Re: [strongSwan] eap-dynamic (eap-tls, eap-mschapv2) and cacerts constraints

2022-08-07 Thread Andreas Steffen

Hi Andreas,

as far as I know, the "cacerts" parameter currently applies to the IKEv2
trust chain verification only (it primarily controls which CAs are
requested by the CERTREQ payload), but it doesn't have any effect
on the trust chain verification of our TLS stack.

Best regards

Andreas

On 05.08.22 21:44, Andreas Weigel wrote:

Hi everyone,

I have a setup in which a gateway uses eap-dynamic to authenticate 
clients using either eap-mschapv2 or eap-tls, basically the same as 
https://www.strongswan.org/testing/testresults/ikev2/rw-eap-dynamic/.


Now, if I try to specify the cacerts parameter in the remote section of 
the connection to restrict the accepted certificates for clients using 
eap-tls, clients can no longer connect using eap-mschapv2:


2022-08-05T15:08:29.910-04:00|charon||10[IKE]  
authentication of 'test' with EAP successful
2022-08-05T15:08:29.912-04:00|charon||10[CFG]  constraint 
check failed: peer not authenticated by CA '[...]'


With the cacerts parameter removed, the connection works.

Is this intended behavior? On first glance, it would make sense to me to 
be able to use the cacerts (or certs) constraint to restrict 
eap-dynamic->eap-tls clients to that one CA in the presence of multiple 
connections on the same device that may use a different CA or certificates.


Kind regards,
Andreas



--
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] Memory leak in charon?

2022-08-07 Thread Andreas Steffen

Memory leaks are written to the log when the charon daemon exits and
all memory is released. Sending a HUP doesn't help.

On 05.08.22 15:21, Michael Schwartzkopff wrote:

On 05.08.22 14:36, Andreas Steffen wrote:

Hi Michael,

I'm not aware of any memory leak that we fixed. You could run charon
compiled with the --enable-leak-detective configure option and check
for any memory leaks when you stop the daemon.

Regards

Andreas



Thanks for the fast response. It is reported to the log file? Is the any 
"hup" to get the report in the fly?







On 05.08.22 09:46, Michael Schwartzkopff wrote:

Hi,


we have a strongswan 5.9.5 installed on a embedded device.

We see a increase of memory usage of the charon process of about 200 
kB/hour.


The leak might be somehow connected to rekeying since the leak rate 
was reduced with the rekeying rate. Also perhaps to logging, since we 
reduced verbosity to decrease leak rate.



As far as I read the changelog, no memory leak was fixed in 5.9.6 and 
5.9.7.



Any idea how to proceed to pin down the cause of the leak? 200 kB/h 
impacts the embedded device.

======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] Memory leak in charon?

2022-08-05 Thread Andreas Steffen

Hi Michael,

I'm not aware of any memory leak that we fixed. You could run charon
compiled with the --enable-leak-detective configure option and check
for any memory leaks when you stop the daemon.

Regards

Andreas

On 05.08.22 09:46, Michael Schwartzkopff wrote:

Hi,


we have a strongswan 5.9.5 installed on a embedded device.

We see a increase of memory usage of the charon process of about 200 
kB/hour.


The leak might be somehow connected to rekeying since the leak rate was 
reduced with the rekeying rate. Also perhaps to logging, since we 
reduced verbosity to decrease leak rate.



As far as I read the changelog, no memory leak was fixed in 5.9.6 and 
5.9.7.



Any idea how to proceed to pin down the cause of the leak? 200 kB/h 
impacts the embedded device.




Mit freundlichen Grüßen,

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] Failure of chacha algorithm use?

2022-08-05 Thread Andreas Steffen

Hi Michael,

swanctl shows IKE algorithms only, loaded ESP algorithms are not
reported.

On my Ubuntu 22.04 system "sudo modprobe chachapoly1305" loads CHACHA
AEAD support in the kernel and is then listed by "lsmod".

Regards Andreas


On 05.08.22 10:03, Michael Schwartzkopff wrote:

Hi,


we wanted to do the use the CHACHA (chacha20poly1305) for ESP encryption.

We have a self-compiled kernel and a self-compiled strongswan (5.9.5) on 
our embedded device.


On our test systems (ubuntu, Alma) everything works. But the embedded 
systems logs:



[ENC] parsed CREATE_CHILD_SA response 3 [ N(USE_TRANSP) SA No KE TSi TSr ]
[CFG] selected proposal: ESP:CHACHA20_POLY1305/CURVE_25519/NO_EXT_SEQ
[KNL] received netlink error: No such file or directory (2)
[KNL] unable to add SAD entry with SPI c9760420 (FAILED)


# swanctl -g tells us:

(...)

aead:
(...)

   CHACHA20_POLY1305[openssl]


Do we miss a kernel module?

As far as I can see, we compiled the necessary module into the kernel, 
which option would the algorithm be in the kernel?



Mit freundlichen Grüßen,



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] strict crl policy

2021-09-26 Thread Andreas Steffen

Hi Anthony,

strict CRL policy still works.

The problem with your setup is that you define

  strictcrlpolicy=yes

in ipsec.conf which is loaded via starter and the stroke interface
only whereas your log shows that you load the configuration via the
vici interface:

2021 Sep 24 04:26:47+00:00 wglng-17 charon [info]
  ...
  14[CFG]   remote:
  14[CFG]class = public key
  14[CFG]id = C=CA, O=Carillon Information Security Inc., ...
  14[CFG] added vici connection: sgateway1-radio0

There is no

  revocation = GOOD

entry in the remote authentication section log of the vici transfer,
so

  revocation = strict

hasn't been set in the remote section of the configuration definition
in swanctl.conf and thus no strict CRL policy is enforced

Best regards

Andreas

On 24.09.21 22:14, Modster, Anthony wrote:

Hello

Does setting strict CRL policy to yes still work ?
The CRL’s for TA and SCA are removed.
Was expecting the VPN tunnel not to make a connection.

strongSwan 5.8.2

# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
     charondebug="ike 2,cfg 2"
     strictcrlpolicy=yes
     # uniqueids = no

======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] docker strongswan image

2021-09-24 Thread Andreas Steffen

Hi Anthony,

here is a ready-made strongSwan 5.9.3 docker image:

  https://hub.docker.com/repository/docker/strongx509/strongswan

and here the Dockerfile with which it was built:

  https://github.com/strongX509/docker/tree/master/strongswan

The Ubuntu 20.04 image used doesn't come equipped with systemd, so we
just start the charon daemon in the background. If you need additional
strongSwan plugins then just extend the ./configure command in the
Dockerfile.

  ./configure --prefix=/usr --sysconfdir=/etc --disable-defaults  \
--enable-charon --enable-ikev2 --enable-nonce --enable-random \
--enable-openssl --enable-pkcs1 --enable-pkcs8 --enable-pkcs12\
--enable-pem --enable-x509 --enable-pubkey --enable-constraints   \
--enable-pki --enable-socket-default --enable-kernel-netlink  \
--enable-eap-identity --enable-eap-md5 --enable-eap-dynamic   \
--enable-eap-tls --enable-updown --enable-vici --enable-drbg  \
--enable-swanctl --enable-silent-rules  && \

Best regards

Andreas

On 24.09.21 02:15, Modster, Anthony wrote:

Hello

Is there information on creating a Docker Strongswan image ?

Thanks


Teledyne Confidential; Commercially Sensitive Business Data

======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==


Re: [strongSwan] PGP Key used for signing

2021-07-07 Thread Andreas Steffen
Hi Eric,

it is my personal PGP key:

https://pgp.surfnet.nl/pks/lookup?op=vindex=on=0xDF42C170B34DBA77

Regards

Andreas

On 06.07.21 17:15, Eric Germann wrote:
> What PGP key is used for signing of the source files?
> 
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> <https://www.linkedin.com/in/ericgermann>
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
> 
> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
> 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==



Re: [strongSwan] Version numbers

2021-06-23 Thread Andreas Steffen
Hi Dave,

both servers are running strongSwan 5.8.4 userland daemon but
the first one uses the IPsec stack of a Linux 4.15.0 kernel and
the second one the IPsec stack of a Linux 4.18.0 kernel.
The second server certainly is 64 bit but most probably the first one
is as well.

Best regards

Andreas

On 23.06.21 16:26, David Pearce - C wrote:
> I've got two SS servers, one works, one sort of work right.
> 
> The working one runs "Linux strongSwan U5.8.4/K4.15.0-142-generic"
> 
> The sortof server is running "Linux strongSwan
> U5.8.4/K4.18.0-305.3.1.el8_4.x86_64"
> 
> What is the difference between the two versions? Is one 32-bit and one
> 64-bit?
> 
> *Dave Pearce*
> 
> Blue Origin OLS
> 
> dpear...@blueorigin.com <mailto:dpear...@blueorigin.com>
> 
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==



[strongSwan] Archived recording of the joint strongSwan and wolfSSL Webinar

2021-06-05 Thread Andreas Steffen
Hi,

the recording of the strongSwan and wolfSSL Webinar is now available
under the following link:

  https://www.youtube.com/watch?v=Ul_M3XzRa4Q

Best regards

Andreas

On 28.05.21 13:30, Andreas Steffen wrote:
> Please join us for our upcoming webinar with Security Expert Eric
> Blankenhorn from wolfSSL and Andreas Steffen from the strongSwan Project.
> 
> Leveraging the FIPS-certified security of wolfSSL and the power of
> strongSwan to make a more perfect VPN!
> 
> strongSwan and wolfSSL are coming together to present a better approach
> to a VPN with FIPS-certified cryptography. wolfSSL has had an interest
> in enabling FIPS 140-2/140-3 support with strongSwan so they contributed
> the wolfssl crypto plugin to the strongSwan project a while ago.
> 
> The wolfSSL engineers have now verified that everything is working with
> the wolfCrypt FIPS 140-2 validated module. wolfSSL is pleased that with
> the latest release of wolfSSL v4.7.0 and the wolfCrypt FIPS 140-2 module
> validated on FIPS certificate 3389, strongSwan support is working
> splendidly.
> 
> When: Jun 2, 2021 10:00 AM Pacific Time (US and Canada) 
> 
> Topic: wolfSSL and strongSwan Partner webinar
> 
> Register in advance for this webinar:
> 
> https://us02web.zoom.us/webinar/register/WN_2V7369-WT0O00xu89WLyRQ
> 
> After registering, you will receive a confirmation email containing
> information about joining the webinar.
> 
> Bring any questions you may have, and we look forward to seeing you there!
> 
> Best regards
> 
> Andreas Steffen
> 
> The invitation to the webinar is also available on the wolfSSL site:
> 
> https://www.wolfssl.com/upcoming-webinar-wolfssl-strongswan-partner-webinar/
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==



[strongSwan] Upcoming joint strongSwan and wolfSSL Webinar

2021-05-28 Thread Andreas Steffen
Please join us for our upcoming webinar with Security Expert Eric
Blankenhorn from wolfSSL and Andreas Steffen from the strongSwan Project.

Leveraging the FIPS-certified security of wolfSSL and the power of
strongSwan to make a more perfect VPN!

strongSwan and wolfSSL are coming together to present a better approach
to a VPN with FIPS-certified cryptography. wolfSSL has had an interest
in enabling FIPS 140-2/140-3 support with strongSwan so they contributed
the wolfssl crypto plugin to the strongSwan project a while ago.

The wolfSSL engineers have now verified that everything is working with
the wolfCrypt FIPS 140-2 validated module. wolfSSL is pleased that with
the latest release of wolfSSL v4.7.0 and the wolfCrypt FIPS 140-2 module
validated on FIPS certificate 3389, strongSwan support is working
splendidly.

When: Jun 2, 2021 10:00 AM Pacific Time (US and Canada) 

Topic: wolfSSL and strongSwan Partner webinar

Register in advance for this webinar:

https://us02web.zoom.us/webinar/register/WN_2V7369-WT0O00xu89WLyRQ

After registering, you will receive a confirmation email containing
information about joining the webinar.

Bring any questions you may have, and we look forward to seeing you there!

Best regards

Andreas Steffen

The invitation to the webinar is also available on the wolfSSL site:

https://www.wolfssl.com/upcoming-webinar-wolfssl-strongswan-partner-webinar/

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==



Re: [strongSwan] how to increase timeout for "deleting half open IKE_SA with after timeout" ?

