Community discussions

MikroTik App
 
pamribeirox
just joined
Topic Author
Posts: 18
Joined: Fri Dec 22, 2017 6:20 pm

Android 13 incompatibility with IKEv2/EAP RADIUS

Mon Nov 28, 2022 3:45 pm

It seems Google decided to drop all the remaining VPN protocols from Android in version 13
After upgrade the devices only show 3 variants of IKEv2 (MSCHAPv2, PSK and RSA) the old ones PPTP & L2TP/IPSEC are gone!
In a large scale "enterprise" deployment like ours (Lisbon Polytechnic) with thousands of daily VPN users "road warrior style" the only viable option in those 3 are MSCHAPv2 where the users identify themselves with the usernames and passwords they use to access eduroam wifi and all the institutional sites.

The Windows, Linux and Apple users get the VPN without any problems via one of the available options SSTP, L2TP/IPSEC or IKEv2 (EAP RADIUS).
Previous Android releases connect with L2TP/IPSEC also without any problem.
After some days of testing and debugging I can't in any way to make ROS compatible with Android 13. Tested on latest ROS 6.49.7 and 7.6 with the same results.
I've tested with a full name certificate instead of the wildcard we currently use for VPN services and the problem remains.

Follows an snip of the configuration used on ROS7.6
# nov/28/2022 13:07:41 by RouterOS 7.6
/ip ipsec mode-config add address-pool=vpn-ikev2-pool address-prefix-length=32 name=ike2-conf split-include=\
10.0.0.0/8,192.168.0.0/16 static-dns=192.0.2.130,192.0.2.131 system-dns=no
/ip ipsec policy group add name=ike2-policies
/ip ipsec profile add dh-group=ecp256,ecp384,ecp521,modp2048,modp1024 enc-algorithm=aes-256,aes-128 hash-algorithm=sha256 name=ike2
/ip ipsec peer add exchange-mode=ike2 name=ike2 passive=yes profile=ike2 send-initial-contact=no
/ip ipsec proposal add auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-gcm,aes-128-cbc,aes-128-gcm name=ike2 pfs-group=none
/ip ipsec identity add auth-method=eap-radius certificate="wildcard.ournet.pt,GEANT OV RSA CA 4" generate-policy=port-strict \
mode-config=ike2-conf notrack-chain=notrack-ikev2 peer=ike2 policy-template-group=ike2-policies
/ip ipsec policy add group=ike2-policies proposal=ike2 template=yes
/ip pool add name=vpn-ikev2-pool ranges=10.10.25.193-10.10.25.254

The log produced by ROS in the failed connection follows. Some of the IP's and names have been changed for anonymity.
I'm suspecting the "flavor" of MSCHAPv2 used by Android isn't compatible with the EAP RADIUS supported by ROS. I don't even see any RADIUS packets exchanged.
Some similar forums from other router manufacturers all seem to be suffering from this problem.

Has Mikrotik any solution for this problem? some update on ROS? (Google is probably the source of the problem but I'm not seeing them fixing the problem on their side!)

