Bug ID 679347: ECP does not work for PFS in IKEv2 child SAs

Last Modified: Nov 21, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1

Fixed In:
14.0.0, 13.1.1.2, 12.1.3.6

Opened: Aug 19, 2017
Severity: 3-Major
Related AskF5 Article:
K44117473

Symptoms

The original racoon2 code has no support for DH generate or compute using elliptic curve algorithms for (perfect forward security). Additionally, the original interfaces are synchronous, but the only ECP support present uses API with async organization and callbacks, so adding ECP does not work.

Impact

Once the first child SA expires (or is deleted), the IKEv2 tunnel goes down when another SA cannot be negotiated.

Conditions

Changing an ike-peer definition from the default phase1-perfect-forward-secrecy value of modp1024 to something using ECP: ecp256, ecp384, or ecp512. Note: The first child SA is negotiated successfully.

Workaround

Use MODP for perfect-forward-secrecy instead of ECP.

Fix Information

Full support for ECP as PFS has now been added, so a new child-SA negotiated in a IKEV2EXCH_CREATE_CHILD_SA exchange works as expected for ecp256, ecp384, and ecp512.

Behavior Change