2021-05-16 Thread Andreas Steffen
Hello Harald,

the half_open_timeout can be set in strongswan.conf:

charon {
  half_open_timeout = 120
}

to set the timeout to 120 seconds.

Best regards

Andreas

On 14.05.21 11:06, Harald Dunkel wrote:
> Hi folks,
> 
> I have a few road warriors (3 out of ~140) having severe problems to
> connect via IKEv2. Within the last 4 weeks they had >1000 problems
> during IKE SA init each, e.g.:
> 
> May 12 09:55:28 18[NET1] <92244> received packet: from
> 192.168.1.177[61416] to 10.0.0.17[500] (432 bytes)
> May 12 09:55:28 18[ENC1] <92244> parsed IKE_SA_INIT request 0 [ SA KE No
> N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
> May 12 09:55:28 18[IKE0] <92244> 192.168.1.177 is initiating an IKE_SA
> May 12 09:55:28 18[IKE2] <92244> IKE_SA (unnamed)[92244] state change:
> CREATED => CONNECTING
> May 12 09:55:28 18[CFG1] <92244> selected proposal:
> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> May 12 09:55:28 18[IKE1] <92244> remote host is behind NAT
> May 12 09:55:28 18[IKE2] <92244> sending strongSwan vendor ID
> May 12 09:55:28 18[IKE1] <92244> sending cert request for "C=DE,
> O=example AG, CN=ws-CA"
> May 12 09:55:28 18[IKE1] <92244> sending cert request for "C=DE,
> O=example AG, OU=example Certificate Authority, CN=root-CA"
> May 12 09:55:28 18[IKE1] <92244> sending cert request for "C=DE, ST=NRW,
> O=example AG, OU=TI, CN=ipsec-ca"
> May 12 09:55:28 18[ENC1] <92244> generating IKE_SA_INIT response 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP)
> N(MULT_AUTH) V ]
> May 12 09:55:28 18[NET1] <92244> sending packet: from 10.0.0.17[500] to
> 192.168.1.177[61416] (541 bytes)
> May 12 09:55:58 31[JOB1] <92244> deleting half open IKE_SA with
> 192.168.1.177 after timeout
> May 12 09:55:58 31[IKE2] <92244> IKE_SA (unnamed)[92244] state change:
> CONNECTING => DESTROYING
> 
> Obviously there is a 30sec timeout on the IPsec gateway. Is there
> a chance to increase this timeout (using stroke, ie. ipsec.conf)?
> https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
> mentions only the DPD timeout (150 sec per default) and the inac-
> tivity timeout (child sa only, as it seems).
> 
> Would it be wise to resend the IKE_SA_INIT response (lets say) 3
> times?
> 
> 
> Every helpful comment is highly appreciated
> 
> Harri


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
==



Re: [strongSwan] OpenIKED strongswan question

2021-03-03 Thread Andreas Steffen

Hola Riccardo,

if you are using swanctl.conf then the parameters are

  reauth_time = 86400

in the connection definition and

  life_time = 3600

in the children section.

With the legacy ipsec.conf configuration it is

  ikelifetime = 86400

and

  lifetime = 3600

Regards

Andreas

On 03.03.2021 11:42, Riccardo Giuntoli wrote:

Hello there nice people! Riccardo Giuntoli writing from Spain. A
pleasure to.

Got a question in my OpenIKED configuration I've got those parameters:

ikelifetime 86400 lifetime 3600

What are the correspondent in ipsec.conf of Stronswan?

Nice regards,

RG.



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Unable to establish connection with Fortigate device

2021-03-01 Thread Andreas Steffen
ike 0:to VpnTunnelName:384: enc 
C10B9BE64DC0D904589D6282B4F462C905100201006B080F02004C6F63616E64610B240E2C5E431EDC18A1A71432A2D63F3A735CF38FF3B15088600EA1C4DFA8DBAE54001C000101106002C10B9BE64DC0D904589D6282B4F462C9
ike 0:to VpnTunnelName:384: out 
C10B9BE64DC0D904589D6282B4F462C905100201006C0A9523A71AA4D181655F68680E687AAE143646431BCF52A9AAE986F371BD20D0165F406F6525CE7BD4E99E87756AE721C2EA71E8B0D76B6DDAA3BAE63545FE806E4DABC6DBF23D09165665B8EBA17F4B
ike 0:to VpnTunnelName:384: sent IKE msg (ident_i3send): 
192.168.1.2:4500->95.x.x.x:4500, len=108, id=c10b9be64dc0d904/589d6282b4f462c9
ike 0: comes 95.x.x.x:4500->192.168.1.2:4500,ifindex=4
ike 0: IKEv1 exchange=Informational 
id=c10b9be64dc0d904/589d6282b4f462c9:3401b0f7 len=108
ike 0: in 
C10B9BE64DC0D904589D6282B4F462C9081005013401B0F7006CCBD929F01609C09C15FB168C6027327324BD1D6560143B39C69FF01070831099C7520EDB88EBF51AC8CF9AFF5A8649CECE18DADC661F7EB7698D90A5ECEC8DB81EC258089F8E48EEBB2313BE63C33FF5


I'm fairly new to strongswan so I might have missed something in the server 
configuration. Any hint is welcome.
Thanks


[1] https://wiki.strongswan.org/projects/strongswan/wiki/Fortinet



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Strongswan with ECDSA certificate

2020-12-11 Thread Andreas Steffen

Hello George,

you have to enable one of the libstrongswan plugins that support
ellicptic curve cryptography. Either the openssl, wolfssl or botan
plugin.

Best regards

Andreas

On 05.11.20 20:20, george wrote:

eature PUBKEY:ECDSA in plugin 'pem' has unmet dependency: PUBKEY:ECDSA


Re: [strongSwan] Is there an official docker image for StrongSwan?

2020-06-28 Thread Andreas Steffen
Hi Houman,

I created a strongSwan 5.8.4 image a couple of months ago for a
a tutorial so it builds only a limited number of plugins:

  https://hub.docker.com/repository/docker/strongx509/strongswan

I hope this helps

Andreas

On 28.06.20 17:58, Houman wrote:
> Hello,
> 
> I'm new to Docker and was wondering where I could find the official
> StrongSwan docker image?
> There isn't any official version on docker hub and most of the
> community stuff is fairly outdated.  If there isn't any, what is the
> best way to make my own?
> 
> Thank you for advice,
> Houman

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] eap auth with 5.8 - how?

2020-05-11 Thread Andreas Steffen
But I think the remote side is not configured
for EAP-based client authentication or cannot
find its private signature key so AUTHENTICATION
FAILED ensues. Any chance of getting the remote log?

Andreas

On 11.05.20 08:45, Andreas Steffen wrote:
> Hi,
> 
> in the remote section you have to set
> 
>   auth = pubkey
> 
> since the responder is using a certificate-based
> authentication.
> 
> Regards
> 
> Andreas
> 
> On 10.05.20 14:17, lejeczek wrote:
>> hi guys
>>
>> I got my strongswan updated to 5.8 and I think I migrated my
>> simple config correctly:
>>
>> connections {
>>   camuni {
>>     remote_addrs="remote.fqdn"    # The location
>> of the host, FQDN or IP
>>     vips="0.0.0.0"
>>     send_cert="never"
>>     local {
>>   id="me@domain"
>>   auth="eap"
>>     }
>>     remote {
>>   certs="remote.fqdn.crt"
>>   id="DNS:remote.fqdn"
>>   auth="eap"
>>     }
>>     children {
>>   camuni {
>>     remote_ts="172.16.0.0/12"
>>     mode="pass"
>>     start_action="start"
>>   }
>>     }
>>   }
>> }
>> secrets {
>>   eap {
>>     secret="aSecret"
>>     id="me@fqdn
>>   }
>> }
>>
>> Yet still auth fails. I have no control over "remote.fqdn"
>> but at my end I see:
>> ...
>> IKE] initiating IKE_SA camuni[9] to xx.XX.zz.ZZ
>> [ENC] generating IKE_SA_INIT request 0 [ SA KE No
>> N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
>> [NET] sending packet: from xx.XX.yy.YY[500] to
>> xx.XX.zz.ZZ[500] (1400 bytes)
>> [NET] received packet: from xx.XX.zz.ZZ[500] to
>> xx.XX.yy.YY[500] (592 bytes)
>> [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
>> N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
>> [CFG] selected proposal:
>> IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
>> [IKE] remote host is behind NAT
>> [IKE] sending cert request for "O=CA, CN=mydom.local"
>> [IKE] sending cert request for "O=CA, CN=mydom.local"
>> [IKE] establishing CHILD_SA camuni{9}
>> [ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT)
>> CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
>> N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR)
>> N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
>> [NET] sending packet: from xx.XX.yy.YY[4500] to
>> xx.XX.zz.ZZ[4500] (432 bytes)
>> [NET] received packet: from xx.XX.zz.ZZ[4500] to
>> xx.XX.yy.YY[4500] (80 bytes)
>> [ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
>> [IKE] received AUTHENTICATION_FAILED notify error
>> initiate failed: establishing CHILD_SA 'camuni' failed
>>
>> Would you have any suggestions and advice I'll be grateful.
>> many thanks, L.
>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] eap auth with 5.8 - how?

2020-05-11 Thread Andreas Steffen
Hi,

in the remote section you have to set

  auth = pubkey

since the responder is using a certificate-based
authentication.

Regards

Andreas

On 10.05.20 14:17, lejeczek wrote:
> hi guys
> 
> I got my strongswan updated to 5.8 and I think I migrated my
> simple config correctly:
> 
> connections {
>   camuni {
>     remote_addrs="remote.fqdn"    # The location
> of the host, FQDN or IP
>     vips="0.0.0.0"
>     send_cert="never"
>     local {
>   id="me@domain"
>   auth="eap"
>     }
>     remote {
>   certs="remote.fqdn.crt"
>   id="DNS:remote.fqdn"
>   auth="eap"
>     }
>     children {
>   camuni {
>     remote_ts="172.16.0.0/12"
>     mode="pass"
>     start_action="start"
>   }
>     }
>   }
> }
> secrets {
>   eap {
>     secret="aSecret"
>     id="me@fqdn
>   }
> }
> 
> Yet still auth fails. I have no control over "remote.fqdn"
> but at my end I see:
> ...
> IKE] initiating IKE_SA camuni[9] to xx.XX.zz.ZZ
> [ENC] generating IKE_SA_INIT request 0 [ SA KE No
> N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
> [NET] sending packet: from xx.XX.yy.YY[500] to
> xx.XX.zz.ZZ[500] (1400 bytes)
> [NET] received packet: from xx.XX.zz.ZZ[500] to
> xx.XX.yy.YY[500] (592 bytes)
> [ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
> [CFG] selected proposal:
> IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072
> [IKE] remote host is behind NAT
> [IKE] sending cert request for "O=CA, CN=mydom.local"
> [IKE] sending cert request for "O=CA, CN=mydom.local"
> [IKE] establishing CHILD_SA camuni{9}
> [ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT)
> CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
> N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR)
> N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
> [NET] sending packet: from xx.XX.yy.YY[4500] to
> xx.XX.zz.ZZ[4500] (432 bytes)
> [NET] received packet: from xx.XX.zz.ZZ[4500] to
> xx.XX.yy.YY[4500] (80 bytes)
> [ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> [IKE] received AUTHENTICATION_FAILED notify error
> initiate failed: establishing CHILD_SA 'camuni' failed
> 
> Would you have any suggestions and advice I'll be grateful.
> many thanks, L.
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Password protection on private key using PKI tool

2020-03-28 Thread Andreas Steffen
Hi Dries,

no the strongSwan pki tool does not support password protection of
private keys. But after generating a key with e.g.

  pki --gen --type rsa --size 3072 --outform pem > key.pem

you can protect it with a password using openssl:

  openssl rsa -in key.pem -aes256 -out key.pem
  Enter pass phrase for key.pem:
  ...

The pki tool can load encrypted keys, though, e.g.

  pki --self --type rsa --in key.pem --dn "C=CH, O=Test, CN=Joe" \
 --outform pem > cert.pem
  Private key passphrase:
  ...

Hope this helps!

