On Fri, Jun 1, 2018 at 2:52 PM, David Higgs <[email protected]> wrote: > On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <[email protected]> wrote: >> On 2018-05-31, David Higgs <[email protected]> wrote: >>> I am looking to configure iked(8) on my OpenBSD router to provide >>> IPsec services to remote clients. I would like to tunnel (nearly) all >>> my traffic from my phone or laptop back into my home router, and >>> leverage the services there (DNS, firewall, etc.), then either access >>> my local network or the rest of the internet. >>> >>> The parts I'm confused on are the from/to and peer/local fields. >>> Which pair describes the IPs of the tunnel endpoints, and which >> >> peer/local >> >>> describes the traffic allowed to flow through the tunnel? I guess I >> >> from/to >> >>> don't know whether "IPsec flow" refers to the encapsulating ESP >>> packets or the encapsulated traffic. >> >> The "flow" is an SADB entry which matches traffic and selects it for >> encapsulation. The addresses in a flow have to cover the packets sent >> over the vpn. > > Great, these hints got me moving in what seems like the right direction. > >> Here's an iked example from my live config, it allows mobile clients to >> connect and route all traffic over the VPN, assigning a dynamic address >> from 192.168.47.160/27, with not-too-terrible ciphers for most typical >> clients. >> >> ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \ >> local x.x.x.x \ >> peer any \ >> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 auth >> hmac-sha2-256 group ecp256 \ >> ikesa enc aes-256 enc aes-128 prf hmac-sha2-256 prf hmac-sha1 auth >> hmac-sha2-256 group ecp256 group modp2048 group modp1024 \ >> childsa enc aes-256-gcm enc aes-128-gcm \ >> childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \ >> srcid "my.host.name" \ >> eap "mschap-v2" \ >> config address 192.168.47.160/27 \ >> config name-server x.x.x.x \ >> tag "$name-$id" >> >> include "/etc/iked.users" >> >> If you have any Windows clients note that the default ciphers are >> absolutely bloody useless, for the powershell snippets needed to fix >> this see comments in https://github.com/trailofbits/algo/issues/9. >> If you don't need to support Windows clients you can probably get >> rid of hmac-sha1/group modp1024 and the non-gcm aes entries. > > This is only for iPhone / Mac clients at the moment. I have attacked > configuration from several different angles and can't seem to get it > working. > > # iked.conf > user "myuser" "mypassword" > set mobike > ikev2 "vpn" passive esp \ > from any to any \ > local $external_ip_addr peer any \ > srcid vpn.example.com \ > eap "mschap-v2" \ > config dhcp-server 10.0.128.1 > > # ikectl ca vpn create password ca-password # ca.example.com > # ikectl ikectl ca vpn certificate vpn.example.com create server > # ikectl ikectl ca vpn certificate client.example.com create client > # ikectl ca vpn install > # ikectl ca vpn certificate vpn.example.com install > # ikectl ca vpn certificate client.example.com export password client-password > > I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and > export/client.example.com.pfx into my OS X and iPhone systems; with > the CA trusted, everything appears to be validating. Only my > "vpn.example.com" is resolvable via DNS, but I used FQDNs for > everything except the "local" keyword in iked.conf (due to split-brain > DNS shenanigans). I don't think this is the cause of my issues, but I > mention it just in case... > > So with the PKI configured, I launch iked(8) with debugging and > tcpdump running, then attempt to enable the VPN: > > # iked -vvd > ikev2 "vpn" passive esp inet from any to any local $external_ip_addr > peer any ikesa enc aes-256,aes-192,aes-128,3des prf > hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group > modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth > hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes > 536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1 > /etc/iked.conf: loaded 2 configuration rules > ca_privkey_serialize: type RSA_KEY length 1194 > ca_pubkey_serialize: type RSA_KEY length 270 > config_new_user: inserting new user myuser > user "myuser" "mypassword" > ca_privkey_to_method: type RSA_KEY method RSA_SIG > ca_getkey: received private key type RSA_KEY length 1194 > ca_getkey: received public key type RSA_KEY length 270 > ca_dispatch_parent: config reset > config_getpolicy: received policy > config_getpfkey: received pfkey fd 3 > config_getcompile: compilation done > config_getsocket: received socket fd 4 > config_getsocket: received