This looks like a regression.
I was using AES-XCBC as the hash algorithm in "VPN: IPsec: Tunnel Settings" to accommodate Android's default VPN client which only accepts SHA1 and AES-XCBC, and SHA1 isn't used due to security reasons.
It's also the preferred hash algorithm by strongSwan Android app and Windows default client.
After a recent update (can't remember which one) all VPN clients can't connect anymore because of error "KDF_PRF with PRF_UNDEFINED not supported" and "key derivation failed". Logs:
2022-06-06T22:16:27-07:00 Informational charon 12[NET] <2> sending packet: from 10.0.0.1[500] to 10.0.0.100[42573] (36 bytes)
2022-06-06T22:16:27-07:00 Informational charon 12[ENC] <2> generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> key derivation failed
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> KDF_PRF with PRF_UNDEFINED not supported
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> remote host is behind NAT
2022-06-06T22:16:27-07:00 Informational charon 12[CFG] <2> selected proposal: IKE:AES_CBC_256/AES_XCBC_96/PRF_AES128_XCBC/ECP_256
2022-06-06T22:16:27-07:00 Informational charon 12[IKE] <2> 10.0.0.100 is initiating an IKE_SA
2022-06-06T22:16:27-07:00 Informational charon 12[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2022-06-06T22:16:27-07:00 Informational charon 12[NET] <2> received packet: from 10.0.0.100[42573] to 10.0.0.1[500] (716 bytes)
I have to remove AES-XCBC algorithm and use SHA256 only to accommodate strongSwan Android app and Windows client, while the Android default VPN client is still broken.
I found this thread https://bytemeta.vip/repo/strongswan/strongswan/issues/1026 but not sure if it's related. Is --disable-kdf added to the configure options? If so, removing it may fix the issue.
There was another report on Reddit about strongswan revert making things work again.
# opnsense-revert -r 22.1.7 strongwan
It would point to a problem within the latest release https://github.com/strongswan/strongswan/releases/tag/5.9.6
Cheers,
Franco
For reference: https://www.reddit.com/r/opnsense/comments/uxdfd9/opnsense_2218_released/i9x2phn/?utm_source=reddit&utm_medium=web2x&context=3
Can someone with the issue try this KDF-enabled package?
# pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/strongswan-kdf.pkg
Thanks,
Franco
The command pkg add -f https://pkg.opnsense.org/FreeBSD:13:amd64/snapshots/misc/strongswan-kdf.pkg fixed the problem. Thanks!
Confirmed, fixed for me also.
Thanks, we discussed the change here in FreeBSD https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263748 best case they flip it on by default or we do. Either way in 22.1.9 this will be fixed. Thanks for reporting and testing :)
Just wanted to tag on to this. I'm having the same problem: "KDF_PRF with PRF_UNDEFINED not supported" with my IPsec configuration.
The strongwan-kdf.pkg fixed it for me also.