Andreas

On 14.03.20 20:17, driesm.michi...@gmail.com wrote:
> Hi Strongswan Mail list,
> 
>  
> 
> This is a quick question regarding certificates/keys created with the
> PKI tool.
> 
> Does the PKI tool currently support password protection of private keys?
> 
>  
> 
> This would mean that regardless of the key install on a client one still
> needs the password to use them.
> 
>  
> 
> Regards
> 
> Dries
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] configuring android StrongSwan VPN Client 2.2.1

2020-01-07 Thread Andreas Steffen
Hi Dave,

the Diffie-Hellman group modp1024 is totally weak and is therefore
deprecated by NIST. Please add modp2048 to your server's configuration.
Actually Windows Clients be made secure by enabling modp2048 via the
Windows registry:

https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048

Best regards

Andreas

On 07.01.20 17:31, David H. Durgee wrote:
> I followed this recipe to install StrongSwan on my linux server:
> 
> How to Set Up an IKEv2 VPN Server with StrongSwan on Ubuntu 16.04
> <https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-16-04>
> 
> This is working fine with a Windows client, so I know it is configured
> properly.
> 
> After this success I attempted to install the above client on my android
> Nougat phone.  Unfortunately this is not working with the default
> options on the client.  Here is the log entries from the linux server
> attempting to open the VPN connection:
> 
> Dec 26 18:07:11 DG41TY charon: 09[NET] received packet: from
> 108.31.28.59[1024] to 192.168.80.11[500] (716 bytes)
> Dec 26 18:07:11 DG41TY charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
> Dec 26 18:07:11 DG41TY charon: 09[CFG] looking for an ike config for
> 192.168.80.11...108.31.28.59
> Dec 26 18:07:11 DG41TY charon: 09[CFG]   candidate: %any...%any, prio 28
> Dec 26 18:07:11 DG41TY charon: 09[CFG] found matching ike config:
> %any...%any with prio 28
> Dec 26 18:07:11 DG41TY charon: 09[IKE] 108.31.28.59 is initiating an IKE_SA
> Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state
> change: CREATED => CONNECTING
> Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:
> Dec 26 18:07:11 DG41TY charon: 09[CFG]   no acceptable
> DIFFIE_HELLMAN_GROUP found
> Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:
> Dec 26 18:07:11 DG41TY charon: 09[CFG]   no acceptable
> ENCRYPTION_ALGORITHM found
> Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:
> Dec 26 18:07:11 DG41TY charon: 09[CFG]   no acceptable
> DIFFIE_HELLMAN_GROUP found
> Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:
> Dec 26 18:07:11 DG41TY charon: 09[CFG]   no acceptable
> ENCRYPTION_ALGORITHM found
> Dec 26 18:07:11 DG41TY charon: 09[CFG] received proposals:
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048,
> IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
> Dec 26 18:07:11 DG41TY charon: 09[CFG] configured proposals:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> Dec 26 18:07:11 DG41TY charon: 09[IKE] local host is behind NAT, sending
> keep alives
> Dec 26 18:07:11 DG41TY charon: 09[IKE] remote host is behind NAT
> Dec 26 18:07:11 DG41TY charon: 09[IKE] received proposals inacceptable
> Dec 26 18:07:11 DG41TY charon: 09[ENC] generating IKE_SA_INIT response 0
> [ N(NO_PROP) ]
> Dec 26 18:07:11 DG41TY charon: 09[NET] sending packet: from
> 192.168.80.11[500] to 108.31.28.59[1024] (36 bytes)
> Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state
> change: CONNECTING => DESTROYING
> 
> What do I need to change in the android client configuration?  I would
> prefer not to touch the linux server as it is working with windows
> clients, but will do so if absolutely necessary.  Thank you for your
> assistance in this matter.
> 
> Dave

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Regarding Strongswan and AD

2019-08-15 Thread Andreas Steffen
Hi,

your concept seems correct. Set up the authentication in steps:

1) Define user credentials locally on the Freeradius server
   and set up an EAP-RADIUS connection from the strongSwan VPN gateway
   to the FreeRadius server along the following example scenario:


https://www.strongswan.org/testing/testresults/swanctl/rw-eap-ttls-radius/

2) Connect the Microsoft AD with FreeRadius so that the User Credentials
   can reside on the AD.

Regards

Andreas

On 14.08.19 03:27, Bidhan Khatri wrote:
> 've been searching for the solution but couldn't find it so I'm writing
> to you.  I hope I will get an answer. I've configured Strongswan and for
> authentication, I'm planning to use Microsoft AD. I've configured radius
> client on AD and set up samba on my centos 7 Strongswan server but still
> couldn't authenticate the users. I'm stuck somewhere or missing something.
> 
> My setup is:
> client -> Strongswan(centos 7) -> radius(free radius,centos 7) ->
> AD(Microsoft)
> 
> Can you provide some guidance regarding this? I've to complete this
> project this month. 
> 
> Thank you

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] How to determine how many connections are currently active?

2019-07-31 Thread Andreas Steffen
Hi Houman,

The CHILD SAs are the actual tunnels carrying encrypted data. The
IKE SA is used for peer authentication and the setup of the
CHILD SAs. In principle an IKE SA can define multiple CHILD SAs
if you want to connect multiple subnets behind the two VPN gateways
with each other.

Regards

Andreas

On 31.07.19 12:43, Houman wrote:
> Hi Andreas,
> 
> Thank you very much.  That worked nicely, much easier than I thought it
> would be.
> 
> The difference between INSTALLED (519) and ESTABLISHED (520) was nearly
> the same in my case.   What is the main difference between them in this
> context?
> 
> Many Thanks,
> Houman
> 
> On Wed, 31 Jul 2019 at 11:14, Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
> 
> Hi Houman,
> 
> you can get the number of active IKE SAs via
> 
>   swanctl --list-sas | grep ESTABLISHED | wc -l
> 
> if you are using the vici interface or
> 
>   ipsec statusall | grep ESTABLISHED | wc -l
> 
> if you are using the legacy whack interface.
> 
> For the total number of active CHILD SAs replace ESTABLISHED
> by INSTALLED in the grep query.
> 
> Best regards
> 
> Andreas
> 
> On 31.07.19 10:05, Houman wrote:
> > Good morning,
> >
> >
> > What is the best way to determine how many connections are currently
> > active on the StrongSwan server? 
> >
> >
> > Maybe there is a simpler way but I thought of one way. I’m using
> > FreeRadius with Mysql DB as storage.
> >
> >
> > There are three fields that capture the start (acctstarttime), ongoing
> > (acctupdatetime) and the end (acctstoptime) of a connection.
> >
> >
> > I could theoretically filter for all acctupdatetime that start from
> > today and have a acctstoptime that is null.  The count of these
> records
> > would be the approximate number of active connections to the server.
> >
> >
> > Is there a better way to achieve this or do you agree to this
> approach?
> >
> >
> >
> > Many Thanks,
> >
> > Houman
> >
> 
> -- 
> ==
> Andreas Steffen                       
>  andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>
> strongSwan - the Open Source VPN Solution!         
> www.strongswan.org <http://www.strongswan.org>
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===[INS-HSR]==
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Certificate-based IPsec tunnel failing to complete

2019-07-05 Thread Andreas Steffen
Global 
> SSL ICA G3"
> [IKE] received cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root 
> CA 2 G3"
> [IKE] received 10 cert requests for an unknown ca
> [IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 
> 2 G3"
> [IKE] sending cert request for "C=UK, ST=$MY_STATE, L=$MY_CITY, O=$MY_ORG, 
> OU=$MY_OU, CN=CA Root (ECDSA)"
> [IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Global 
> SSL ICA G3"
> [IKE] authentication of 'vpn.production.$MY_ORG.cloud' (myself) with 
> ECDSA-256 signature successful
> [IKE] sending end entity cert "C=GB, ST=London, L=London, O=$MY_ORG PLC, 
> CN=vpn.production.$MY_ORG.cloud"
> [IKE] establishing CHILD_SA net1-net1{1}
> [ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr 
> AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
> [ENC] splitting IKE message with length of 2018 bytes into 2 fragments
> [ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
> [ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
> [NET] sending packet: from 172.26.0.85[4500] to $MY_ON_PREM_EXT_IP[4500] 
> (1248 bytes)
> [NET] sending packet: from 172.26.0.85[4500] to $MY_ON_PREM_EXT_IP[4500] (835 
> bytes)
> [NET] received packet: from $MY_ON_PREM_EXT_IP[4500] to 172.26.0.85[4500] 
> (525 bytes)
> [ENC] parsed IKE_AUTH response 1 [ EF(1/4) ]
> [ENC] received fragment #1 of 4, waiting for complete IKE message
> [NET] received packet: from $MY_ON_PREM_EXT_IP[4500] to 172.26.0.85[4500] 
> (525 bytes)
> [ENC] parsed IKE_AUTH response 1 [ EF(3/4) ]
> [ENC] received fragment #3 of 4, waiting for complete IKE message
> [NET] received packet: from $MY_ON_PREM_EXT_IP[4500] to 172.26.0.85[4500] 
> (525 bytes)
> [ENC] parsed IKE_AUTH response 1 [ EF(2/4) ]
> [ENC] received fragment #2 of 4, waiting for complete IKE message
> [NET] received packet: from $MY_ON_PREM_EXT_IP[4500] to 172.26.0.85[4500] (76 
> bytes)
> [ENC] parsed IKE_AUTH response 1 [ EF(4/4) ]
> [ENC] received fragment #4 of 4, reassembling fragmented IKE message
> [ENC] parsed IKE_AUTH response 1 [ V IDr CERT CERT AUTH SA TSi TSr 
> N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) N(MOBIKE_SUP) ]
> [IKE] received end entity cert "C=UK, ST=$MY_STATE, O=$MY_ORG, OU=$MY_OU, 
> CN=vpntest.$MY_ORG.co.uk"
> [IKE] received issuer cert "C=UK, ST=$MY_STATE, L=$MY_CITY, O=$MY_ORG, 
> OU=$MY_OU, CN=CA Root (ECDSA)"
> [CFG]   using certificate "C=UK, ST=$MY_STATE, O=$MY_ORG, OU=$MY_OU, 
> CN=vpntest.$MY_ORG.co.uk"
> [CFG]   using trusted ca certificate "C=UK, ST=$MY_STATE, L=$MY_CITY, 
> O=$MY_ORG, OU=$MY_OU, CN=CA Root (ECDSA)"
> [CFG] checking certificate status of "C=UK, ST=$MY_STATE, O=$MY_ORG, 
> OU=MY_OU, CN=vpntest.$MY_ORG.co.uk"
> [CFG] certificate status is not available
> [CFG]   reached self-signed root ca with a path length of 0
> [IKE] authentication of 'C=UK, ST=$MY_STATE, O=$MY_ORG, OU=MY_OU, 
> CN=vpntest.$MY_ORG.co.uk' with ECDSA-256 signature successful
> [CFG] constraint check failed: identity 'vpntest.$MY_ORG.co.uk' required
> [CFG] selected peer config 'onprem-to-azure' inacceptable: constraint 
> checking failed
> [CFG] no alternative config found
> [ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
> [NET] sending packet: from 172.26.0.85[4500] to $MY_ON_PREM_EXT_IP[4500] (65 
> bytes)
> initiate failed: establishing CHILD_SA 'net1-net1' failed
> 
> 
> 
> 
> You are receiving this message from Capita Software. Should you wish to see 
> how we may have collected or may use your information, or view ways to 
> exercise your individual rights, see our Privacy 
> Notice<https://www.capitasoftware.com/PrivacyNotice>
> 
> 
> This email is security checked and subject to the disclaimer on web-page: 
> http://www.capita.co.uk/email-disclaimer.aspx
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Can strongswan tnc be used with TPM 2.0 ?

2019-07-01 Thread Andreas Steffen
Hi Benoit,

you can compile strongSwan with both options --enable-tss-trousers
and --enable-tss-tss2 and the libtpmtss library will automatically
detect wheter a TPM 1.2 or TPM 2.0 device is present, prefering
TPM 2.0 over TPM 1.2.

