal, therefore the rekey fails and the CHILD SA is deleted. Version: macOS Sierra 10.12.2 (16C67) iOS 10.2 (14C92) Notes: Configuration: Always occurs. When using mobileconfig the rekey interval can be increased but then this problem still happens eventually.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Apple Developer Relations
Engineering has determined that this issue behaves as intended based on the following information:
This looks like a configuration issue. If the DHG is specified for ESP, strongswan impliciltly turns on PFS. But iOS/OSX VPN UI does not support PFS for IKEv2.
Using your config: ike=aes256-sha256-ecp256,aes256-sha256-modp2048! esp=aes256-sha256-ecp256,aes256-sha256-modp2048!
Strongswan server log shows that tunnel is up with following proposal selected:
selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Client sent rekey with no DHG, server rejected it because PFS is configured on server:
no acceptable DIFFIE_HELLMAN_GROUP found no acceptable proposal found
We turned off PFS on strongswan server: ike=aes256-sha256-ecp256,aes256-sha256-modp2048! esp=aes256-sha256,aes256-sha256!
Then this will work.
If you really need to use PFS, then do not use the VPN UI for IKEv2. Use the configuration profile and have the EnablePFS key in the IKEv2 dictionary set to true.