On Fri, Jun 1, 2018 at 2:52 PM, David Higgs <higgsd@gmail.com> wrote:
> On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <stu@spacehopper.org> wrote:
>> On 2018-05-31, David Higgs <higgsd@gmail.com> wrote:
>>> I am looking to configure iked(8) on my OpenBSD router to provide
>>> IPsec services to remote clients. I would like to tunnel (nearly) all
>>> my traffic from my phone or laptop back into my home router, and
>>> leverage the services there (DNS, firewall, etc.), then either access
>>> my local network or the rest of the internet.
>>>
>>> The parts I'm confused on are the from/to and peer/local fields.
>>> Which pair describes the IPs of the tunnel endpoints, and which
>>
>> peer/local
>>
>>> describes the traffic allowed to flow through the tunnel? I guess I
>>
>> from/to
>>
>>> don't know whether "IPsec flow" refers to the encapsulating ESP
>>> packets or the encapsulated traffic.
>>
>> The "flow" is an SADB entry which matches traffic and selects it for
>> encapsulation. The addresses in a flow have to cover the packets sent
>> over the vpn.
>
> Great, these hints got me moving in what seems like the right direction.
>
>> Here's an iked example from my live config, it allows mobile clients to
>> connect and route all traffic over the VPN, assigning a dynamic address
>> from 192.168.47.160/27, with not-too-terrible ciphers for most typical
>> clients.
>>
>> ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \
>> local x.x.x.x \
>> peer any \
>> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 auth hmac-sha2-256 group ecp256 \
>> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 prf hmac-sha1 auth hmac-sha2-256 group ecp256 group modp2048 group modp1024 \
>> childsa enc aes-256-gcm enc aes-128-gcm \
>> childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \
>> srcid "my.host.name" \
>> eap "mschap-v2" \
>> config address 192.168.47.160/27 \
>> config name-server x.x.x.x \
>> tag "$name-$id"
>>
>> include "/etc/iked.users"
>>
>> If you have any Windows clients note that the default ciphers are
>> absolutely bloody useless, for the powershell snippets needed to fix
>> this see comments in https://github.com/trailofbits/algo/issues/9.
>> If you don't need to support Windows clients you can probably get
>> rid of hmac-sha1/group modp1024 and the non-gcm aes entries.
>
> This is only for iPhone / Mac clients at the moment. I have attacked
> configuration from several different angles and can't seem to get it
> working.
>
> # iked.conf
> user "myuser" "mypassword"
> set mobike
> ikev2 "vpn" passive esp \
> from any to any \
> local $external_ip_addr peer any \
> srcid vpn.example.com \
> eap "mschap-v2" \
> config dhcp-server 10.0.128.1
>
> # ikectl ca vpn create password ca-password # ca.example.com
> # ikectl ikectl ca vpn certificate vpn.example.com create server
> # ikectl ikectl ca vpn certificate client.example.com create client
> # ikectl ca vpn install
> # ikectl ca vpn certificate vpn.example.com install
> # ikectl ca vpn certificate client.example.com export password client-password
>
> I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and
> export/client.example.com.pfx into my OS X and iPhone systems; with
> the CA trusted, everything appears to be validating. Only my
> "vpn.example.com" is resolvable via DNS, but I used FQDNs for
> everything except the "local" keyword in iked.conf (due to split-brain
> DNS shenanigans). I don't think this is the cause of my issues, but I
> mention it just in case...
>
> So with the PKI configured, I launch iked(8) with debugging and
> tcpdump running, then attempt to enable the VPN:
>
> # iked -vvd
> ikev2 "vpn" passive esp inet from any to any local $external_ip_addr
> peer any ikesa enc aes-256,aes-192,aes-128,3des prf
> hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
> modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
> hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes
> 536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1
> /etc/iked.conf: loaded 2 configuration rules
> ca_privkey_serialize: type RSA_KEY length 1194
> ca_pubkey_serialize: type RSA_KEY length 270
> config_new_user: inserting new user myuser
> user "myuser" "mypassword"
> ca_privkey_to_method: type RSA_KEY method RSA_SIG
> ca_getkey: received private key type RSA_KEY length 1194
> ca_getkey: received public key type RSA_KEY length 270
> ca_dispatch_parent: config reset
> config_getpolicy: received policy
> config_getpfkey: received pfkey fd 3
> config_getcompile: compilation done
> config_getsocket: received socket fd 4
> config_getsocket: received socket fd 5
> config_getsocket: received socket fd 6
> config_getsocket: received socket fd 7
> config_getmobike: mobike
> ca_reload: loaded ca file ca.crt
> ca_reload: loaded crl file ca.crl
> ca_reload: .../CN=ca.example.com/...