regards!
===== received 652 bytes from 192.0.2.113[41729] to 198.51.100.210[500]
-> ike2 request, exchange: SA_INIT:0 192.0.2.113[41729] 3f3ef0edc94f82a8:0000000000000000
ike2 respond
payload seen: SA (244 bytes)
payload seen: KE (264 bytes)
payload seen: NONCE (36 bytes)
payload seen: NOTIFY (28 bytes)
payload seen: NOTIFY (28 bytes)
payload seen: NOTIFY (16 bytes)
payload seen: NOTIFY (8 bytes)
processing payload: SA
unknown DH group: #24
unknown DH group: #24
IKE Protocol: IKE
proposal #1
enc: aes256-cbc
enc: aes128-cbc
prf: hmac-sha512
prf: hmac-sha384
prf: hmac-sha256
prf: hmac-sha1
auth: sha512
auth: sha384
auth: sha256
auth: sha1
dh: unknown
dh: ecp384
dh: ecp256
dh: modp2048
dh: modp1536
proposal #2
enc: aes256-gcm
enc: aes128-gcm
prf: hmac-sha512
prf: hmac-sha384
prf: hmac-sha256
prf: hmac-sha1
dh: unknown
dh: ecp384
dh: ecp256
dh: modp2048
dh: modp1536
matched proposal:
proposal #1
enc: aes256-cbc
prf: hmac-sha256
auth: sha256
dh: ecp384
processing payload: KE
unknown DH group: #24
DH group number mismatch: 20 != 24
adding notify: INVALID_KE_PAYLOAD
=> (size 0xa)
0000000a 00000011 0014
===== sending 38 bytes from 198.51.100.210[500] to 192.0.2.113[41729]
1 times of 38 bytes message will be sent to 192.0.2.113[41729]
===== received 492 bytes from 192.0.2.113[41729] to 198.51.100.210[500]
-> ike2 request, exchange: SA_INIT:0 192.0.2.113[41729] 3f3ef0edc94f82a8:0000000000000000
ike2 respond
payload seen: SA (244 bytes)
payload seen: KE (104 bytes)
payload seen: NONCE (36 bytes)
payload seen: NOTIFY (28 bytes)
payload seen: NOTIFY (28 bytes)
payload seen: NOTIFY (16 bytes)
payload seen: NOTIFY (8 bytes)
processing payload: SA
unknown DH group: #24
unknown DH group: #24
IKE Protocol: IKE
proposal #1
enc: aes256-cbc
enc: aes128-cbc
prf: hmac-sha512
prf: hmac-sha384
prf: hmac-sha256
prf: hmac-sha1
auth: sha512
auth: sha384
auth: sha256
auth: sha1
dh: ecp384
dh: unknown
dh: ecp256
dh: modp2048
dh: modp1536
proposal #2
enc: aes256-gcm
enc: aes128-gcm
prf: hmac-sha512
prf: hmac-sha384
prf: hmac-sha256
prf: hmac-sha1
dh: ecp384
dh: unknown
dh: ecp256
dh: modp2048
dh: modp1536
matched proposal:
proposal #1
enc: aes256-cbc
prf: hmac-sha256
auth: sha256
dh: ecp384
processing payload: KE
=> shared secret (size 0x30)
a34df60e 44d1d725 143b44a9 9b4a813e 962bb2ce 6e3797ac 8d771086 0c6789f8
cd2b2d9b 2db81ce0 a5a6f821 d3363d58
ike2 respond finish: request, exchange: SA_INIT:0 192.0.2.113[41729] 3f3ef0edc94f82a8:0000000000000000
processing payload: NONCE
adding payload: SA
=> (size 0x30)
00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005
03000008 0300000c 00000008 04000014
adding payload: KE
=> (size 0x68)
00000068 00140000 b8894e9b 715cbea3 d5d25ea9 a3a5d782 495b30b8 5b5af2d4
c7c04fbe 7c74eac4 cbe70f8a 51418901 ce29f792 5bcdbbe3 6e0716f8 356b579d
5f275817 720b51a5 ff6a940c 2fc26844 cad8633c ae4a8744 83ebf340 cf82eec5
846bdfb2 073fed79
adding payload: NONCE
=> (size 0x1c)
0000001c 3ff01646 5db2adc2 b412fe37 f7b9a6c3 b010b780 07643b88
adding notify: NAT_DETECTION_SOURCE_IP
=> (size 0x1c)
0000001c 00004004 de430ad7 af45d4fb f338841e f9714b80 eaa671b0
adding notify: NAT_DETECTION_DESTINATION_IP
=> (size 0x1c)
0000001c 00004005 1f9d4b3d 1cbeb67a 6a9a594c f9adc3a1 3ced877f
adding notify: IKEV2_FRAGMENTATION_SUPPORTED
=> (size 0x8)
00000008 0000402e
adding payload: CERTREQ
=> (size 0x5)
00000005 04
<- ike2 reply, exchange: SA_INIT:0 192.0.2.113[41729] 3f3ef0edc94f82a8:97ff66ac0455e52f
===== sending 277 bytes from 198.51.100.210[500] to 192.0.2.113[41729]
1 times of 277 bytes message will be sent to 192.0.2.113[41729]
=> skeyseed (size 0x20)