For TPM 1.2 support the libtspi trousers library is required
and for TPM 2.0 the libtss2 library. Have a look at  the folling
HOWTO on how to install the TPM2-TSS libraries and how to generate
TPM 2.0 attestation keys and certificates:

https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin

Best regards

Andreas

On 15.06.19 15:18, Benoit wrote:
> Hi all,
> 
> I am interested to use the strongswan tnc, specifically the PTS
> (IMV/IMC) mode.
> I went to this following pages : 
> 
>    https://wiki.strongswan.org/projects/strongswan/wiki/IMA
>   
> https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect
>    https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMV
>    https://wiki.strongswan.org/projects/strongswan/wiki/PTS-IMC
> 
> Pages are talking about TPM 1.2, but TPM 2.0 is never described.
> 
> I am mainly looking for a way to verify if a client is trusted or not.
> And what is described at
> https://wiki.strongswan.org/projects/strongswan/wiki/IMA can match my
> requirements.
> But I would like to have something compliant TPM 1.2 and TPM 2.0
> 
> Is strongswan TNC/PTS feature compliant with TPM 1.2 and TPM 2.0 ?
> 
> Thanks
> 
> 
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Removing individual certs

2019-05-19 Thread Andreas Steffen
Hi Roee,

why would you want to unload end entity certificates at all?

Regards

Andreas

On 17.05.19 18:48, Roee Agami wrote:
> Hi,
> Is there a way to unload individual certs from strongswan?
> All I see is ways to completely remove all of the configured certs.
> 
> Thanks.
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Error connecting from Fortigate VPN to Strongswan

2019-03-15 Thread Andreas Steffen
KE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,

IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048,

IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/NTRU_128/NTRU_192/NTRU_256/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Mar 15 00:36:12 klick001 charon: 12[CFG] selected proposal:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Mar 15 00:36:12 klick001 charon: 12[IKE] local host is
behind NAT, sending keep alives
Mar 15 00:36:12 klick001 charon: 12[IKE] sending cert
request for "CN=VPN root CA"
Mar 15 00:36:12 klick001 charon: 12[IKE] authentication of
'35.185.2**.***' (myself) with RSA signature successful
Mar 15 00:36:12 klick001 charon: 12[CFG] proposing traffic
selectors for us:
Mar 15 00:36:12 klick001 charon: 12[CFG] 0.0.0.0/0
<http://0.0.0.0/0>
Mar 15 00:36:12 klick001 charon: 12[CFG] proposing traffic
selectors for other:
Mar 15 00:36:12 klick001 charon: 12[CFG]  dynamic
Mar 15 00:36:12 klick001 charon: 12[CFG] configured
proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,

ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Mar 15 00:36:12 klick001 charon: 12[IKE] establishing
CHILD_SA ikev2-Teledida{1}
Mar 15 00:36:12 klick001 charon: 12[ENC] generating IKE_AUTH
request 1 [ IDi CERTREQ AUTH SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mar 15 00:36:12 klick001 charon: 12[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Mar 15 00:36:16 klick001 charon: 15[IKE] retransmit 1 of
request with message ID 1
Mar 15 00:36:16 klick001 charon: 15[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Mar 15 00:36:23 klick001 charon: 16[IKE] retransmit 2 of
request with message ID 1
Mar 15 00:36:23 klick001 charon: 16[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Mar 15 00:36:36 klick001 charon: 06[IKE] retransmit 3 of
request with message ID 1
Mar 15 00:36:36 klick001 charon: 06[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Mar 15 00:36:56 klick001 charon: 10[IKE] sending keep alive
to 200.10.1**.***[4500]
Mar 15 00:36:59 klick001 charon: 09[IKE] retransmit 4 of
request with message ID 1
Mar 15 00:36:59 klick001 charon: 09[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)
Mar 15 00:37:20 klick001 charon: 12[IKE] sending keep alive
to 200.10.1**.***[4500]
Mar 15 00:37:40 klick001 charon: 13[IKE] sending keep alive
to 200.10.1**.***[4500]
Mar 15 00:37:41 klick001 charon: 14[IKE] retransmit 5 of
request with message ID 1
Mar 15 00:37:41 klick001 charon: 14[NET] sending packet:
from 10.138.0.4[4500] to 200.10.1**.***[4500] (988 bytes)

Please assist as we are about to go live soon.

Thanks in advance.

Moses K

=======

Re: [strongSwan] How to improve connection loss when moving from 4G to Wifi?

2019-02-10 Thread Andreas Steffen
Hi Houman,

actually the IKEv2 MOBIKE mobility protocol does this automatically.
Does your IPsec peer (VPN gateway) support MOBIKE since strongSwan
enables it out of the box?

Regards

Andreas

On 09.02.19 17:50, Houman wrote:
> Hello,
> 
> I've set up strongSwan U5.6.2/K4.15.0-43-generic on Ubuntu 18.04. It
> works very well.
> 
> However is there any way to improve connection or loss of when moving
> from cellular 4G to WiFi / WiFi to 4G?
> 
> I thought that IKEv2 could do that seamlessly?
> 
> Many Thanks,
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid

2018-10-29 Thread Andreas Steffen
Hi Yogesh,

are you using an unmodified strongSwan peer on the other side or
a third party VPN product? If it is strongSwan, which version are
you using? Could you also send the configuration of the CHILD SA?

Regards

Andreas

On 29.10.2018 06:43, Yogesh Purohit wrote:
> Adding subject line to my query
> 
> On Mon, Oct 29, 2018 at 11:12 AM Yogesh Purohit
> mailto:yogeshpuroh...@gmail.com>> wrote:
> 
> Hi Team,
> 
> I am trying to establish tunnel with my strongswan.
> But after receiving IKE_AUTH response my local strongswan end
> (initiator) rejects tunnel saying ' length of
> TRAFFIC_SELECTOR_SUBSTRUCTURE substructure list invalid'.
> 
> And I am unable to get the reason for the same. Because I have
> configured traffic selectors matching.
> 
> IKE_Auth response which is recived is of 252 bytes, whereas when my
> tunnel was established in other case IKE_AUTH response was of 204 bytes.
> NOTE: I am trying the tunnel with PSK and version is IKEv2.
> 
> So is there fixed bytes of IKE_AUTH response which is expected by
> strongswan for PSK.
> 
> And what does 'length of TRAFFIC_SELECTOR_SUBSTRUCTURE substructure
> list invalid' means, I tried finding it in RFC, but could not find
> the same.
> 
> 
> Thanks & Regards,
> 
> Yogesh Purohit
> 
> 
> 
> -- 
> Best Regards,
> 
> Yogesh Purohit

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] PEAP

2018-09-16 Thread Andreas Steffen
Hi Christian,

add --enable-eap-mschapv2 as a configure option since MSCHAP-V2 based
password authentication is done within the PEAP tunnel.

Regards

Andreas

On 15.09.2018 11:38, Christian Salway wrote:
> I'm trying to set up PEAP but getting an error.  I connect to an NPS and
> have enabled PEAP with MSCHAPv2 on the connection
> 
> 
> Sep 15 09:31:39 16[IKE] sending tunneled EAP-PEAP AVP [EAP/REQ/ID]
> Sep 15 09:31:39 16[ENC] generating IKE_AUTH response 8 [ EAP/REQ/PEAP ]
> Sep 15 09:31:39 16[NET] sending packet: from 10.0.1.82[4500] to
> 86.2.58.36[60210] (128 bytes)
> Sep 15 09:31:39 04[NET] sending packet: from 10.0.1.82[4500] to
> 86.2.58.36[60210]
> Sep 15 09:31:39 03[NET] waiting for data on sockets
> Sep 15 09:31:40 03[NET] received packet: from 86.2.58.36[60210] to
> 10.0.1.82[4500]
> Sep 15 09:31:40 06[NET] received packet: from 86.2.58.36[60210] to
> 10.0.1.82[4500] (160 bytes)
> Sep 15 09:31:40 06[ENC] parsed IKE_AUTH request 9 [ EAP/RES/PEAP ]
> Sep 15 09:31:40 06[IKE] received tunneled EAP-PEAP AVP [EAP/RES/ID]
> Sep 15 09:31:40 06[IKE] received EAP identity 'christian.salway'
> Sep 15 09:31:40 06[IKE] phase2 method EAP_MSCHAPV2 selected
> *Sep 15 09:31:40 06[IKE] EAP_MSCHAPV2 method not available*
> Sep 15 09:31:40 06[ENC] generating IKE_AUTH response 9 [ EAP/REQ/PEAP ]
> 
> 
> ./configure --prefix=/usr --sysconfdir=/etc \
> --enable-eap-identity --enable-eap-radius --enable-openssl \
> --enable-eap-peap
> 
> NPS
> 
> 
> 
> 
> 
> Windows 10 reports:
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] (no subject)

2018-09-04 Thread Andreas Steffen
Hi Sandesh,

RSA signature-based authentication can only be broken if the
same RSA key is being used as for RSA encryption-based authentication
and this RSA key is broken applying the Bleichenbacher oracle to
RSA encryption-based authentication.

Since strongSwan does not implement RSA encryption, the RSA key cannot
be determined using the Bleichenbacher oracle and therefore IKEv1 and
IKEv2 RSA signatures cannot be compromised.

It has always been known that IKEv1 and IKEv2 PSK-based authentication
can be broken with an offline attack if the PSK is too weak. This is why
we recommend EAP-based user authentication with IKEv2 where the server
must authenticate itself first

PSKs with 128 bit cryptographic strength or more cannot be broken.

Best regards

Andreas

On 03.09.2018 11:20, Sandesh Sawant wrote:
> Hello Andreas,
> 
> 
> Thanks for confirming that strongSwan isn't vulnerable to the mentioned
> attack.
> 
> 
> However the report claims to have exploits for PSK and RSA signature
> based authentication also... Quoting from the report abstract: 
> 
>  "We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA
> 
> encrypted nonces are used for authentication. Using this
> 
> exploit, we break these RSA encryption  based modes,
> 
> and in addition break RSA signature  based authentication
> 
> in both IKEv1 and IKEv2. Additionally, we describe
> 
> an offline dictionary attack against the PSK (Pre-Shared
> 
> Key) based IKE modes, thus covering all available authentication
> 
> mechanisms of IKE."
> 
> 
> Can you please confirm that strongSwan isn't vulnerable to the
> Bleichenbacher attack against IKEv2 signature based auth and offline
> dictionary attack mentioned for PSK based auth (irrespective of the PSK
> chosen by the user)?
> 
> 
> Thanks,
> 
> Sandesh
> 
> 
> On Fri, Aug 31, 2018 at 3:50 PM Andreas Steffen
> mailto:andreas.stef...@strongswan.org>>
> wrote:
> 
> Hi Sandesh,
> 
> strongSwan is not vulnerable to the Bleichenbacher oracle attack
> since we did not implement the RSA encryption authentication variant
> for IKEv1.
> 
> Best regards
> 
> Andreas
> 
> On 31.08.2018 10:53, Sandesh Sawant wrote:
> > Hi all,
> >
> > I came across below news about a paper enlisting attacks pertaining to
> > IKE protocol, and want to know whether the latest version of trongSwan
> > stack is vulnerable to the attacks mentioned in this
> >
> paper: 
> https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> > References:
> >
> 
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> >
> 
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> >
> > Thanks,
> > Sandesh
> 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] (no subject)

2018-08-31 Thread Andreas Steffen
Hi Sandesh,

strongSwan is not vulnerable to the Bleichenbacher oracle attack
since we did not implement the RSA encryption authentication variant
for IKEv1.

Best regards

Andreas

On 31.08.2018 10:53, Sandesh Sawant wrote:
> Hi all,
> 
> I came across below news about a paper enlisting attacks pertaining to
> IKE protocol, and want to know whether the latest version of trongSwan
> stack is vulnerable to the attacks mentioned in this
> paper: 
> https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
> References:
> https://latesthackingnews.com/2018/08/20/ipsec-vpn-connections-broken-using-20-year-old-flaw/
> https://securityaffairs.co/wordpress/75352/hacking/key-reuse-ipsec-attack.html
> 
> Thanks,
> Sandesh

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] help with ext-auth plugin

2018-08-04 Thread Andreas Steffen
Hello Amit,

your log says:

00[CFG] no script for ext-auth script defined, disabled

The ex-auth plugin description

  https://wiki.strongswan.org/projects/strongswan/wiki/Ext-auth

or man strongswan.conf

  charon.plugins.ext-auth.script []
 Command to pass to the system shell for peer authorization.
 Authorization is considered successful if the command executes
 normally with an exit code of zero. For all other exit codes
 IKE_SA authorization is rejected.

The  following environment variables get passed to the script:
   IKE_UNIQUE_ID: The IKE_SA numerical unique identifier.
   IKE_NAME: The peer configuration connection name.
   IKE_LOCAL_HOST: Local IKE IP address.
   IKE_REMOTE_HOST: Remote IKE IP address.
   IKE_LOCAL_ID: Local IKE  identity.
   IKE_REMOTE_ID:  Remote  IKE  identity.
   IKE_REMOTE_EAP_ID: Remote EAP or XAuth identity, if used.