socket fd 5 > config_getsocket: received socket fd 6 > config_getsocket: received socket fd 7 > config_getmobike: mobike > ca_reload: loaded ca file ca.crt > ca_reload: loaded crl file ca.crl > ca_reload: .../CN=ca.example.com/... > ca_reload: loaded 1 ca certificate > ca_reload: loaded cert file vpn.example.com.crt > ca_validate_cert: .../CN=vpn.example.com/... ok > ca_reload: local cert type X509_CERT > config_getocsp: ocsp_url none > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 > ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to > $external_ip_addr:500 policy 'vpn' id 0, 604 bytes > ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000 > ikev2_policy2id: srcid FQDN/vpn.example.com length 12 > ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi > 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT > flags 0x08 msgid 0 length 604 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 > ikev2_pld_ke: dh group MODP_2048 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000 > $client_ip_addr:500 > ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP > encapsulation > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0x46522d8f71571409 > 0x0000000000000000 $external_ip_addr:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED > sa_state: INIT -> SA_INIT > ikev2_sa_negotiate: score 4 > ikev2_sa_negotiate: score 0 > ikev2_sa_negotiate: score 6 > ikev2_sa_negotiate: score 18 > ikev2_sa_negotiate: score 21 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > ikev2_sa_keys: DHSECRET with 256 bytes > ikev2_sa_keys: SKEYSEED with 32 bytes > ikev2_sa_keys: S with 64 bytes > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: T5 with 32 bytes > ikev2_prfplus: T6 with 32 bytes > ikev2_prfplus: T7 with 32 bytes > ikev2_prfplus: Tn with 224 bytes > ikev2_sa_keys: SK_d with 32 bytes > ikev2_sa_keys: SK_ai with 32 bytes > ikev2_sa_keys: SK_ar with 32 bytes > ikev2_sa_keys: SK_ei with 32 bytes > ikev2_sa_keys: SK_er with 32 bytes > ikev2_sa_keys: SK_pi with 32 bytes > ikev2_sa_keys: SK_pr with 32 bytes > ikev2_add_proposals: length 44 > ikev2_next_payload: length 48 nextpayload KE > ikev2_next_payload: length 264 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0x46522d8f71571409 > 0x74cf2b5f05c0e26d $external_ip_addr:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0x46522d8f71571409 > 0x74cf2b5f05c0e26d $client_ip_addr:500 > ikev2_next_payload: length 28 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload NONE > ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi > 0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT > flags 0x20 msgid 0 length 457 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE > spisize 0 xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 > ikev2_pld_ke: dh group MODP_2048 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to > 68.83.147.209:500 msgid 0, 457 bytes > config_free_proposals: free 0xc3b15a11900 > config_free_proposals: free 0xc3bcaad6700 > config_free_proposals: free 0xc3b178a2800 > config_free_proposals: free 0xc3b15a11d00 > config_free_proposals: free 0xc3bcaad6200 > > # tcpdump -s1600 -nvvvi em0 udp port 500 > 14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok] > isakmp v2.0 exchange IKE_SA_INIT > cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604 > payload: SA len: 220 > payload: KE len: 264 > payload: NONCE len: 20 > payload: N len: 8 > payload: N len: 28 > payload: N len: 28 > payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632) > 14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok] > isakmp v2.0 exchange IKE_SA_INIT > cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457 > payload: SA len: 48 > payload: KE len: 264 > payload: NONCE len: 36 > payload: N len: 28 > payload: N len: 28 > payload: CERTREQ len: 25 (ttl 64, id 44025, len 485) > > From my naive understanding, it looks like the client is being asked > for a certificate (CERTREQ), but decides not to or can't provide a > cert and just gives up. I seem only able to configure my phone/laptop > to use either the client.example.com certificate OR username+password, > but not both. FWIW, none of the other guides I've found on the > internet for configuring IKEv2 on Apple products mention importing the > server cert or a client keypair, just the CA certificate AFAICT. Can > anyone help me decode what's going wrong?
Whelp, client/service config mismatch error. I'm blocking port 4500, hadn't disabled NAT-T in iked(8), and wasn't watching the icmp replies. Will happily accept any other non-obvious critiques as I continue to troubleshoot. Thanks. --david