34c2501d 3e61b323 6c652e03 1a9575ee b4907d66 c70170c7 3617e064 a2b9a174
=> keymat (size 0x20)
b7bbbeac d1f1082e 660402c7 58e9d3aa a75a2c7f 7ebe9145 1e1d9ab7 1f8a2040
=> SK_ai (size 0x20)
1a49ed84 55008f0c 5cbb054e 560fa3ce 337e3820 d025d1a5 00f02ae8 c3e79444
=> SK_ar (size 0x20)
86319a7f aa5e0838 6d00a8e1 53d29b69 ce7ea1a3 cf851320 c0535708 d67a7243
=> SK_ei (size 0x20)
8904fa1e 32e70396 f329484d 1ae2547a ab5f068d 39b55ae9 c67cd1a7 4e29470e
=> SK_er (size 0x20)
42a1a01a 7afd0664 0aff1735 1229fee4 def9fadb 07abb6f4 c3c46716 6e740185
=> SK_pi (size 0x20)
e057a973 b8a14540 0446f4ff aea9cba9 3feb79cb fd045268 67af4c13 8fe6c256
=> SK_pr (size 0x20)
a8a02153 51e0229d 8ea2bf28 6cd13778 359fca7c 9a56c4d3 f9bc2fc7 0944753f
new ike2 SA (R): ike2 198.51.100.210[500]-192.0.2.113[41729] spi:97ff66ac0455e52f:3f3ef0edc94f82a8
processing payloads: VID (none found)
processing payloads: NOTIFY
notify: NAT_DETECTION_SOURCE_IP
notify: NAT_DETECTION_DESTINATION_IP
notify: SIGNATURE_HASH_ALGORITHMS
0002000300040005
notify: REDIRECT_SUPPORTED
(NAT-T) REMOTE
KA list add: 198.51.100.210[4500]->192.0.2.113[41729]
===== received 352 bytes from 192.0.2.113[60008] to 198.51.100.210[4500]
-> ike2 request, exchange: AUTH:1 192.0.2.113[60008] 3f3ef0edc94f82a8:97ff66ac0455e52f
peer ports changed: 41729 -> 60008
KA remove: 198.51.100.210[4500]->192.0.2.113[41729]
KA tree dump: 198.51.100.210[4500]->192.0.2.113[41729] (in_use=1)
KA tree dump: 198.51.100.210[4500]->192.0.2.113[41729] (in_use=1)
KA removing this one...
KA list add: 198.51.100.210[4500]->192.0.2.113[60008]
payload seen: ENC (324 bytes)
processing payload: ENC
=> iv (size 0x10)
b033eea4 2caeef6b a81a11e9 16a7e623
decrypted packet
payload seen: ID_I (27 bytes)
payload seen: CERTREQ (25 bytes)
payload seen: CONFIG (16 bytes)
payload seen: SA (124 bytes)
payload seen: TS_I (24 bytes)
payload seen: TS_R (24 bytes)
payload seen: NOTIFY (8 bytes)
payload seen: NOTIFY (12 bytes)
payload seen: NOTIFY (8 bytes)
payload seen: NOTIFY (8 bytes)
processing payloads: NOTIFY
notify: MOBIKE_SUPPORTED
notify: ADDITIONAL_IP4_ADDRESS
0af17f59
notify: EAP_ONLY_AUTHENTICATION
notify: IKEV2_MESSAGE_ID_SYNC_SUPPORTED
ike auth: respond
processing payload: ID_I
ID_I (RFC822): username@ournet.pt
processing payload: ID_R (not found)
processing payload: AUTH (not found)
processing payloads: NOTIFY
notify: MOBIKE_SUPPORTED
notify: ADDITIONAL_IP4_ADDRESS
0af17f59
notify: EAP_ONLY_AUTHENTICATION
notify: IKEV2_MESSAGE_ID_SYNC_SUPPORTED
ignoring 'EAP only authentication'
ID_R (FQDN): *.ournet.pt
adding payload: ID_R
=> (size 0x18)
00000018 02000000 2a2e7670 6e2e6e65 742e6970 6c2e7074
cert: C=PT, S=Lisboa, O=IPLisboa, OU=IPL, CN=*.ournet.pt
adding payload: CERT
=> (first 0x100 of 0x780)
00000780 04308207 77308205 5fa00302 01020211 00b0e052 30805164 90ecc2e2
0c6ac7da ad300d06 092a8648 86f70d01 010c0500 3044310b 30090603 55040613
024e4c31 19301706 0355040a 13104745 414e5420 56657265 6e696769 6e67311a
30180603 55040313 11474541 4e54204f 56205253 41204341 2034301e 170d3232
30353130 30303030 30305a17 0d323330 35313032 33353935 395a3072 310b3009
06035504 06130250 54310f30 0d060355 04081306 4c697362 6f613129 30270603
55040a0c 20496e73 74697475 746f2050 6f6c6974 c3a9636e 69636f20 6465204c
6973626f 61310c30 0a060355 040b1303 49504c31 19301706 03550403 0c102a2e
cert: C=NL, O=GEANT Vereniging, CN=GEANT OV RSA CA 4
adding payload: CERT
=> (first 0x100 of 0x6ee)
000006ee 04308206 e5308204 cda00302 01020211 00da43bd 139bd258 bb4dd61c
acc4f3db e0300d06 092a8648 86f70d01 010c0500 30818831 0b300906 03550406
13025553 31133011 06035504 08130a4e 6577204a 65727365 79311430 12060355