Thus you have to define an authentication script in strongswan.conf:

charon {
   plugins {
  ext-auth {
 script = 
  }
   }
}

Regards

Andreas

On 02.08.2018 18:55, Amit Priyadarshi wrote:
> 
> Hello Strongswan experts,
> 
> I am a strongswan-rookie and need some experts advice here.
> I am trying to configure strongswan to use external auth script.
> i followed below steps.
> 
> root@ampriyad-Inspiron-3558:/home/ampriyad/strongswan/strongswan-5.6.3#
> ./configure --enable-ext-auth
> 
> then i went ahead and did a 
> make followed by 
> make install.
> When i lauched ipsec i got below run logs
> Note that the plug in "ext-auth" did not gt loaded.
> 
> root@ampriyad-Inspiron-3558:/home/ampriyad/strongswan/strongswan-5.6.3#
> ipsec start --debug-all --nofork
> Starting strongSwan 5.6.3 IPsec [starter]...
> Loading config setup
> found netkey IPsec stack
> Attempting to start charon...
> 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux
> 4.15.0-29-generic, x86_64)
> 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
> 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
> 00[CFG] loading ocsp signer certificates from
> '/usr/local/etc/ipsec.d/ocspcerts'
> 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
> 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
> 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
> 00[CFG] no script for ext-auth script defined, disabled
> 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random
> nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
> dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr
> kernel-netlink resolve socket-default stroke vici updown xauth-generic
> counters
> 00[JOB] spawning 16 worker threads
> 
> Please guide me on what did i miss?
> 
> -- 
> Regards,
> Amit Priyadarshi
> 
>  
>  
>  

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Security Comparison

2018-07-20 Thread Andreas Steffen
Hi Marco,

actually X25519 DH group 31 has a security strength of 128 bits, similar
to ECP-256, although the Curve25519 characteristics are much better
than those of the ECP-256 NIST curve.

The "Goldilocks" X448 (DH group 32) has a security strength of 224 bits
which is half-way between 192 bits and 256 bits. strongSwan doesn't
support X448 yet.

Best regards

Andreas

On 20.07.2018 14:43, Marco Berizzi wrote:
> Hi Tobias,
> 
> I think this is an underestimated point. Deserves more attention.
> 
>> The cryptographic strength of all ciphers in a cipher suite should be
>> consistent.  For instance, using AES-256 for ESP is basically wasted
>> when using MODP-2048 because that has only an estimated strength of 112
>> bits (same for ECP-256 whose estimated strength is 128 bits).
> 
> Adding your above remark to [3] would be extremely useful.
> 
> According to this paper [1] MODP-1536 is broken (< 112 bits of security
> strength), and according to this nist publication [2], the only way to
> be consistent with AES-256 is ECP-521 (diffie hellmann group 21) or x25519
> (diffie hellmann group 31).
> 
> The MODP-3072 or ECP-256 is the minimum for being consistent with AES-128.
> 
> So a simple consistent table could be:
> 
> AES-128 ==>> MODP-3072 or ECP-256
> AES-192 ==>> MODP-8192 or ECP-384
> AES-256 ==>> ECP521 or x25519
> 
> [1] 
> https://csrc.nist.gov/csrc/media/publications/sp/800-131a/rev-1/final/documents/sp800-131a_r1_draft.pdf
> [2] 
> https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf
> [3] 
> https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] strongSwan plugins - openssl and x509

2018-07-11 Thread Andreas Steffen
Hi Divya,

yes, if you don't need OCSP support then you can disable the
x509 plugin in the presence of the openssl plugin.

Regards

Andreas

On 11.07.2018 11:08, divya mohan wrote:
> Hello,
> 
> I found the below documentation at
> https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist
> 
> openssl - Crypto backend based on OpenSSL, provides
> RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG
> 
> x509 - Advanced X.509 plugin for parsing/generating X.509
> certificates/CRLs and OCSP messages
> 
> One question here --
> 
> Is usage of x509 certificates supported by both the above plugins?
> So, if I am enabling openssl plugin, can x509 plugin be disabled?
> My use case requires using x509 certificates, without  CRL or OCSP support.
> 
> - Divya
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] TPM2.0 and ESAPI

2018-07-04 Thread Andreas Steffen
Cześć Piotr,

yes, that's correct. Some practical ESAPI examples would help
tremendously. Especially in the form of ESAPI-enabled tpm2-tools.

Na razie

Andreas

On 04.07.2018 11:30, Piotr Parus wrote:
> Dzień dobry/Cześć/Hello Andreas,
> 
> Thanks for your quick answer. I understand from it, that switching to
> ESAPI is possible but not in the nearest future as ESAPI is quite new
> and require some significant time to learn how to use it. Am I correct?
> 
> Pozdrowienia/Regards,
> 
> Piotr Parus
> 
> 
> 
> W dniu 26.06.2018 o 17:07, Andreas Steffen pisze:
>> Cześć Piotr,
>>
>> I've been aware of the emerging ESAPI which is indeed offering increased
>> security in the communication with the TPM 2.0 and [hopefully] easier
>> session handling but I wanted to wait for the 2.0.0 stable release,
>> which apparently happened 5 days ago.
>>
>> Porting the strongSwan tpm plugin to ESAPI would be made much easier if
>> the tpm2-tools would also adopt the ESAPI session handling, thus
>> offering example code on how the new API is supposed to be used.
>>
>> Pozdrowienia
>>
>> Andreas
>>
>> On 26.06.2018 08:35, Piotr Parus wrote:
>>> Hello!
>>>
>>>   From the source code I see that when strongswan uses TPM2.0 chip it
>>> uses TSS System API (SAPI) without sessions. Does the strongswan
>>> maintainers have plans to switch to  Enhanced System API (ESAPI) which
>>> enables easier session handling and encrypting transmission on the wire
>>> to the TPM chip?
>>>
>>> Best regards,
>>>
>>> Piotr Parus
>>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] TPM2.0 and ESAPI

2018-06-26 Thread Andreas Steffen
Cześć Piotr,

I've been aware of the emerging ESAPI which is indeed offering increased
security in the communication with the TPM 2.0 and [hopefully] easier
session handling but I wanted to wait for the 2.0.0 stable release,
which apparently happened 5 days ago.

Porting the strongSwan tpm plugin to ESAPI would be made much easier if
the tpm2-tools would also adopt the ESAPI session handling, thus
offering example code on how the new API is supposed to be used.

Pozdrowienia

Andreas

On 26.06.2018 08:35, Piotr Parus wrote:
> Hello!
> 
>  From the source code I see that when strongswan uses TPM2.0 chip it
> uses TSS System API (SAPI) without sessions. Does the strongswan
> maintainers have plans to switch to  Enhanced System API (ESAPI) which
> enables easier session handling and encrypting transmission on the wire
> to the TPM chip?
> 
> Best regards,
> 
> Piotr Parus
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Checking X509 Extended Key Usage

2018-06-22 Thread Andreas Steffen
Hi Sven,

the certificate policy must be contained in all certificates
of the X.509 trust chain. See the following example scenario:

https://www.strongswan.org/testing/testresults5dr/swanctl/rw-ed25519-certpol/

Regards

Andreas

On 20.06.2018 13:41, Sven Anders wrote:
> Am 20.06.2018 um 10:43 schrieb Andreas Steffen:
>> Hi Sven,
>>
>> you can use certificate policies which are based on OIDs.
>>
>> With swanctl.conf:
>>
>>   remote {
>> auth = pubkey
>> cert_policy = 
>> ...
>>   }
>>
>> or with ipsec.conf:
>>
>>   rightcertpolicy=
> 
> Thanks for pointing me to the right direction. I missed this in the
> manual page.
> 
> So the manual page states:
> 
>   left|rightcertpolicy = 
> 
>   Comma separated list of certificate policy OIDs the peer's certificate must 
> have.
>   OIDs are specified using the numerical dotted representation. Not supported 
> for IKEv1 connections prior to 5.0.0.
> 
> 
> If I use the following configuration:
> 
>   conn rw-config
> also = rw-base
> ike = 
> aes256-sha2_256-prfsha256-modp1024-modp2048,aes256gcm16-prfsha384-modp3072!
> esp = aes256-sha2_256-prfsha256,aes256-sha1,aes256gcm16-modp3072!
> leftsubnet = 10.0.0.0/8  # Split tunnel config
> leftid = "vpn.mydomain.net"  # Must match remote part on the client side
> leftcert = server.crt# The server certificate to use
> leftsendcert = always# not "never"
> left = 10.0.1.99
> 
> rightdns = 10.0.0.10, 10.0.0.11
> rightsourceip = %static, %dynamic
> rightcertpolicy = 1.3.6.1.5.5.7.3.2
> 
>   conn ikev2-pubkey
> also = rw-config
> keyexchange = ikev2
> auto = add
> 
> I cannot connect and I get the following output:
> 
> 8235[CFG] ike config match: 1052 (10.0.1.99 89.28.111.222 IKEv2)
> 8235[CFG]   candidate "ikev2-pubkey", match: 20/1/1052 (me/other/ike)
> 8235[CFG] selected peer config 'ikev2-pubkey'
> 8235[CFG]   using certificate "CN=MYNAME"
> 8235[CFG]   certificate "CN=MYNAME" key: 4096 bit RSA
> 8235[CFG]   using trusted intermediate ca certificate "DC=local, DC=my-group, 
> CN=MY-CA01"
> 8235[CFG]   certificate "DC=local, DC=my-group, CN=MY-SUB-CA01" key: 4096 bit 
> RSA
> 8235[CFG]   using trusted ca certificate "CN=MY-ROOT-CA01"
> 8235[CFG]   certificate "CN=MY-ROOT-CA01" key: 4096 bit RSA
> 8235[CFG]   reached self-signed root ca with a path length of 1
> 8235[IKE] authentication of 'MYNAME@my-group.local' with RSA signature 
> successful
> 8235[CFG] constraint requires cert policy 1.3.6.1.5.5.7.3.2
> 8235[CFG] selected peer config 'ikev2-pubkey' inacceptable: non-matching 
> authentication done
> 8235[CFG] no alternative config found
> 
> If I remove the "rightcertpolicy" line, I can connect without problems.
> 
> Any ideas?
> 
>> On 20.06.2018 09:49, Sven Anders wrote:
>>> Hi Andreas,
>>>
>>> Am 19.06.2018 um 18:47 schrieb Andreas Steffen:
>>>> Hi Sven,
>>>>
>>>> according to section 5.1.3.12. "ExtendedKeyUsage" of RFC 4945
>>>> "The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX"
>>>> the IPsec User EKU is deprecated:
>>>>
>>>>The CA SHOULD NOT include the ExtendedKeyUsage (EKU) extension in
>>>>certificates for use with IKE.  Note that there were three IPsec-
>>>>related object identifiers in EKU that were assigned in 1999.  The
>>>>semantics of these values were never clearly defined.  The use of
>>>>these three EKU values in IKE/IPsec is obsolete and explicitly
>>>>deprecated by this specification.  CAs SHOULD NOT issue certificates
>>>>for use in IKE with them.  (For historical reference only, those
>>>>values were id-kp-ipsecEndSystem, id-kp-ipsecTunnel, and id-kp-
>>>>ipsecUser.)
>>>>
>>>> The only EKU flags our X.509 class supports are ocspSigning, ClientAuth,
>>>> and ServerAuth.
>>>
>>> yes I know, that "IPsec User" is deprecated (I expected this remark would
>>> come), but I used it as an example here. We want to use our own OIDs.
>>>
>>> Because the ExtendedKeyUsage is a just a list of OIDs and there are no
>>> restrictions I know of, we use this to differentiate between classes of
>>> certificates we issue.
>>>
>>> If this isn't supported, how can we use StrongSwan to distinguish between
>>> groups of certificate

Re: [strongSwan] Checking X509 Extended Key Usage

2018-06-20 Thread Andreas Steffen
Hi Sven,

you can use certificate policies which are based on OIDs.

