IPSec AES-256-GCM

BlackVS · August 6, 2016, 4:58pm

Have anybody setup IPSEC using GCM encryption on Mikrotiks (in my case - to encode GRE tunnels)?
I succesfully setup AES-CBC, AES-CTR but failed with AES-GCM - I am getting the “failed to pre-process ph2 packet” error on both sides and stuck whre to look further…

PS: from debug log I see only this error:

Aug/06/2016 20:12:38 ipsec,debug,packet IPSEC:: call pfkey_send_update_nat
Aug/06/2016 20:12:38 ipsec,debug IPSEC:: libipsec failed send update_nat (Success)
Aug/06/2016 20:12:38 ipsec,debug IPSEC:: pfkey update failed.
Aug/06/2016 20:12:38 ipsec,debug IPSEC:: failed to process packet.
Aug/06/2016 20:12:38 ipsec,debug IPSEC:: phase2 negotiation failed.
Aug/06/2016 20:12:38 ipsec,debug,packet IPSEC:: an undead schedule has been deleted.

efaden · August 6, 2016, 5:19pm

I’m using gcm

Sent from my XT1575 using Tapatalk

BlackVS · August 6, 2016, 5:24pm

Can you pasteyour IPSEC setup here, I will be very appreciated %) ?
Because I suspect problem is in some other IPSEC parameters which I set wrong…

efaden · August 6, 2016, 5:25pm

I can’t now, but later from a computer

Sent from my XT1575 using Tapatalk

IntrusDave · August 6, 2016, 5:35pm

GCM works well, but but is not hardware accelerated. only the AES-CBC cyphers are accelerated.
Enable ipsec debug logging to see what is wrong with the phase 2

BlackVS · August 6, 2016, 5:37pm

Thank you! For comparing mine current config is:

/interface gre
add allow-fast-path=no !keepalive local-address=A.A.A.A mtu=1420 name=gre-tunnel remote-address=B.B.B.B
/ip ipsec proposal
add auth-algorithms=null enc-algorithms=aes-256-gcm lifetime=33m20s name=PROPOSAL-Gcm pfs-group=none
/ip ipsec peer
add address=B.B.B.B enc-algorithm=aes-256 nat-traversal=no secret=XXXXXXX
/ip ipsec policy
add src-address=A.A.A.A dst-address=B.B.B.B protocol=gre sa-src-address=A.A.A.A sa-dst-address=B.B.B.B proposal=PROPOSAL-Gcm

All works if change to sha1+AES-256-CBC (or CTR, or any other)…

BlackVS · August 6, 2016, 5:43pm

Problem with CBC that it seems to be coded in one thread. I tested encrypted VPNs betweens CCRs, 100M channels and ping 40ms between them - one connection using AES-256-CBC gives only… 2-3Mbit! Of course using more connection gives more speed … but not in the case of Samba sharing. Switching to Camelia-256 or AES-256-CTR gives ~30Mbit for single connection. It is closer to the maximum possible ~50M (taking in the mind the TCPWindowSize issue). Of course they are not hardware coded but hardware coding seems to be the bottleneck…Becuase I remember time when AES-256-CBC gave the same speed (somewhere in 6.7…6.11).
GCM I think should give more speed. I hope.

PS: or does exist any way to switch off harware “acceleration” except changing the encryption methods?

BlackVS · August 6, 2016, 5:47pm

Sure. But what exactly is question. And how NAT is related to this… Both sides use global white IPs.

IntrusDave · August 6, 2016, 5:50pm

Who said anything about NAT?
You need to turn on the ipsec debug logging to see what the phase2 errors are

BlackVS · August 6, 2016, 6:44pm

Debug log with errors are in 1st message of this topic already.
PS: I can put full log here but errors shown only in this lines

BlackVS · August 8, 2016, 11:55am

Just gentle reminder %), thanks in advance.