0407130b 4a657273 65792043 69747931 1e301c06 0355040a 13155468 65205553
45525452 55535420 4e657477 6f726b31 2e302c06 03550403 13255553 45525472
75737420 52534120 43657274 69666963 6174696f 6e204175 74686f72 69747930
1e170d32 30303231 38303030 3030305a 170d3333 30353031 32333539 35395a30
44310b30 09060355 04061302 4e4c3119 30170603 55040a13 10474541 4e542056
cert: C=US, S=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
adding payload: CERT
=> (first 0x100 of 0x5e7)
000005e7 04308205 de308203 c6a00302 01020210 01fd6d30 fca3ca51 a81bbc64
0e35032d 300d0609 2a864886 f70d0101 0c050030 8188310b 30090603 55040613
02555331 13301106 03550408 130a4e65 77204a65 72736579 31143012 06035504
07130b4a 65727365 79204369 7479311e 301c0603 55040a13 15546865 20555345
52545255 5354204e 6574776f 726b312e 302c0603 55040313 25555345 52547275
73742052 53412043 65727469 66696361 74696f6e 20417574 686f7269 7479301e
170d3130 30323031 30303030 30305a17 0d333830 31313832 33353935 395a3081
88310b30 09060355 04061302 55533113 30110603 55040813 0a4e6577 204a6572
=> auth nonce (size 0x20)
e1e2f83b e9dcfe1b 208309fe f0b310ae 3e4d6a7b a4dbe7cc 5efca38b ad56747f
=> SK_p (size 0x20)
a8a02153 51e0229d 8ea2bf28 6cd13778 359fca7c 9a56c4d3 f9bc2fc7 0944753f
=> idhash (size 0x20)
1101c16b 64e698b3 a958e3f5 017fcdec bced60f6 841c89f1 214182c7 0cde6932
=> my auth (size 0x100)
988ddef0 9066751a 510f4721 8764d05f 594602c7 1ae30a09 edaa0aaf d34f0e87
7fb11ef6 1951ae4f fe1f1756 4d47021a c949a189 e448c0ad 0627a842 3195a7ec
ff15f034 acb1b36f 52e80399 2cd451ad 1002d93e 3f854c7c fa287d83 025cb48a
d88fd247 a589ccfe cc6032ea 9aec7c3b 2cfe4412 56785589 5c1e00ac e32946d3
1ba538ba 3c965d72 ab2875b9 7cafc813 ffbd0c68 5ededd79 fa23217f 52c13376
58ad6015 5432b750 1fa0c4f4 bca2da72 d47cccf1 967fff05 ff324667 184c72da
dfe9bcb2 c8ff51dc 9cd04beb ed08bd31 deb1f698 645d92a2 cae670b2 afe9f9f5
09197718 3e5c347a 1e65bf25 61f2db21 ce444a32 8cf30151 e067a8bc 0f932629
adding payload: AUTH
=> (first 0x100 of 0x108)
00000108 01000000 988ddef0 9066751a 510f4721 8764d05f 594602c7 1ae30a09
edaa0aaf d34f0e87 7fb11ef6 1951ae4f fe1f1756 4d47021a c949a189 e448c0ad
0627a842 3195a7ec ff15f034 acb1b36f 52e80399 2cd451ad 1002d93e 3f854c7c
fa287d83 025cb48a d88fd247 a589ccfe cc6032ea 9aec7c3b 2cfe4412 56785589
5c1e00ac e32946d3 1ba538ba 3c965d72 ab2875b9 7cafc813 ffbd0c68 5ededd79
fa23217f 52c13376 58ad6015 5432b750 1fa0c4f4 bca2da72 d47cccf1 967fff05
ff324667 184c72da dfe9bcb2 c8ff51dc 9cd04beb ed08bd31 deb1f698 645d92a2
cae670b2 afe9f9f5 09197718 3e5c347a 1e65bf25 61f2db21 ce444a32 8cf30151
adding payload: EAP
=> (size 0x9)
00000009 01000005 01
<- ike2 reply, exchange: AUTH:1 192.0.2.113[60008] 3f3ef0edc94f82a8:97ff66ac0455e52f
===== sending 5760 bytes from 198.51.100.210[4500] to 192.0.2.113[60008]
1 times of 5764 bytes message will be sent to 192.0.2.113[60008]
===== received 80 bytes from 192.0.2.113[60008] to 198.51.100.210[4500]
-> ike2 request, exchange: INFORMATIONAL:2 192.0.2.113[60008] 3f3ef0edc94f82a8:97ff66ac0455e52f
payload seen: ENC (52 bytes)
processing payload: ENC
=> iv (size 0x10)
661ec538 5e887081 b3c79bee ffaa5444
decrypted packet
payload seen: NOTIFY (8 bytes)
respond: info
processing payloads: NOTIFY
notify: AUTHENTICATION_FAILED
got fatal error: AUTHENTICATION_FAILED
killing ike2 SA: ike2 198.51.100.210[4500]-192.0.2.113[60008] spi:97ff66ac0455e52f:3f3ef0edc94f82a8
KA remove: 198.51.100.210[4500]->192.0.2.113[60008]
KA tree dump: 198.51.100.210[4500]->192.0.2.113[60008] (in_use=1)
KA tree dump: 198.51.100.210[4500]->192.0.2.113[60008] (in_use=1)
KA removing this one...
 
