On Tue, Aug 18, 2015 at 02:26:29PM +0000, Jona Joachim wrote:
> Hi,
> I'm currently trying to setup a road warrior IKEv2 IPSEC tunnel between
> two OpenBSD boxes running a recent amd64 snapshot. The client is behing
> a NAT.
> The setup works with a PSK but I cannot make it work with RSA
> certificates. No matter what I tried, the client seems to fail
> connecting with:
> ca_getreq: no valid local certificate found
>
> I turn to the mailing list to see if anybody can point me into the right
> direction.
>
> I loosely followed the following guide:
> http://puffysecurity.com/wiki/openikedoffshore.html
> I will try to shorten the command output to make it more readable.
>
> There is an OpenSSL error during the creation of the CA concerning a
> missing element in openssl.cnf. I did not modify openssl.cnf.
>
> On the server side I did the following:
>
> # ikectl ca ikeca create
> [...]
> Signature ok
> subject=/C=NL/CN=ikeca/emailAddress=j...@joachim.cc
> Getting Private key
> Using configuration from /etc/ssl/openssl.cnf
> variable lookup failed for ca::default_ca
> 7504668282756:error:0E06D06C:configuration file
> routines:NCONF_get_string:no
> value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_lib.c:323:group=ca
> name=default_ca
>
It seems that the changes in LibreSSL (or newer OpenSSL before the
fork) broke some things in ikectl.
Specifically, the possibility to overwrite variables like CERTIP or
CERTFQDN via $ENV:: options in x509v3.cnf ikeca.cnf* seems to be
broken; or not longer supported because of security concerns.
Your log file gives a hint that the default "CERTFQDN = nohost.nodomain"
value from /etc/ssl/x509v3.cnf (or /etc/ssl/ikeca.cnf) is used instead
of the CERTFQDN overwrite from the environment (as set by ikectl):
> ca_getreq: found CA /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
> ca_x509_subjectaltname: FQDN/nohost.nodomain
> ca_x509_subjectaltname_cmp: FQDN/nohost.nodomain mismatched
> ca_getreq: no valid local certificate found
If libressl no longer supports $ENV in the .cnf files, we have to find
another way, eg. by generating and using a .cnf file for each
certificate.
As a workaround, you could try to edit CERTFQDN/CERTIP in
x509v3.cnf/ikeca.cnf manually before generating the certificate.
*) ikeca.cnf is an alternative to x509v3.cnf that sets some additional
x509 attributes that are required for Windows interop and some other
cases. It is not installed by default (why?) and found in
src/usr.sbin/ikectl/ikeca.cnf of the source tree.
Reyk
> # ikectl ca ikeca certificate 188.226.168.224 create
> [...]
> Signature ok
> subject=/C=NL/CN=188.226.168.224/emailAddress=j...@joachim.cc
> Getting CA Private Key
>
> # ikectl ca ikeca certificate asterix.my.domain create
> [...]