With swanctl.conf:

  remote {
auth = pubkey
cert_policy = 
...
  }

or with ipsec.conf:

  rightcertpolicy=

Best regards

Andreas


On 20.06.2018 09:49, Sven Anders wrote:
> Hi Andreas,
> 
> Am 19.06.2018 um 18:47 schrieb Andreas Steffen:
>> Hi Sven,
>>
>> according to section 5.1.3.12. "ExtendedKeyUsage" of RFC 4945
>> "The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX"
>> the IPsec User EKU is deprecated:
>>
>>The CA SHOULD NOT include the ExtendedKeyUsage (EKU) extension in
>>certificates for use with IKE.  Note that there were three IPsec-
>>related object identifiers in EKU that were assigned in 1999.  The
>>semantics of these values were never clearly defined.  The use of
>>these three EKU values in IKE/IPsec is obsolete and explicitly
>>deprecated by this specification.  CAs SHOULD NOT issue certificates
>>for use in IKE with them.  (For historical reference only, those
>>values were id-kp-ipsecEndSystem, id-kp-ipsecTunnel, and id-kp-
>>ipsecUser.)
>>
>> The only EKU flags our X.509 class supports are ocspSigning, ClientAuth,
>> and ServerAuth.
> 
> yes I know, that "IPsec User" is deprecated (I expected this remark would
> come), but I used it as an example here. We want to use our own OIDs.
> 
> Because the ExtendedKeyUsage is a just a list of OIDs and there are no
> restrictions I know of, we use this to differentiate between classes of
> certificates we issue.
> 
> If this isn't supported, how can we use StrongSwan to distinguish between
> groups of certificates without using Sub-CAs?
> We cannot be the first with this requirement...
> 
>> On 19.06.2018 18:22, Sven Anders wrote:
>>>
>>> We want to limit the usage of certificates by defining certain
>>> "Extended Key Usage" (EKU) flags to them.
>>>
>>> As an example, we want to set the "IPSec User" usage (1.3.6.1.5.5.7.3.7) and
>>> only allow connection via IPSec, if it is set. We may use some other flags
>>> out of our own space too.
>>>
>>> How can I check in StrongSwan, if a certain EKU exists?
> 
> 
> Regards
>  Sven Anders
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Checking X509 Extended Key Usage

2018-06-19 Thread Andreas Steffen
Hi Sven,

according to section 5.1.3.12. "ExtendedKeyUsage" of RFC 4945
"The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX"
the IPsec User EKU is deprecated:

   The CA SHOULD NOT include the ExtendedKeyUsage (EKU) extension in
   certificates for use with IKE.  Note that there were three IPsec-
   related object identifiers in EKU that were assigned in 1999.  The
   semantics of these values were never clearly defined.  The use of
   these three EKU values in IKE/IPsec is obsolete and explicitly
   deprecated by this specification.  CAs SHOULD NOT issue certificates
   for use in IKE with them.  (For historical reference only, those
   values were id-kp-ipsecEndSystem, id-kp-ipsecTunnel, and id-kp-
   ipsecUser.)

The only EKU flags our X.509 class supports are ocspSigning, ClientAuth,
and ServerAuth.

Best regards

Andreas

On 19.06.2018 18:22, Sven Anders wrote:
> Hello!
> 
> We want to limit the usage of certificates by defining certain
> "Extended Key Usage" (EKU) flags to them.
> 
> As an example, we want to set the "IPSec User" usage (1.3.6.1.5.5.7.3.7) and
> only allow connection via IPSec, if it is set. We may use some other flags
> out of our own space too.
> 
> How can I check in StrongSwan, if a certain EKU exists?
> 
> Regards
>  Sven Anders
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Loading certificate fails

2018-06-05 Thread Andreas Steffen

Oops, wasn't aware that my pki setup was using the openssl plugin even
though I was loading the x509 plugin in front of the openssl plugin.

Returning to the actual question whether "organisationName" with
OID 2.5.4.10 is an "otherName" type we should support. Since the
value type is encoded explicitly we could handle any otherName
type we have a known OID for.

Regards

Andreas

On 05.06.2018 14:38, Tobias Brunner wrote:

Hi Andreas,


L6 - generalNames:
L7 - generalName:
L8 - otherName:
=> 80 bytes @ 0xd78923
 0: 06 03 55 04 0A A0 49 0C 47 67 65 6D 61 74 69 6B  ..U...I.Ggematik
16: 20 47 65 73 65 6C 6C 73 63 68 61 66 74 20 66 C3   Gesellschaft f.
32: BC 72 20 54 65 6C 65 6D 61 74 69 6B 61 6E 77 65  .r Telematikanwe
48: 6E 64 75 6E 67 65 6E 20 64 65 72 20 47 65 73 75  ndungen der Gesu
64: 6E 64 68 65 69 74 73 6B 61 72 74 65 20 6D 62 48  ndheitskarte mbH
L9 - type-id:
'O'
L9 - value:
=> 73 bytes @ 0xd7892a
 0: 0C 47 67 65 6D 61 74 69 6B 20 47 65 73 65 6C 6C  .Ggematik Gesell
16: 73 63 68 61 66 74 20 66 C3 BC 72 20 54 65 6C 65  schaft f..r Tele
32: 6D 61 74 69 6B 61 6E 77 65 6E 64 75 6E 67 65 6E  matikanwendungen
48: 20 64 65 72 20 47 65 73 75 6E 64 68 65 69 74 73   der Gesundheits
64: 6B 61 72 74 65 20 6D 62 48   karte mbH

which is just being ignored.


It actually isn't.  pki --print only successfully parses the certificate
if the openssl plugin is loaded, otherwise it fails right after the
output you posted above.  The x509 plugin isn't happy about the unparsed
generalName (while parse_otherName() returns TRUE, no id_type or
encoding is returned, so parse_generalName() eventually returns NULL,
which causes x509_parse_generalNames() to fail).

Regards,
Tobias



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Loading certificate fails

2018-06-05 Thread Andreas Steffen
:6d:44:44:dc:3c:ad:50:5c:6e:ab:19:5e:

 13:7d:ac:55:99:58:9d:fd:26:ed:29:97:b7:d5:ed:90:ee:de:

37:eb:32:9e:52:41:47:c2:54:a2:0c:b1:41:f3:0e:ab:07:d9:

 3c:ae:d1:7f:b7:a6:72:12:ac:e1:61:50:b5:c3:ec:3c:6c:d4:

e1:0d:72:47:31:b7:3f:10:22:0d:55:20:74:28:f6:ce:e3:65:

 d1:ea:51:92:39:84:ed:93:d1:23:fb:a6:b7:2a:2b:26:6c:79:

95:60:3a:b6:2f:99:c6:d5:19:50:89:8b:6e:d2:99:cb:70:9e:

 36:1a:21:15:43:50:e6:8b:de:43:8d:80:0f:2c:a9:dd:21:e7:

1a:cb:01:42

If this certificate is used by our Test-Roadwarrior  Charon.log contains:

Jun  5 09:20:56 14[LIB] building CRED_CERTIFICATE - ANY failed, tried 1
builders

Jun  5 09:20:56 14[CFG]   loading certificate from 'my.C_NK_VPN.pem' failed

Kind regards,

Mike.



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] VICI and PSK

2018-05-16 Thread Andreas Steffen

Hi Anthony,

use the load-shared() VICI command:

Load a shared IKE PSK, EAP, XAuth or NTLM secret into the daemon.

{
id = 
type = 
data = 
owners = [

]
} => {
success = 
errmsg = 
}

Regards

Andreas

On 16.05.2018 17:58, Modster, Anthony wrote:

Hello

? how to configure VICI for PSK

Thanks



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] starting strongswan without starter

2018-05-08 Thread Andreas Steffen

Hi Marco,

you can put the following script

https://github.com/strongswan/strongswan/blob/master/testing/hosts/default/etc/init.d/charon

into /etc/init.d/ and either start and stop the charon daemon
manually with

  service charon start|stop

or put the a link to the script into the appropriate runlevel
directories.

Regards

Andreas

On 08.05.2018 11:33, Marco Berizzi wrote:

Hello everyone,

I have compiled strongswan on slackware linux with:

--disable-stroke

and the starter is not builded anymore.

Slackware is one the the few distro which is
not (yet) systemd based.

Which is the correct way to start strongswan
without 'ipsec start' ?



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] IKE_SA_INIT response with notification data missing

2018-04-16 Thread Andreas Steffen

Hi Balaji,

RFC 4739 "Multiple Authenticaton Exchanges in IKEv2"

  https://tools.ietf.org/html/rfc4739#section-3.1

defines the format of the MULTIPLE_AUTH_SUPPORT Notify Payload as

3.1.  MULTIPLE_AUTH_SUPPORTED Notify Payload

   The MULTIPLE_AUTH_SUPPORTED notification is included in the
   IKE_SA_INIT response or the first IKE_AUTH request to indicate that
   the peer supports this specification.  The Notify Message Type is
   MULTIPLE_AUTH_SUPPORTED (16404).  The Protocol ID and SPI Size fields
   MUST be set to zero, and there is no data associated with this Notify
   type.

So I don't understand why you expect notification data?

Regards

Andreas

On 15.04.2018 04:42, Balaji Thoguluva Bapulal wrote:

Dear users,

I am trying to establish a IKEv2/IPsec tunnel from a security gateway
towards strongswan with strongswan acting as a responder. In response to
IKE_SA_INIT request packet, strongswan sends back IKE_SA_INIT response
with a Notify payload of MULTIPLE_AUTH_SUPPORTED with notification data
missing. I have attached the wireshark. It would be great if someone can
explain why this behavior.

[IKEv2]$ ipsec --version

Linux strongSwan U5.3.0/K3.8.13-16.2.1.el6uek.x86_64

Institute for Internet Technologies and Applications

University of Applied Sciences Rapperswil, Switzerland

See 'ipsec --copyright' for copyright information.

The following is the configuration.

config setup

 charondebug=all

conn %default

 keyingtries=1

 keyexchange=ikev2

 reauth=no

conn psk

 left=172.16.55.62

 leftsourceip=%config%

 leftfirewall=no

 leftauth=psk

 leftsubnet=172.16.0.0/16

 right=172.16.135.192

 rightid=172.16.135.192

 rightsubnet=172.16.0.0/16

 rightauth=psk

 esp=3des-aes-sha1-md5-modp1024

 ike=3des-sha1-md5-modp1024

 auto=add

 type=tunnel

Thanks,

Balaji



--
======
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Not Able to Connect

2018-03-29 Thread Andreas Steffen
Hi,

if you want static virtual IPs then you can use one of the following two
mechanism:


https://www.strongswan.org/testing/testresults/ikev2/dhcp-static-client-id/

or

  https://www.strongswan.org/testing/testresults/ikev2/dhcp-static-mac/

Just have a look at the console log how the DHCP server has to
be configured.

Regards

Andreas

On 29.03.2018 20:12, Info wrote:
> 
> On 03/29/2018 10:21 AM, Andreas Steffen wrote:
>> Hi,
>>
>> yes you can fully integrate a remote host into a LAN by using the
>> farp and dhcp plugins on the VPN gateway so that the gateway
>> acts as an ARP proxy for the remote clients. Have a look at the
>> following example scenario based on swanctl:
>>
>>   https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/
>>
>> In swanctl.conf
>>
>>
>> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf
>>
>> use pools = dhcp and in strongswan.conf
>>
>>
>> https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf
>>
>> define the DCHP server to be used.
>>
>> Regards
>>
>> Andreas
> Thanks Andreas.  You likely know (but for the benefit of others), things
> are done differently in RHEL.  For the plugins normally loaded by
> /etc/strongswan/strongswan.conf, in the case of RHEL there's just a call to:
> charon {
>     load_modular = yes
>     plugins {
>     include strongswan.d/charon/*.conf
>     }
> }
> 
> ... and in that directory there's a .conf for each plugin.  Given the
> charon.log, all required plugins are already being loaded without my
> intervention (at least for charon, Idk about swanctl), including farp
> and dhcp.  Since I no longer use the stroke plugin I set in its .conf
> file load = no.  And in dhcp.conf I set  server = 192.168.1.10 which
> will be the LAN DHCP server.
> 
> Thing is since I run servers I've always used static IPs, so I'll have
> to figure out DHCP predictable assignment.  But with the transition to
> IPV6 I will be using DHCP exclusively. (for the love of all that's holy)
> 
> 
> 
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Not Able to Connect

2018-03-29 Thread Andreas Steffen
Hi,

yes you can fully integrate a remote host into a LAN by using the
farp and dhcp plugins on the VPN gateway so that the gateway
acts as an ARP proxy for the remote clients. Have a look at the
following example scenario based on swanctl:

  https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/

In swanctl.conf


https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.swanctl.conf

use pools = dhcp and in strongswan.conf


https://www.strongswan.org/testing/testresults/swanctl/dhcp-dynamic/moon.strongswan.conf

define the DCHP server to be used.