> ca_reload: loaded 1 ca certificate
> ca_reload: loaded cert file vpn.example.com.crt
> ca_validate_cert: .../CN=vpn.example.com/... ok
> ca_reload: local cert type X509_CERT
> config_getocsp: ocsp_url none
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to
> $external_ip_addr:500 policy 'vpn' id 0, 604 bytes
> ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000
> ikev2_policy2id: srcid FQDN/vpn.example.com length 12
> ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
> 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
> flags 0x08 msgid 0 length 604 response 0
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
> ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
> ikev2_pld_ke: dh group MODP_2048 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000
> $client_ip_addr:500
> ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
> encapsulation
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> ikev2_nat_detection: peer destination 0x46522d8f71571409
> 0x0000000000000000 $external_ip_addr:500
> ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
> ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> sa_state: INIT -> SA_INIT
> ikev2_sa_negotiate: score 4
> ikev2_sa_negotiate: score 0
> ikev2_sa_negotiate: score 6
> ikev2_sa_negotiate: score 18
> ikev2_sa_negotiate: score 21
> sa_stateok: SA_INIT flags 0x0000, require 0x0000
> sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> ikev2_sa_keys: DHSECRET with 256 bytes
> ikev2_sa_keys: SKEYSEED with 32 bytes
> ikev2_sa_keys: S with 64 bytes
> ikev2_prfplus: T1 with 32 bytes
> ikev2_prfplus: T2 with 32 bytes
> ikev2_prfplus: T3 with 32 bytes
> ikev2_prfplus: T4 with 32 bytes
> ikev2_prfplus: T5 with 32 bytes
> ikev2_prfplus: T6 with 32 bytes
> ikev2_prfplus: T7 with 32 bytes
> ikev2_prfplus: Tn with 224 bytes
> ikev2_sa_keys: SK_d with 32 bytes
> ikev2_sa_keys: SK_ai with 32 bytes
> ikev2_sa_keys: SK_ar with 32 bytes
> ikev2_sa_keys: SK_ei with 32 bytes
> ikev2_sa_keys: SK_er with 32 bytes
> ikev2_sa_keys: SK_pi with 32 bytes
> ikev2_sa_keys: SK_pr with 32 bytes
> ikev2_add_proposals: length 44
> ikev2_next_payload: length 48 nextpayload KE
> ikev2_next_payload: length 264 nextpayload NONCE
> ikev2_next_payload: length 36 nextpayload NOTIFY
> ikev2_nat_detection: local source 0x46522d8f71571409
> 0x74cf2b5f05c0e26d $external_ip_addr:500
> ikev2_next_payload: length 28 nextpayload NOTIFY
> ikev2_nat_detection: local destination 0x46522d8f71571409
> 0x74cf2b5f05c0e26d $client_ip_addr:500
> ikev2_next_payload: length 28 nextpayload CERTREQ
> ikev2_add_certreq: type X509_CERT length 21
> ikev2_next_payload: length 25 nextpayload NONE
> ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
> 0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT
> flags 0x20 msgid 0 length 457 response 1
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
> ikev2_pld_ke: dh group MODP_2048 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25
> ikev2_pld_certreq: type X509_CERT length 20
> ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to
> 68.83.147.209:500 msgid 0, 457 bytes
> config_free_proposals: free 0xc3b15a11900
> config_free_proposals: free 0xc3bcaad6700
> config_free_proposals: free 0xc3b178a2800
> config_free_proposals: free 0xc3b15a11d00
> config_free_proposals: free 0xc3bcaad6200
>
> # tcpdump -s1600 -nvvvi em0 udp port 500
> 14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok]
> isakmp v2.0 exchange IKE_SA_INIT
> cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604
> payload: SA len: 220
> payload: KE len: 264
> payload: NONCE len: 20
> payload: N len: 8
> payload: N len: 28
> payload: N len: 28
> payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632)
> 14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok]
> isakmp v2.0 exchange IKE_SA_INIT
> cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457
> payload: SA len: 48
> payload: KE len: 264
> payload: NONCE len: 36
> payload: N len: 28
> payload: N len: 28
> payload: CERTREQ len: 25 (ttl 64, id 44025, len 485)
>
> From my naive understanding, it looks like the client is being asked
> for a certificate (CERTREQ), but decides not to or can't provide a
> cert and just gives up. I seem only able to configure my phone/laptop
> to use either the client.example.com certificate OR username+password,
> but not both. FWIW, none of the other guides I've found on the
> internet for configuring IKEv2 on Apple products mention importing the
> server cert or a client keypair, just the CA certificate AFAICT. Can
> anyone help me decode what's going wrong?
Whelp, client/service config mismatch error. I'm blocking port 4500,
hadn't disabled NAT-T in iked(8), and wasn't watching the icmp
replies.
Will happily accept any other non-obvious critiques as I continue to
troubleshoot.
Thanks.
--david
No comments:
Post a Comment