Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

[Tobias Brunner]

Hi Anthony,

> !!!Selected user cert is CN=TDY Test SCA 4
> 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[CFG]   certificate 
> \"C=US, O=Teledyne Controls Engineering, OU=Systems Engineering, CN=TDY Test 
> SCA 4\" key: 2048 bit RSA

That's the server's certificate, selected to verify the authentication.

> 2018 Nov 14 00:35:36+00:00 wglng-17 charon [info] 06[TLS] sending TLS peer 
> certificate \'CN=RA00017.auth, O=Teledyne Controls Engineering, OU=Systems 
> Engineering, C=US\'
> !!! ? why did TLS send SCA 1 cert

That certificate is selected based on the identity (whatever it is you
configured).  If a private key is loaded for this key and identity, why
shouldn't it be selected?

Did you perhaps use the same key for different identities (or use the
same identity for different keys)?  Also, how does your configuration
actually look like?

Regards,
Tobias

Re: [strongSwan] VPN tunnel using TLS EAP is using wrong SCA cert

[Modster, Anthony]

Hello Tobais

We are using VICI (not from configuration files), so I hope were getting 
everything.

For this setup are credential directory looks like this
/media/sde1/certs/Org1:
Org1.chain  Org1.crt  Org1.key  Org1.sca1  Org1.ta
/media/sde1/certs/Org2:
Org2.chain  Org2.crt  Org2.key  Org2.sca2  Org2.ta

So we only load the "user cert" using VICI, were letting charon select the 
correct key and sca.

Test 1, Org1/Org1.crt (196) and Org2/Org2.crt (211), when using this setup 196 
VPN comes up and 211 VPN does not (incorrect SCA selected)
Test 2, Org2/Org2.crt (211), when using this setup 211 VPN does come up
Test 3, Org1/Org1.crt (211) and Org2/Org2.crt (196), when using this setup both 
211 VPN and 196 VPN and comes up

I verified the keys are different, the "user certs" and SCA files are the 
correct.
The log file indicates the correct "user certs" are used for each tunnel.

? what else should I check

Below is sample code:

/* load connection
 * returns: 0 = for ok, else 1
 * Note:
 *reference doc for swanctl.conf 
https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf
 *reference doc for ipsec.conf: config setup 
https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection
 *example config file /etc/swanctl/swanctl.conf
 */
int load_conn(vici_conn_t *conn, struct s_connection_parameters *param)
{
vici_req_t *req;
vici_res_t *res;
int ret = 0;
char buf[128] = { 0 };
int idx;
chunk_t cert;

   //load the user cert
   load_cert_from_file( param->local_cert,  );
   if( cert.ptr == NULL )
   {
  printf("load connection failed : error loading local cert.\n");
  return 1;
   }

   req = vici_begin("load-conn");

   vici_begin_section(req,param->conn_name); 

  //connections..version
  vici_add_key_valuef(req,"version","%s",param->ike_version);

  //connections..local_addrs
  vici_begin_list(req,"local_addrs");
 vici_add_list_itemf(req,"%s",param->local_addrs); 
  vici_end_list(req);

  //connections..remote_addrs
  vici_begin_list(req,"remote_addrs");
 vici_add_list_itemf(req,"%s",param->remote_addrs); 
  vici_end_list(req);

  //connections..local_port
  //connections..remote_port

  //connections..proposals
  create_list_for_proposals( req, "proposals", param->proposals );

  //connections..vips
  //note: allows the assignment of "virtual IP's" for local_ts and remote_ts
  vici_begin_list(req,"vips");
 vici_add_list_itemf(req,"%s","0.0.0.0"); 
  vici_end_list(req);

  //connections..aggressive
  //connections..pull
  //connections..encap

  //we do not want to use mobike (no searching for other interfaces)
  //note: it is enabled by default
  //connections..mobike
  //vici_add_key_valuef(req,"mobike","%s","no");
  vici_add_key_valuef(req,"mobike","%s",param->mobike);

  //connections..dpd_delay
  //vici_add_key_valuef(req,"dpd_delay","%s","2s");
  vici_add_key_valuef(req,"dpd_delay","%s",param->dpd_delay);

  //connections..dpd_timeout
  //connections..fragmentation
  //connections..send_certreq
  //connections..send_cert

  /* connections..keyingtries
   * Number of retransmission sequences to perform during initial connect.
   * Instead of giving up initiation after the first retransmission 
sequence with the default value of 1,
   * additional sequences may be started according to the configured value.
   * A value of 0 initiates a new sequence until the connection establishes 
or fails with a permanent error.
  */
  //vici_add_key_valuef(req,"keyingtries","%s","0");
  vici_add_key_valuef(req,"keyingtries","%s",param->keying_tries);

  //connections..unique

  //connections..reauth_time
  vici_add_key_valuef(req,"reauth_time","%s",param->ike_reauth_time);