> Signature ok
> subject=/C=FR/CN=asterix.my.domain/emailAddress=j...@joachim.cc
> Getting CA Private Key
>
> # ikectl ca ikeca install
> certificate for CA 'ikeca' installed into /etc/iked/ca/ca.crt
>
> # ikectl ca ikeca certificate 188.226.168.224 install
> writing RSA key
>
> # ikectl ca ikeca certificate asterix.my.domain export
> Export passphrase:
> Retype export passphrase:
> writing RSA key
> exported files in /root/asterix.my.domain.tgz
>
>
> On the client side then I did the following:
> asterix% sudo tar -C /etc/iked -xzpf asterix.my.domain.tgz
>
> The server configuration files look like this:
> iked.conf:
> local_ip = "188.226.168.224"
>
> ikev2 passive ipcomp esp \
> from 0.0.0.0/0 to 10.0.0.0/8 \
> from 0.0.0.0/0 to 172.16.0.0/12 \
> from 0.0.0.0/0 to 192.168.0.0/16 \
> local $local_ip peer any \
> srcid $local_ip \
> tag IKED
>
> pf.conf (partial):
> set skip on { lo, enc }
> block in log
> pass in quick inet proto icmp icmp-type { echoreq, unreach }
> pass in on egress proto { ah, esp }
> pass in on egress proto udp from any to any port { isakmp, ipsec-nat-t }
>
> pass out all modulate state
> pass out log on egress \
> from any to any tagged IKED \
> nat-to (egress)
>
>
> The client configuration files look like this:
>
> iked.conf:
> lan = "192.168.1.0/24"
> remote_gw = "188.226.168.224"
>
> ikev2 active esp \
> from $lan to 0.0.0.0/0 \
> peer $remote_gw \
> srcid asterix.my.domain \
> tag IKED
>
> Here's the output of iked -dvv on the client side:
>
> ca_privkey_serialize: type RSA_KEY length 1191
> ca_pubkey_serialize: type RSA_KEY length 270
> ca_reload: loaded ca file ca.crt
> ca_reload: /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
> ca_reload: loaded 1 ca certificate
> ca_reload: loaded cert file asterix.my.domain.crt
> ca_validate_cert: /C=FR/CN=asterix.my.domain/emailAddress=j...@joachim.cc
> ok
> ca_reload: local cert type X509_CERT
> lan = "192.168.1.0/24"
>
> remote_gw = "188.226.168.224"
>
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> /etc/iked.conf: loaded 1 configuration rules
> config_getocsp: ocsp_url none
> config_getpolicy: received policy
> ikev2 "policy1" active esp inet from 192.168.1.0/24 to 0.0.0.0/0 local
> any peer 188.226.168.224 ikesa enc aes-256,aes-192,aes-128,3des prf
> hmac-sha2-256,hmac-sha1,hmac-md5 auth hmac-sha2-256,hmac-sha1,hmac-md5
> group modp2048-256,modp2048,modp1536,modp1024 childsa enc
> aes-256,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 srcid
> asterix.my.domain lifetime 10800 bytes 536870912 rsa tag "IKED"
> config_getpfkey: received pfkey fd 3
> config_getcompile: compilation done
> config_getsocket: received socket fd 4
> config_getsocket: received socket fd 5
> config_getsocket: received socket fd 7
> config_getsocket: received socket fd 8
> ikev2_init_ike_sa: initiating "policy1"
> ikev2_policy2id: srcid FQDN/asterix.my.domain length 21
> ikev2_add_proposals: length 132
> ikev2_next_payload: length 136 nextpayload KE
> ikev2_next_payload: length 264 nextpayload NONCE
> ikev2_next_payload: length 36 nextpayload NOTIFY
> ikev2_nat_detection: local source 0xbd1fee3cb9ebd386 0x0000000000000000
> 0.0.0.0:500
> ikev2_next_payload: length 28 nextpayload NOTIFY
> ikev2_nat_detection: local destination 0xbd1fee3cb9ebd386
> 0x0000000000000000 188.226.168.224:500
> ikev2_next_payload: length 28 nextpayload NOTIFY
> ikev2_next_payload: length 14 nextpayload NONE
> ikev2_pld_parse: header ispi 0xbd1fee3cb9ebd386 rspi 0x0000000000000000
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0
> length 534 response 0
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 136
> ikev2_pld_sa: more 0 reserved 0 length 132 proposal #1 protoid IKE
> spisize 0 xforms 14 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_MD5