panayotovip
just joined
Posts: 2
Joined: Wed Apr 18, 2018 12:05 am

Re: Android 13 incompatibility with IKEv2/EAP RADIUS

Mon Nov 28, 2022 11:35 pm

Hello pamribeirox,
I do have same issue from several months.
I try to deploy VPN server by follow at least 12 guides for IKEv2/IPSec-PSK or IKEv2/IPSec-RSA but no success for now.
I do use for temporary solution WireGuard.
But it increase CPU utilization and appear some strange behavior on long sessions with more traffic.
After reconnect the WireGuard connection for a while work normal.
I do not find some new-ish guides for deploying IKEv2 for RouterOS 7 or newer.
In order not to create new topics, I write in yours in the hope that will appear a solution/guide in near close time.
Best regards. I do not losing hope.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Android 13 incompatibility with IKEv2/EAP RADIUS

Mon Dec 19, 2022 3:14 pm

Today I helped a user who got his phone upgraded to Android 13 and lost his L2TP/IPsec access.
That worked using a pre-shared key plus MSCHAP2 authentication (with local PPP secrets table in the router).

Unfortunately it appears that the IKEv2 "split include" does not work at all. When I set a split include in the MODE config, the phone still loses internet access when connecting the VPN.
In the IPsec policies list only the first network from the split include is listed, hinting to the old bug that only a single policy is created for each connection.
(but I think that is a google bug, not a mikrotik bug)

Anyway I feel similarly frustrated to you. Android just drops the support for a working protocol and now we have trouble for our users.
(fortunately for us it is only a small number of users with special requirements, not all)

Who is online

Users browsing this forum: Ahrefs [Bot], BinaryTB, Bing [Bot], rplant and 70 guests