  //connections..rekey_time
  vici_add_key_valuef(req,"rekey_time","%s",param->ike_rekey_time);

  //connections..over_time
  //connections..rand_time
  //connections..pools

  //Section for a local authentication round ( local, the  
is optional )
  vici_begin_section(req,"local");

 //connections..local.round

 //connections..local.certs
 vici_begin_list(req,"certs"); 
vici_add_list_item(req, cert.ptr, cert.len);
chunk_free();
 vici_end_list(req);

 //connections..local.pubkeys

 //connections..local.auth
 //vici_add_key_valuef(req,"auth","%s","eap"); //were only using IKEv2 
EAP
 //vici_add_key_valuef(req,"auth","%s","pubkey");
 vici_add_key_valuef(req,"auth","%s",param->left_auth);

 //connections..local.id
 vici_add_key_valuef(req,"id","%s",param->local_id);

 //connections..local.eap_id
 if( strlen( param->eap_id ) )
 {//eap_id is available
vici_add_key_valuef(req,"eap_id","%s",param->eap_id);
 }

 

Re: [strongSwan] how to find initiator cookie in packet dump

[Mirko Parthey]

On Thu, Nov 08, 2018 at 10:47:18AM +0530, Yogesh Purohit wrote:
>  I was trying to decrypt IKEv1 packets using wireshark 2.6.
>  For decryption of Ikev1 one needs Initiator cookie and encryption key. I have
> enabled log level for ike = 4 in strongswan.conf.
> 
>  I can see complete dump in log files, where I could find encryption key.
> 
>  But I was unable to find initiator cookie without which I am unable to 
> decrypt
> the packet.
> 
>  I am using strongswan version 5.5.2.

tcpdump -vv shows the cookies.
In both wireshark and charon, the cookies are called "SPI".

With an IKE capture file loaded into wireshark, they are shown as ISAKMP
Initiator/Responder SPI in the packet dissection pane.

To make charon log them, set the loglevel "enc = 3".
The cookies are labeled as "IKE_SPI" in the logfile.
The first IKE_SPI is the initiator cookie, and the second is the responder
cookie; this is independent of who sent the message.

For example, the following was logged by an IKEv1 initiator
(without the comments):

# message sent by the initiator (3rd message of Main Mode):
[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[ENC] not encrypting payloads
[ENC] generating payload of type HEADER
[ENC]   generating rule 0 IKE_SPI
[ENC]=> 8 bytes @ 0x7f5a20003f68
[ENC]0: E7 91 90 11 9E 1D 31 8B   # Initiator Cookie
[ENC]   generating rule 1 IKE_SPI
[ENC]=> 8 bytes @ 0x7f5a20003f70
[ENC]0: B6 4B 3B B0 22 CB 9E 86   # Responder Cookie

# message received from the responder (4th message of Main Mode)
[ENC]   parsing rule 0 IKE_SPI
[ENC]=> 8 bytes @ 0x7f5a300019d8
[ENC]0: E7 91 90 11 9E 1D 31 8B   # Initiator Cookie
[ENC]   parsing rule 1 IKE_SPI
[ENC]=> 8 bytes @ 0x7f5a300019e0
[ENC]0: B6 4B 3B B0 22 CB 9E 86   # Responder Cookie

Regards
Mirko

Re: [strongSwan] How to limit IKEv2 traffic per user?

[Mirko Parthey]

On Sat, Nov 10, 2018 at 11:17:36AM +, Houman wrote:
> I have attempted to limit the VPN speed to 10Mbit per user.  But when I do a
> DSL speed test with two devices simultaneously, it seems that the total 
> traffic
> is limited to 10Mbit/s instead rather than each device having 10Mbit/s on 
> their
> own.
> 
> ETH0ORSIMILAR="eth0"
> SERVER_LIMIT="10mbit"
> 
> tc qdisc del dev $ETH0ORSIMILAR root
> tc qdisc add dev $ETH0ORSIMILAR root handle 1: htb
> iptables -I FORWARD -s 10.10.10.0/24 -j MARK --set-mark 51
> iptables -I FORWARD -d 10.10.10.0/24 -j MARK --set-mark 51
> tc class add dev $ETH0ORSIMILAR parent 1:1 classid 1:51 htb rate $SERVER_LIMIT
> ceil $SERVER_LIMIT
> tc qdisc add dev $ETH0ORSIMILAR parent 1:51 sfq perturb 10
> tc filter add dev $ETH0ORSIMILAR protocol ip parent 1: prio 1 handle 51 fw
> flowid 1:51
> 
> I had followed this tutorial to achieve this: https://linuxscriptshub.com/
> bandwidth-control-on-ikev2-with-tc-and-iptables/

Please note, in the tutorial you mentioned, there is a for loop in step 5.
At the least, each device needs a bandwith limiting class of its own.

The LARTC mailing list might be a better place for this discussion:
http://vger.kernel.org/vger-lists.html#lartc

Regards,
Mirko