Regards

Andreas

On 29.03.2018 18:57, Info wrote:
> True.  Although I infer that 'pools' might be address pools (as with
> DHCP), I can find no evidence of this.  And I now notice the 'pools'
> definition further down.
> 
> But I'd like this VPN to be 'transparent'.  IOW I'd like my remote
> machines and LAN members to use the same IP as they do in the LAN.  If
> possible I'd like to avoid virtual IPs.  Is there any way to do this?
> 
> And I gather that in the IPSec gateway for the LAN, I can define
> different definitions for different remote machines, but I can't work
> out how this would be structured with swanctl.  I'd actually prefer to
> keep the same definition for all remote initiators, but things may not
> always work out like we want.
> 
> Side question:  I'm also in the process of transitioning the LAN to
> IPV6.  As my ISP will not foreseeably have IPV6 (Frontier Comm)  I'll
> need to use a tunnel broker.  Will this be a problem with Strongswan,
> and can the Android app do IPV6?
> 
> 
> On 03/28/2018 02:35 PM, Andreas Steffen wrote:
>> The connection setup gets now very far but finally fails because
>> the pools defined by
>>
>>  pools = primary-pool-ipv4, primary-pool-ipv6
>>
>> don't seem be defined (have you added a pools section in swanctl.conf?)
>> and therefore no virtual IP can be allocated to the initiator
>>
>> Wed, 2018-03-28 08:31 15[IKE] <ikev2-pubkey|1>
>>   peer requested virtual IP %any
>>   no virtual IP found for %any requested by 'C=US, O=Quantum
>> CN=aries.darkmatter.org'
>>   peer requested virtual IP %any6
>>   no virtual IP found for %any6 requested by 'C=US, O=Quantum
>> CN=aries.darkmatter.org'
>>   no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
>>
>> Regards
>>
>> Andreas
>>
>> On 28.03.2018 17:37, Info wrote:
>>> I have no way of interpreting the syntax of these proposals as there's
>>> no definitive description.  Maybe '-' separates different options in a
>>> category and ',' separates categories?  But it also doesn't explain
>>> "classic and combined-mode algos" nor not to mix them.  I can't know
>>> these things by instinct.
>>>
>>> Something else is wrong with the example.  I copied it -exactly- (except
>>> I used your esp_proposals), and the error log is attached.
>>>
>>>
>>>
>>> On 03/28/2018 02:21 AM, Andreas Steffen wrote:
>>>> Hi,
>>>>
>>>> as your log explicitly says:
>>>>
>>>>> Tue, 2018-03-27 15:13 15[CFG] classic and combined-mode (AEAD)
>>>>> encryption algorithms can't be contained in the same IKE proposal
>>>> Thus instead of
>>>>
>>>> esp_proposals =
>>>>> aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default
>>>> you must define
>>>>
>>>> esp_proposals =
>>>>   aes192gcm16-aes128gcm16-ecp256,aes192-sha256-ecp256-modp3072,default
>>>>
>>>> Regards
>>>>
>>>> Andreas
>>>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Not Able to Connect

2018-03-28 Thread Andreas Steffen
The connection setup gets now very far but finally fails because
the pools defined by

 pools = primary-pool-ipv4, primary-pool-ipv6

don't seem be defined (have you added a pools section in swanctl.conf?)
and therefore no virtual IP can be allocated to the initiator

Wed, 2018-03-28 08:31 15[IKE] <ikev2-pubkey|1>
  peer requested virtual IP %any
  no virtual IP found for %any requested by 'C=US, O=Quantum
CN=aries.darkmatter.org'
  peer requested virtual IP %any6
  no virtual IP found for %any6 requested by 'C=US, O=Quantum
CN=aries.darkmatter.org'
  no virtual IP found, sending INTERNAL_ADDRESS_FAILURE

Regards

Andreas

On 28.03.2018 17:37, Info wrote:
> I have no way of interpreting the syntax of these proposals as there's
> no definitive description.  Maybe '-' separates different options in a
> category and ',' separates categories?  But it also doesn't explain
> "classic and combined-mode algos" nor not to mix them.  I can't know
> these things by instinct.
> 
> Something else is wrong with the example.  I copied it -exactly- (except
> I used your esp_proposals), and the error log is attached.
> 
> 
> 
> On 03/28/2018 02:21 AM, Andreas Steffen wrote:
>> Hi,
>>
>> as your log explicitly says:
>>
>>> Tue, 2018-03-27 15:13 15[CFG] classic and combined-mode (AEAD)
>>> encryption algorithms can't be contained in the same IKE proposal
>> Thus instead of
>>
>> esp_proposals =
>>> aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default
>> you must define
>>
>> esp_proposals =
>>   aes192gcm16-aes128gcm16-ecp256,aes192-sha256-ecp256-modp3072,default
>>
>> Regards
>>
>> Andreas
>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Not Able to Connect

2018-03-28 Thread Andreas Steffen
LOWFISH_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
> Tue, 2018-03-27 15:26 15[CFG]    local_ts = 0.0.0.0/0 ::/0
> Tue, 2018-03-27 15:26 15[CFG]    remote_ts = dynamic
> Tue, 2018-03-27 15:26 15[CFG]    hw_offload = 0
> Tue, 2018-03-27 15:26 15[CFG]    sha256_96 = 0
> Tue, 2018-03-27 15:26 15[CFG]   version = 2
> Tue, 2018-03-27 15:26 15[CFG]   local_addrs = %any
> Tue, 2018-03-27 15:26 15[CFG]   remote_addrs = %any
> Tue, 2018-03-27 15:26 15[CFG]   local_port = 500
> Tue, 2018-03-27 15:26 15[CFG]   remote_port = 500
> Tue, 2018-03-27 15:26 15[CFG]   send_certreq = 1
> Tue, 2018-03-27 15:26 15[CFG]   send_cert = CERT_SEND_IF_ASKED
> Tue, 2018-03-27 15:26 15[CFG]   mobike = 1
> Tue, 2018-03-27 15:26 15[CFG]   aggressive = 0
> Tue, 2018-03-27 15:26 15[CFG]   dscp = 0x00
> Tue, 2018-03-27 15:26 15[CFG]   encap = 0
> Tue, 2018-03-27 15:26 15[CFG]   dpd_delay = 30
> Tue, 2018-03-27 15:26 15[CFG]   dpd_timeout = 0
> Tue, 2018-03-27 15:26 15[CFG]   fragmentation = 2
> Tue, 2018-03-27 15:26 15[CFG]   unique = UNIQUE_NO
> Tue, 2018-03-27 15:26 15[CFG]   keyingtries = 1
> Tue, 2018-03-27 15:26 15[CFG]   reauth_time = 0
> Tue, 2018-03-27 15:26 15[CFG]   rekey_time = 0
> Tue, 2018-03-27 15:26 15[CFG]   over_time = 0
> Tue, 2018-03-27 15:26 15[CFG]   rand_time = 0
> Tue, 2018-03-27 15:26 15[CFG]   proposals =
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
> IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
> Tue, 2018-03-27 15:26 15[CFG]   local:
> Tue, 2018-03-27 15:26 15[CFG]    id = cygnus.darkmatter.org
> Tue, 2018-03-27 15:26 15[CFG]   remote:
> Tue, 2018-03-27 15:26 15[CFG] added vici connection: ikev2-pubkey
> Tue, 2018-03-27 15:26 07[CFG] vici client 1 disconnected
> 
> 
> So long story short, the reason that no one can get swanctl actually
> working is that the docs are chaotic and busted.  I say again:  the docs
> and examples do not work for swanctl.  Docs are supposed to make it
> possible to get something to function, without the destructive
> condescension of frustrated fuctionaries with low self-esteem.  But
> apparently some like it this way.
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Cipher Suite proposals changed in the course of 5.6.0 to 5.6.2

2018-03-19 Thread Andreas Steffen
Hi Rolf,

the correct syntax is

  ike=aes256-sha1-modp1024

Regards

Andreas

On 19.03.2018 02:08, Dr. Rolf Jansen wrote:
> I tried already adding the following line to my ipsec.conf:
> 
>ike = AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> 
> But as expected, this did not work because the syntax for specifying the 
> ciphers is different from the syntax for the actually used proposals. I 
> searched half the day for sort of a translation table or translation aid 
> before I gave up and simply patched the sources.
> 
> That said, what would be the correct ike directive for getting charon simply 
> to accept the above proposal?
> 
> Thank you ver much
> 
> Rolf Jansen
> 
> 
>> Am 18.03.2018 um 20:01 schrieb Noel Kuntze 
>> <noel.kuntze+strongswan-users-ml@thermi.consulting>:
>>
>> Hello,
>>
>> I know that everything looks like a nail, if you only got a hammer, but you 
>> only needed to add a corresponding ike and/or esp line in ipsec.conf to 
>> configure the right ciphers for that particular IKE SA configuration. The 
>> ciphers were removed because they were insecure and now there's an RFC for 
>> that. Take a look at the UsableExamples page.
>>
>> Kind regards
>>
>> Noel
>>
>> On 18.03.2018 23:48, Dr. Rolf Jansen wrote:
>>> I am still using an iPhone 4 with iOS 7.1.2 which cannot be updated to a 
>>> more recent iOS.
>>>
>>> When I am on travel, I use the builtin L2TP/IPsec client in order to 
>>> connect to my FreeBSD home server providing the respective VPN service via 
>>> net/mpd5 + security/strongswan (both of which are installed from the ports 
>>> collection).
>>>
>>> After a recent update from strongSwan 5.6.0 to v5.6.2, my iPhone 4 cannot 
>>> connect anymore. In the server's log I see:
>>>
>>> Mar 18 18:33:05 example charon: 15[CFG] received proposals: 
>>> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, 
>>> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, 
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, 
>>> IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, 
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, 
>>> IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
>>> Mar 18 18:33:05 example charon: 15[CFG] configured proposals: 
>>> IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/MODP_3072, 
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048,
>>>  
>>> IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
>>> Mar 18 18:33:05 example charon: 15[IKE] no proposal found
>>>
>>>
>>> I dug into the strongSwan sources, and I found, that some ciphers were 
>>> disabled. As a hot fix I added on my FreeBSD server a patch file to 
>>> /usr/ports/security/strongswan/files/patch-zz-add-classic-ciphers.local (s. 
>>> attachment), then I executed make deinstall install clean. For the time 
>>> being, this restored the iPhone 4 L2TP/IPsec connectivity.
>>>
>>> I know the iPhone 4 is almost 8 years old, however, mine looks like I 
>>> bought it yesterday, and the battery is still in a perfect shape, and I 
>>> don't want to buy a new one in the foreseeable future. Please may I ask to 
>>> pick the best cipher from the above list which iOS 7.1.2 is aware of, and 
>>> add it to the list of proposals which strongSwan wants to accept.
>>>
>>> Best regards
>>>
>>> Rolf Jansen
>>>
>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Strongswan IPSec VPN is up but does not pass traffic

