1
19.1 Legacy Series / Issues with IPSEC and Diffie Hellman Groups on 19.1
« on: December 19, 2018, 11:39:31 pm »
Hey All,
Testing out 19.1 and came across IPSEC Issues it doesnt seem that any of the DH codes are working when i started to look deeper i found that its only supporting curve25519 which isnt even an option in the UI but also that there was an issue with OpenSSL failing to load which looks very similar to a freebsd issue from a while back (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149)
root@ragnarok:/ # swanctl -g
plugin 'openssl' failed to load: /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol "RSA_set0_factors"
encryption:
AES_CBC[aes]
3DES_CBC[des]
DES_CBC[des]
DES_ECB[des]
BLOWFISH_CBC[blowfish]
RC2_CBC[rc2]
integrity:
AES_XCBC_96[xcbc]
AES_CMAC_96[cmac]
HMAC_SHA1_96[hmac]
HMAC_SHA1_128[hmac]
HMAC_SHA1_160[hmac]
HMAC_MD5_96[hmac]
HMAC_MD5_128[hmac]
HMAC_SHA2_256_128[hmac]
HMAC_SHA2_256_256[hmac]
HMAC_SHA2_384_192[hmac]
HMAC_SHA2_384_384[hmac]
HMAC_SHA2_512_256[hmac]
HMAC_SHA2_512_512[hmac]
aead:
AES_GCM_8[gcm]
AES_GCM_12[gcm]
AES_GCM_16[gcm]
hasher:
HASH_SHA1[sha1]
HASH_SHA2_224[sha2]
HASH_SHA2_256[sha2]
HASH_SHA2_384[sha2]
HASH_SHA2_512[sha2]
HASH_MD4[md4]
HASH_MD5[md5]
HASH_IDENTITY[curve25519]
prf:
PRF_KEYED_SHA1[sha1]
PRF_FIPS_SHA1_160[fips-prf]
PRF_AES128_XCBC[xcbc]
PRF_AES128_CMAC[cmac]
PRF_HMAC_SHA1[hmac]
PRF_HMAC_MD5[hmac]
PRF_HMAC_SHA2_256[hmac]
PRF_HMAC_SHA2_384[hmac]
PRF_HMAC_SHA2_512[hmac]
xof:
dh:
CURVE_25519[curve25519]
rng:
RNG_STRONG[random]
RNG_TRUE[random]
nonce-gen:
NONCE_GEN[nonce]
Testing out 19.1 and came across IPSEC Issues it doesnt seem that any of the DH codes are working when i started to look deeper i found that its only supporting curve25519 which isnt even an option in the UI but also that there was an issue with OpenSSL failing to load which looks very similar to a freebsd issue from a while back (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149)
root@ragnarok:/ # swanctl -g
plugin 'openssl' failed to load: /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol "RSA_set0_factors"
encryption:
AES_CBC[aes]
3DES_CBC[des]
DES_CBC[des]
DES_ECB[des]
BLOWFISH_CBC[blowfish]
RC2_CBC[rc2]
integrity:
AES_XCBC_96[xcbc]
AES_CMAC_96[cmac]
HMAC_SHA1_96[hmac]
HMAC_SHA1_128[hmac]
HMAC_SHA1_160[hmac]
HMAC_MD5_96[hmac]
HMAC_MD5_128[hmac]
HMAC_SHA2_256_128[hmac]
HMAC_SHA2_256_256[hmac]
HMAC_SHA2_384_192[hmac]
HMAC_SHA2_384_384[hmac]
HMAC_SHA2_512_256[hmac]
HMAC_SHA2_512_512[hmac]
aead:
AES_GCM_8[gcm]
AES_GCM_12[gcm]
AES_GCM_16[gcm]
hasher:
HASH_SHA1[sha1]
HASH_SHA2_224[sha2]
HASH_SHA2_256[sha2]
HASH_SHA2_384[sha2]
HASH_SHA2_512[sha2]
HASH_MD4[md4]
HASH_MD5[md5]
HASH_IDENTITY[curve25519]
prf:
PRF_KEYED_SHA1[sha1]
PRF_FIPS_SHA1_160[fips-prf]
PRF_AES128_XCBC[xcbc]
PRF_AES128_CMAC[cmac]
PRF_HMAC_SHA1[hmac]
PRF_HMAC_MD5[hmac]
PRF_HMAC_SHA2_256[hmac]
PRF_HMAC_SHA2_384[hmac]
PRF_HMAC_SHA2_512[hmac]
xof:
dh:
CURVE_25519[curve25519]
rng:
RNG_STRONG[random]
RNG_TRUE[random]
nonce-gen:
NONCE_GEN[nonce]