To implement IPsec, SSR leverages a third-party client called libreswan
. The client periodically deprecates weak algorithms from its code base such as dh2 (a.k.a modp1024
) and dh22. While the SSR supports these algorithms, it is very likely that these algorithms will be deprecated in the near future. The article is meant to raise awareness of this upcoming change and provide instruction to proactively modify configuration to avoid outages.
Issue ID: PLUGIN-2835.
Last Updated: 2024-12-12
Problem
When upgrading to a version of IPsec plugin with the weak ciphers removed, SSR will stop offering these ciphers in its IPsec negotiation with the far end. As a result, the tunnel connection will break and will not be able to be formed again. You can verify this break in the following ways.
- Check the output of the
show plugin state
command to inspect the status of the tunnel:
========================================
combo-west:rem1
========================================
Type: host
Forwarding: true
Mode: host
MAC Address: 76:78:79:fc:eb:69
Admin Status: up
Operational Status: down
Redundancy Status: non-redundant
Speed: 0
Duplex: unknown
in-octets: 1962932
in-unicast-pkts: 32710
in-errors: 0
out-octets: 1373442
out-unicast-pkts: 32701
out-errors: 6
IPSec:
rem1:
Tunnel Status:Down
Tunnel Details:
Name: ipsec-client-tunnel-primary-rem1
Remote Host:172.16.4.3
Down Reason: Tunnel settings mismatch
The above output shows the Tunnel Status: Down
. Because the SSR no longer uses the weak ciphers, a Tunnel settings mismatch
is identified as the cause.
- In the
128t-ipsec@*
service, the log indicates the following:
received unauthenticated v2N_NO_PROPOSAL_CHOSEN - ignored
Please see the Solution for remediation steps.
Severity
Details
The potential impact of a software defect if encountered. Severity levels are:
- Critical: Could severely affect service, capacity/traffic, and maintenance capabilities. May have a prolonged impact to the entire system.
- Major: Could seriously affect system operation, maintenance, administration and related tasks.
- Minor: Would not significantly impair the functioning or affect service.
Minor
Status
In Progress
Resolved In
128T-ipsce-client-4.1.0
Product
SSR Routers
Functional Area
IPsec
Solution
Details
Juniper may provide a method to temporarily circumvent a problem; workarounds do not exist for all issues.
Starting with the 128T-ipsec-client-4.1.0 version of the plugin, two changes are being made to support this remediation effort.
-
A new warning message has been added for conifgurations that rely on
dh2
anddh22
algorithms. The warning message is visible when runningvalidate
orcommit
on the conductor. -
Existing versions of IPsec plugin only support configuration specifying a single combination of IKE and IPsec algorithms. Beginning with
128T-ipsec-client-4.1.0
, support has been added to allow multiple ciphers to be configured for IKE and IPsec. The following is an example configuration:
ipsec-profile primary
name primary
ike-encryption aes256
ike-digest sha2
ike-modp modp1024
authentication-protocol esp
phase2-encryption aes_gcm128
phase2-digest sha2
phase2-modp modp1024
...
additional-ike-algorithms algo1
name algo1
encryption aes128
digest sha2
modp modp2048
exit
additional-ike-algorithms algo2
name algo2
encryption aes256
digest sha2
modp dh19
exit
exit
The two solutions to remediate the weak algorithms are:
- While running the existing plugin version, replace the weak cipher with a stronger one from the supported list.
-
Chose a new stronger cipher supported by the server.
-
Replace the weak cipher with the stronger cipher selected from the list.
This config change will trigger a restart of the tunnels for new connections to be formed. Here's an example of sample configuration change.
Before:
ipsec-profile primary
name primary
ike-encryption aes256
ike-digest sha2
ike-modp modp1024
authentication-protocol esp
phase2-encryption aes_gcm128
phase2-digest sha2
phase2-modp modp1024
...
exit
After:
ipsec-profile primary
name primary
ike-encryption aes256
ike-digest sha2
ike-modp modp1024
authentication-protocol esp
phase2-encryption aes_gcm128
phase2-digest sha2
phase2-modp modp1024
...
additional-ike-algorithms algo1
name algo1
encryption aes128
digest sha2
modp modp2048
exit
additional-ike-algorithms algo2
name algo2
encryption aes256
digest sha2
modp dh19
exit
exit
- Upgrade to the IPsec plugin version
4.1.0
and configure additional supported ciphers on the server side
The SSR offers all the supported ciphers and identifies the ciphers supported on the server. It is recommended to remove the weak ciphers from the configuration once replacements have been made.
Remediating the configuration of weak ciphers ahead of their deprecation allows a seamless transition when upgrading to a new version of SSR software.