On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <[email protected]> wrote: > On 2018-05-31, David Higgs <[email protected]> wrote: >> I am looking to configure iked(8) on my OpenBSD router to provide >> IPsec services to remote clients. I would like to tunnel (nearly) all >> my traffic from my phone or laptop back into my home router, and >> leverage the services there (DNS, firewall, etc.), then either access >> my local network or the rest of the internet. >> >> The parts I'm confused on are the from/to and peer/local fields. >> Which pair describes the IPs of the tunnel endpoints, and which > > peer/local > >> describes the traffic allowed to flow through the tunnel? I guess I > > from/to > >> don't know whether "IPsec flow" refers to the encapsulating ESP >> packets or the encapsulated traffic. > > The "flow" is an SADB entry which matches traffic and selects it for > encapsulation. The addresses in a flow have to cover the packets sent > over the vpn.
Great, these hints got me moving in what seems like the right direction. > Here's an iked example from my live config, it allows mobile clients to > connect and route all traffic over the VPN, assigning a dynamic address > from 192.168.47.160/27, with not-too-terrible ciphers for most typical > clients. > > ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \ > local x.x.x.x \ > peer any \ > ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 auth > hmac-sha2-256 group ecp256 \ > ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 prf hmac-sha1 auth > hmac-sha2-256 group ecp256 group modp2048 group modp1024 \ > childsa enc aes-256-gcm enc aes-128-gcm \ > childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \ > srcid "my.host.name" \ > eap "mschap-v2" \ > config address 192.168.47.160/27 \ > config name-server x.x.x.x \ > tag "$name-$id" > > include "/etc/iked.users" > > If you have any Windows clients note that the default ciphers are > absolutely bloody useless, for the powershell snippets needed to fix > this see comments in https://github.com/trailofbits/algo/issues/9. > If you don't need to support Windows clients you can probably get > rid of hmac-sha1/group modp1024 and the non-gcm aes entries. This is only for iPhone / Mac clients at the moment. I have attacked configuration from several different angles and can't seem to get it working. # iked.conf user "myuser" "mypassword" set mobike ikev2 "vpn" passive esp \ from any to any \ local $external_ip_addr peer any \ srcid vpn.example.com \ eap "mschap-v2" \ config dhcp-server 10.0.128.1 # ikectl ca vpn create password ca-password # ca.example.com # ikectl ikectl ca vpn certificate vpn.example.com create server # ikectl ikectl ca vpn certificate client.example.com create client # ikectl ca vpn install # ikectl ca vpn certificate vpn.example.com install # ikectl ca vpn certificate client.example.com export password client-password I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and export/client.example.com.pfx into my OS X and iPhone systems; with the CA trusted, everything appears to be validating. Only my "vpn.example.com" is resolvable via DNS, but I used FQDNs for everything except the "local" keyword in iked.conf (due to split-brain DNS shenanigans). I don't think this is the cause of my issues, but I mention it just in case... So with the PKI configured, I launch iked(8) with debugging and tcpdump running, then attempt to enable the VPN: # iked -vvd ikev2 "vpn" passive esp inet from any to any local $external_ip_addr peer any ikesa enc aes-256,aes-192,aes-128,3des prf hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes 536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1 /etc/iked.conf: loaded 2 configuration rules ca_privkey_serialize: type RSA_KEY length 1194 ca_pubkey_serialize: type RSA_KEY length 270 config_new_user: inserting new user myuser user "myuser" "mypassword" ca_privkey_to_method: type RSA_KEY method RSA_SIG ca_getkey: received private key type RSA_KEY length 1194 ca_getkey: received public key type RSA_KEY length 270 ca_dispatch_parent: config reset config_getpolicy: received policy config_getpfkey: received pfkey fd 3 config_getcompile: compilation done config_getsocket: received socket fd 4 config_getsocket: received socket fd 5 config_getsocket: received socket fd 6 config_getsocket: received socket fd 7 config_getmobike: mobike ca_reload: loaded ca file ca.crt ca_reload: loaded crl file ca.crl ca_reload: .../CN=ca.example.com/... ca_reload: loaded 1 ca certificate ca_reload: loaded cert file vpn.example.com.crt ca_validate_cert: .../CN=vpn.example.com/... ok ca_reload: local cert type X509_CERT config_getocsp: ocsp_url none ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to $external_ip_addr:500 policy 'vpn' id 0, 604 bytes ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/vpn.example.com length 12 ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 604 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000 $client_ip_addr:500 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP encapsulation ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_nat_detection: peer destination 0x46522d8f71571409 0x0000000000000000 $external_ip_addr:500 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED sa_state: INIT -> SA_INIT ikev2_sa_negotiate: score 4 ikev2_sa_negotiate: score 0 ikev2_sa_negotiate: score 6 ikev2_sa_negotiate: score 18 ikev2_sa_negotiate: score 21 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) ikev2_sa_keys: DHSECRET with 256 bytes ikev2_sa_keys: SKEYSEED with 32 bytes ikev2_sa_keys: S with 64 bytes ikev2_prfplus: T1 with 32 bytes ikev2_prfplus: T2 with 32 bytes ikev2_prfplus: T3 with 32 bytes ikev2_prfplus: T4 with 32 bytes ikev2_prfplus: T5 with 32 bytes ikev2_prfplus: T6 with 32 bytes ikev2_prfplus: T7 with 32 bytes ikev2_prfplus: Tn with 224 bytes ikev2_sa_keys: SK_d with 32 bytes ikev2_sa_keys: SK_ai with 32 bytes ikev2_sa_keys: SK_ar with 32 bytes ikev2_sa_keys: SK_ei with 32 bytes ikev2_sa_keys: SK_er with 32 bytes ikev2_sa_keys: SK_pi with 32 bytes ikev2_sa_keys: SK_pr with 32 bytes ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 264 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0x46522d8f71571409 0x74cf2b5f05c0e26d $external_ip_addr:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0x46522d8f71571409 0x74cf2b5f05c0e26d $client_ip_addr:500 ikev2_next_payload: length 28 nextpayload CERTREQ ikev2_add_certreq: type X509_CERT length 21 ikev2_next_payload: length 25 nextpayload NONE ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi 0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 457 response 1 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25 ikev2_pld_certreq: type X509_CERT length 20 ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to 68.83.147.209:500 msgid 0, 457 bytes config_free_proposals: free 0xc3b15a11900 config_free_proposals: free 0xc3bcaad6700 config_free_proposals: free 0xc3b178a2800 config_free_proposals: free 0xc3b15a11d00 config_free_proposals: free 0xc3bcaad6200 # tcpdump -s1600 -nvvvi em0 udp port 500 14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok] isakmp v2.0 exchange IKE_SA_INIT cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604 payload: SA len: 220 payload: KE len: 264 payload: NONCE len: 20 payload: N len: 8 payload: N len: 28 payload: N len: 28 payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632) 14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok] isakmp v2.0 exchange IKE_SA_INIT cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457 payload: SA len: 48 payload: KE len: 264 payload: NONCE len: 36 payload: N len: 28 payload: N len: 28 payload: CERTREQ len: 25 (ttl 64, id 44025, len 485) >From my naive understanding, it looks like the client is being asked for a certificate (CERTREQ), but decides not to or can't provide a cert and just gives up. I seem only able to configure my phone/laptop to use either the client.example.com certificate OR username+password, but not both. FWIW, none of the other guides I've found on the internet for configuring IKEv2 on Apple products mention importing the server cert or a client keypair, just the CA certificate AFAICT. Can anyone help me decode what's going wrong? Thanks again. --david