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_MD5_96
> ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048
> ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1536
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length
> 264
> ikev2_pld_ke: dh group MODP_2048_256 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 14
> ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> ikev2_msg_send: IKE_SA_INIT request from 0.0.0.0:500 to
> 188.226.168.224:500 msgid 0, 534 bytes
> sa_state: INIT -> SA_INIT
> ikev2_recv: IKE_SA_INIT response from responder 188.226.168.224:500 to
> 192.168.1.11:500 policy 'policy1' id 0, 471 bytes
> ikev2_recv: ispi 0xbd1fee3cb9ebd386 rspi 0xbefb86b890333bf9
> ikev2_recv: updated SA to peer 188.226.168.224:500 local
> 192.168.1.11:500
> ikev2_pld_parse: header ispi 0xbd1fee3cb9ebd386 rspi 0xbefb86b890333bf9
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0
> length 471 response 1
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048_256
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length
> 264
> ikev2_pld_ke: dh group MODP_2048_256 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_nat_detection: peer source 0xbd1fee3cb9ebd386 0xbefb86b890333bf9
> 188.226.168.224:500
> ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00
> length 28
> ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> ikev2_nat_detection: peer destination 0xbd1fee3cb9ebd386
> 0xbefb86b890333bf9 192.168.1.11:500
> ikev2_pld_notify: NAT_DETECTION_DESTINATION_IP detected NAT, enabling
> UDP encapsulation
> ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00
> length 25
> ikev2_pld_certreq: type X509_CERT length 20
> ikev2_policy2id: srcid FQDN/asterix.my.domain length 21
> ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 14
> ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> ikev2_pld_notify: signature hash SHA2_256 (2)
> ikev2_pld_notify: signature hash SHA2_384 (3)
> ikev2_pld_notify: signature hash SHA2_512 (4)
> ikev2_init_recv: NAT detected, updated SA to peer 188.226.168.224:4500
> local 192.168.1.11:4500
> ikev2_sa_negotiate: score 4
> sa_stateok: SA_INIT flags 0x00, require 0x05 cert,auth
> ikev2_sa_keys: SKEYSEED with 32 bytes
> ikev2_sa_keys: S with 80 bytes
> ikev2_prfplus: T1 with 32 bytes
> ikev2_prfplus: T2 with 32 bytes
> ikev2_prfplus: T3 with 32 bytes
> ikev2_prfplus: T4 with 32 bytes
> ikev2_prfplus: T5 with 32 bytes
> ikev2_prfplus: T6 with 32 bytes
> ikev2_prfplus: T7 with 32 bytes
> ikev2_prfplus: Tn with 224 bytes
> ikev2_sa_keys: SK_d with 32 bytes
> ikev2_sa_keys: SK_ai with 32 bytes
> ikev2_sa_keys: SK_ar with 32 bytes
> ikev2_sa_keys: SK_ei with 32 bytes
> ikev2_sa_keys: SK_er with 32 bytes
> ikev2_sa_keys: SK_pi with 32 bytes
> ikev2_sa_keys: SK_pr with 32 bytes
> ikev2_msg_auth: initiator auth data length 598
> ca_setauth: switching from RSA_SIG to SIG
> ca_setauth: auth length 598
> sa_stateok: SA_INIT flags 0x00, require 0x05 cert,auth
> config_free_proposals: free 0x1321b9042c00
> ca_getreq: found CA /C=NL/CN=ikeca/emailAddress=j...@joachim.cc
> ca_x509_subjectaltname: FQDN/nohost.nodomain
> ca_x509_subjectaltname_cmp: FQDN/nohost.nodomain mismatched
> ca_getreq: no valid local certificate found
> ca_setauth: auth length 272
> ikev2_getimsgdata: imsg 18 rspi 0xbefb86b890333bf9 ispi
> 0xbd1fee3cb9ebd386 initiator 1 sa valid type 0 data length 0
> ikev2_dispatch_cert: cert type NONE length 0, ignored
> ikev2_getimsgdata: imsg 23 rspi 0xbefb86b890333bf9 ispi
> 0xbd1fee3cb9ebd386 initiator 1 sa valid type 14 data length 272
> ikev2_dispatch_cert: AUTH type 14 len 272
> sa_stateflags: 0x00 -> 0x04 auth (required 0x05 cert,auth)
> sa_stateok: SA_INIT flags 0x04, require 0x05 cert,auth
> ikev2_init_ike_sa: "policy1" is already active
>
>
> Kind regards,
> Jona Joachim
>
--
