On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <stu@spacehopper.org> wrote:
> On 2018-05-31, David Higgs <higgsd@gmail.com> wrote:
>> I am looking to configure iked(8) on my OpenBSD router to provide
>> IPsec services to remote clients. I would like to tunnel (nearly) all
>> my traffic from my phone or laptop back into my home router, and
>> leverage the services there (DNS, firewall, etc.), then either access
>> my local network or the rest of the internet.
>>
>> The parts I'm confused on are the from/to and peer/local fields.
>> Which pair describes the IPs of the tunnel endpoints, and which
>
> peer/local
>
>> describes the traffic allowed to flow through the tunnel? I guess I
>
> from/to
>
>> don't know whether "IPsec flow" refers to the encapsulating ESP
>> packets or the encapsulated traffic.
>
> The "flow" is an SADB entry which matches traffic and selects it for
> encapsulation. The addresses in a flow have to cover the packets sent
> over the vpn.
Great, these hints got me moving in what seems like the right direction.
> Here's an iked example from my live config, it allows mobile clients to
> connect and route all traffic over the VPN, assigning a dynamic address
> from 192.168.47.160/27, with not-too-terrible ciphers for most typical
> clients.
>
> ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \
> local x.x.x.x \
> peer any \
> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 auth hmac-sha2-256 group ecp256 \
> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 prf hmac-sha1 auth hmac-sha2-256 group ecp256 group modp2048 group modp1024 \
> childsa enc aes-256-gcm enc aes-128-gcm \
> childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \
> srcid "my.host.name" \
> eap "mschap-v2" \
> config address 192.168.47.160/27 \
> config name-server x.x.x.x \
> tag "$name-$id"
>
> include "/etc/iked.users"
>
> If you have any Windows clients note that the default ciphers are
> absolutely bloody useless, for the powershell snippets needed to fix
> this see comments in https://github.com/trailofbits/algo/issues/9.
> If you don't need to support Windows clients you can probably get
> rid of hmac-sha1/group modp1024 and the non-gcm aes entries.
This is only for iPhone / Mac clients at the moment. I have attacked
configuration from several different angles and can't seem to get it
working.
# iked.conf
user "myuser" "mypassword"
set mobike
ikev2 "vpn" passive esp \
from any to any \
local $external_ip_addr peer any \
srcid vpn.example.com \
eap "mschap-v2" \
config dhcp-server 10.0.128.1
# ikectl ca vpn create password ca-password # ca.example.com
# ikectl ikectl ca vpn certificate vpn.example.com create server
# ikectl ikectl ca vpn certificate client.example.com create client
# ikectl ca vpn install
# ikectl ca vpn certificate vpn.example.com install
# ikectl ca vpn certificate client.example.com export password client-password
I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and
export/client.example.com.pfx into my OS X and iPhone systems; with
the CA trusted, everything appears to be validating. Only my
"vpn.example.com" is resolvable via DNS, but I used FQDNs for
everything except the "local" keyword in iked.conf (due to split-brain
DNS shenanigans). I don't think this is the cause of my issues, but I
mention it just in case...
So with the PKI configured, I launch iked(8) with debugging and
tcpdump running, then attempt to enable the VPN:
# iked -vvd
ikev2 "vpn" passive esp inet from any to any local $external_ip_addr
peer any ikesa enc aes-256,aes-192,aes-128,3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes
536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1
/etc/iked.conf: loaded 2 configuration rules
ca_privkey_serialize: type RSA_KEY length 1194
ca_pubkey_serialize: type RSA_KEY length 270
config_new_user: inserting new user myuser
user "myuser" "mypassword"
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1194
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
config_getpolicy: received policy
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getmobike: mobike
ca_reload: loaded ca file ca.crt
ca_reload: loaded crl file ca.crl
ca_reload: .../CN=ca.example.com/...
ca_reload: loaded 1 ca certificate
ca_reload: loaded cert file vpn.example.com.crt
ca_validate_cert: .../CN=vpn.example.com/... ok
ca_reload: local cert type X509_CERT
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to
$external_ip_addr:500 policy 'vpn' id 0, 604 bytes
ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000
ikev2_policy2id: srcid FQDN/vpn.example.com length 12
ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x08 msgid 0 length 604 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000
$client_ip_addr:500
ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
encapsulation
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x46522d8f71571409
0x0000000000000000 $external_ip_addr:500
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
sa_state: INIT -> SA_INIT
ikev2_sa_negotiate: score 4
ikev2_sa_negotiate: score 0
ikev2_sa_negotiate: score 6
ikev2_sa_negotiate: score 18
ikev2_sa_negotiate: score 21
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
ikev2_sa_keys: DHSECRET with 256 bytes
ikev2_sa_keys: SKEYSEED with 32 bytes
ikev2_sa_keys: S with 64 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x46522d8f71571409
0x74cf2b5f05c0e26d $external_ip_addr:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x46522d8f71571409
0x74cf2b5f05c0e26d $client_ip_addr:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NONE
ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x20 msgid 0 length 457 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to
68.83.147.209:500 msgid 0, 457 bytes
config_free_proposals: free 0xc3b15a11900
config_free_proposals: free 0xc3bcaad6700
config_free_proposals: free 0xc3b178a2800
config_free_proposals: free 0xc3b15a11d00
config_free_proposals: free 0xc3bcaad6200
# tcpdump -s1600 -nvvvi em0 udp port 500
14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok]
isakmp v2.0 exchange IKE_SA_INIT
cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604
payload: SA len: 220
payload: KE len: 264
payload: NONCE len: 20
payload: N len: 8
payload: N len: 28
payload: N len: 28
payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632)
14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok]
isakmp v2.0 exchange IKE_SA_INIT
cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457
payload: SA len: 48
payload: KE len: 264
payload: NONCE len: 36
payload: N len: 28
payload: N len: 28
payload: CERTREQ len: 25 (ttl 64, id 44025, len 485)
From my naive understanding, it looks like the client is being asked
for a certificate (CERTREQ), but decides not to or can't provide a
cert and just gives up. I seem only able to configure my phone/laptop
to use either the client.example.com certificate OR username+password,
but not both. FWIW, none of the other guides I've found on the
internet for configuring IKEv2 on Apple products mention importing the
server cert or a client keypair, just the CA certificate AFAICT. Can
anyone help me decode what's going wrong?
Thanks again.
--david
No comments:
Post a Comment