2018-03-13 Thread Andreas Steffen
rd 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:48 use -
>     tmpl src 10.39.63.211 dst 126.2.1.4
>         proto esp spi 0x(0) reqid 1(0x0001) mode tunnel
>         level required share any
>         enc-mask  auth-mask  comp-mask 
> src 10.2.1.0/24 dst 192.168.199.0/24 uid 0
>     dir fwd action allow index 74 priority 375424 share any flag 
> (0x)
>     lifetime config:
>       limit: soft (INF)(bytes), hard (INF)(bytes)
>       limit: soft (INF)(packets), hard (INF)(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:48 use -
>     tmpl src 126.2.1.4 dst 10.39.63.211
>         proto esp spi 0x(0) reqid 1(0x0001) mode tunnel
>         level required share any
>         enc-mask  auth-mask  comp-mask 
> src 10.2.1.0/24 dst 192.168.199.0/24 uid 0
>     dir in action allow index 64 priority 375424 share any flag 
> (0x)
>     lifetime config:
>       limit: soft (INF)(bytes), hard (INF)(bytes)
>       limit: soft (INF)(packets), hard (INF)(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:48 use -
>     tmpl src 126.2.1.4 dst 10.39.63.211
>         proto esp spi 0x(0) reqid 1(0x0001) mode tunnel
>         level required share any
>         enc-mask  auth-mask  comp-mask 
> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>     socket in action allow index 59 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use 2018-03-12 18:34:33
> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>     socket out action allow index 52 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use 2018-03-12 18:34:28
> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>     socket in action allow index 43 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use 2018-03-12 18:34:39
> src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
>     socket out action allow index 36 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use 2018-03-12 18:34:39
> src ::/0 dst ::/0 uid 0
>     socket in action allow index 27 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use -
> src ::/0 dst ::/0 uid 0
>     socket out action allow index 20 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use -
> src ::/0 dst ::/0 uid 0
>     socket in action allow index 11 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use -
> src ::/0 dst ::/0 uid 0
>     socket out action allow index 4 priority 0 share any flag  (0x)
>     lifetime config:
>       limit: soft 0(bytes), hard 0(bytes)
>       limit: soft 0(packets), hard 0(packets)
>       expire add: soft 0(sec), hard 0(sec)
>       expire use: soft 0(sec), hard 0(sec)
>     lifetime current:
>       0(bytes), 0(packets)
>       add 2018-03-12 18:15:44 use -
> 
> 
> Thanks
> 
> George

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] problem: fetching from hash_and_url

2018-03-01 Thread Andreas Steffen
Hi Mike,

you have to enable and build the curl plugin which in turn
needs the libcurl header files provided e.g. by the
libcurl4-openssl-dev Debian/Ubuntu package.

  make clean
  ./configure  --enable-curl
  make
  sudo make install

Regards

Andreas

On 01.03.2018 12:38, mike.ettr...@bertelsmann.de wrote:
> Hi!
> 
>  
> 
> We want to use certificate exchange by using a hash_and_url-server.
> 
>  
> 
> What we found in the Charon-log is:
> 
>  
> 
> Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate from
> 'http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197' ...
> 
> Mar  1 11:37:45 08[LIB] <RU1-TI|4> unable to fetch from
> http://146.185.113.20/99970a34dffce65a5fb9179d0a23212135b36197, no
> capable fetcher found
> 
> Mar  1 11:37:45 08[CFG] <RU1-TI|4>   fetching certificate failed
> 
> …
> 
> Mar  1 11:37:45 08[ENC] <RU1-TI|4> generating IKE_AUTH response 1 [
> N(AUTH_FAILED) ]
> 
>  
> 
> As I could find in the users-mailing-list a capable fetcher could be
> provided by the curl-plugin.
> 
>  
> 
> Our installations statusall shows:
> 
>  
> 
> sudo ipsec statusall
> 
> Status of IKE charon daemon (strongSwan 5.5.3, Linux
> 4.4.103-6.38-default, x86_64):
> 
>   uptime: 54 minutes, since Mar 01 11:41:29 2018
> 
>   malloc: sbrk 2969600, mmap 0, used 693088, free 2276512
> 
>   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
> 
>   loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509
> pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp
> curve25519 xcbc cmac hmac attr kernel-netlink socket-default stroke vici
> updown xauth-generic
> 
>  
> 
> Do we need to install additional plugins?
> 
>  
> 
> Kind regards,
> 
> Mike.
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] pki --verify Command

2018-02-10 Thread Andreas Steffen
Hi Jafar,

"pki --verify" is a command that is not intended to be used very often.

There are some rare cases where you might be in doubt whether a
certificate trust chain is correct and therefore might want to check
it out by usually increasing the debug level to 3.

Thus no effort has been taken to automate the verification process for
multi-level trust chains. You are free to propose and implement some
extensions to the "pki --verify" command.

Regards

Andreas

On 09.02.2018 22:10, Jafar Al-Gharaibeh wrote:
> Hi,
> 
>    When invoking the "pki --verify" command, the user has to supply all
> of the CA certs along the trust chain for the verification to take place
> appropriately. This could be cumbersome if the trust chain is long
> (>1).  If there are CRLs, they also have to be supplied as well. If the
> certificate store is known (default location for example such as
> /etc/ipsec.d/), shouldn't this all be done automatically? i.e, once you
> know the certificate to be verified,  you can lookup the issuers all the
> way up to the root CA with their associated CRLs. Is there any reason
> why it doesn't work that way, other than nobody gotten around to doing it?
> 
> Regards,
> Jafar
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Strongswan 5.5

2018-02-06 Thread Andreas Steffen
Hi Rajeev,

the private key itself does not pass the key integrity tests of
the gpm plugin. How did you create the private RSA key?

Regards

Andreas

On 07.02.2018 04:43, rajeev nohria wrote:
> 
> 
> I am getting following error. 
> 
> writing RSA key
> 11[LIB] key integrity tests failed
> 11[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 8 builders
> 
> What could be wrong? I verified the certificate and private key from
> following site and they matched.
> 
> https://www.sslshopper.com/certificate-key-matcher.html  
> 
> 
> Thanks in advance,
> 
> Rajeev
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Separate files for crt and key

2018-01-26 Thread Andreas Steffen

Hi Marc,

certificates and keys are always loaded from separate files (with the
exemption of PKCS#12 containers). The certificates are loaded via
leftcert|rightcert entries in ipsec.conf and keys are loaded via
RSA|ECDSA entries in ipsec.secrets. The matching of certs and keys
is done automatically by the strongSwan daemon.

Regards

Andreas

On 26.01.2018 15:01, Marc Roos wrote:

Is it possible to specify separate files for the crt and key? Something
like

leftcert=moonCert.crt
   leftkey=moonCert.key ???




conn rw-eap
left=192.168.0.1
leftsubnet=10.1.0.0/16
leftid=@moon.strongswan.org
leftcert=moonCert.pem
leftauth=pubkey
leftfirewall=yes
rightid=*@strongswan.org
rightauth=eap-md5
rightsendcert=never
right=%any
auto=add



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] dpd not getting triggered

2018-01-12 Thread Andreas Steffen
Hi Kalyani,

strongSwan uses NAT detection payloads in INFORMATIONAL messages with
RFC 4555 MOBIKE which is enabled by default. See

  https://tools.ietf.org/html/rfc4555#section-3.8

Regards

Andreas

On 12.01.2018 07:16, Kalyani Garigipati (kagarigi) wrote:
> Hi,
> 
>  
> 
> Thanks a lot for the reply. It worked. I see the dpd triggering now.
> 
>  
> 
> I am working on a case when dpd from strongswan sends the nat detection
> payloads.
> 
> I wanted to know upon which conditions strongswan would send dpd request
> with nat_detection_src_ip and nat_detection_dst_ip.
> 
>  
> 
> Is it done only in specific case like when strongswan is behind the nat
> ? and strongswan is in remote-access-client ?
> 
>  
> 
> Regards,
> 
> kalyani
> 
>  
> 
> *From:*bls s [mailto:bl...@outlook.com]
> *Sent:* Friday, January 12, 2018 6:40 AM
> *To:* Kalyani Garigipati (kagarigi) <kagar...@cisco.com>;
> users@lists.strongswan.org
> *Subject:* RE: [strongSwan] dpd not getting triggered
> 
>  
> 
> By default dpdaction=none, which disables sending dpd messages.
> 
>  
> 
> *From: *Kalyani Garigipati (kagarigi) <mailto:kagar...@cisco.com>
> *Sent: *Thursday, January 11, 2018 10:47 AM
> *To: *users@lists.strongswan.org <mailto:users@lists.strongswan.org>
> *Subject: *[strongSwan] dpd not getting triggered
> 
>  
> 
> Hi,
> 
> I am using strongswan version 5.6.1
> I found that even though I configured dpd using dpddelay and dpdtimeout,
> dpd is not getting triggered from strongswan client at all even though
> there is no traffic passing.
> Please let me know how to debug this.
> 
> 
> config setup
>  charondebug=all
>     # crlcheckinterval=600
>     # strictcrlpolicy=yes
>     # cachecrls=yes
>     # nat_traversal=yes
>     # charonstart=no
> 
> conn %default
>    ikelifetime=100m
>    keylife=20m
>    rekeymargin=8m
>    keyingtries=1
>    authby=psk
>    keyexchange=ikev2
>    ike=aes256-sha256-modp1024
>    esp=3des-sha1
>    mobike=yes
>    dpddelay=5s
>    dpdtimeout=150s
> 
> # Add connections here.
> 
> # Add connections here.
> conn net-net
>     left=10.127.47.104
>     leftsubnet=10.127.47.104/32
>     leftid=10.127.47.104
>     right=10.104.108.110
>     rightsubnet=10.104.108.110/32
>     rightid=10.104.108.110
>     auto=start
> 
> ~
> Regards,
> kalyani
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] OSCP

2017-12-19 Thread Andreas Steffen

Hi Anthony,

the OCSP server hostname contained in an authorityInfoAccess
extension is resolved by the http fetcher plugin (usually libcurl)
into an IP address. Thus the DNS resolver process is outside
the scope of strongSwan.

Regards

Andreas

On 18.12.2017 18:38, Modster, Anthony wrote:

Hello Andreas

If the OCSP URI is included in the authorityInfoAccess extension:

? How does strongswan obtain the IP address

? Does it need to have a DNS client installed on the host

? Can it support secure DNS

Thanks

-Original Message-
From: Users [mailto:users-boun...@lists.strongswan.org] On Behalf Of Andreas 
Steffen
Sent: Saturday, December 16, 2017 2:23 AM
To: Modster, Anthony <anthony.mods...@teledyne.com>; users@lists.strongswan.org
Subject: Re: [strongSwan] OSCP

Hello Anthony,

if the OCSP URI is not included via an authorityInfoAccess extension in
the end entity certificate itself then an authority section defining an
OCSP URI can be added to swanctl.conf as shown in the link below


https://www.strongswan.net/testing/testresults/swanctl/ocsp-signer-cert/carol.swanctl.conf

Regards

Andreas

On 16.12.2017 00:56, Modster, Anthony wrote:

Hello



? how do we setup OSCP, when using VICI



Is there a writeup for this item.



? what support tools are needed on the host



Thanks







--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Autorisation in vici?

2017-12-18 Thread Andreas Steffen
Hi Michael,

in order to access the charon daemon via a vici UNIX socket you
either must be root or if capability dropping is enabled and
a vpn group is defined, you must be member of that vpn group.

The latter case allows mortals to initiate and terminate connections
without having root access to the configuration and secrets in
swanctl.conf.

In principle the VICI interface could be configured as a TCP network
socket via the charon.plugins.vici.socket option in strongswan.conf.
But because no authentication is required and TLS is currently not
available we strongly advise against enabling vici network sockets.

Best regards

Andreas

On 17.12.2017 14:58, Michael Schwartzkopff wrote:
> Hi,
> 
> 
> is there any kind of authentication / autorization in the vici
> interface? Or does everybody that has access to the socket (or tcp
> socket) full control over charon?
> 
> 
> I did not find anything the docs.
> 
> 
> Mit freundlichen Grüßen,
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] OSCP

2017-12-16 Thread Andreas Steffen
Hello Anthony,

if the OCSP URI is not included via an authorityInfoAccess extension in
the end entity certificate itself then an authority section defining an
OCSP URI can be added to swanctl.conf as shown in the link below


https://www.strongswan.net/testing/testresults/swanctl/ocsp-signer-cert/carol.swanctl.conf

Regards

Andreas

On 16.12.2017 00:56, Modster, Anthony wrote:
> Hello
> 
>  
> 
> ? how do we setup OSCP, when using VICI
> 
>  
> 
> Is there a writeup for this item.
> 
>  
> 
> ? what support tools are needed on the host
> 
>  
> 
> Thanks
> 
>  
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Validating Local Host Own Certificate

2017-12-06 Thread Andreas Steffen

Hi Jafar,

locally loaded certificates are always trusted.

Regards

Andreas

On 07.12.2017 07:44, Jafar Al-Gharaibeh wrote:

Hi,

I have noticed that when configuring the local certificate in a
connection via :

leftcert=cert.pem

   The certificate is loaded and trusted without validating it through
CA/trust-chains. Is this behavior documented anywhere? digging through
documentation I only found old email references  to this. Is this the
expected behavior? Is there a way to force one's own certificate
validation when loaded/used? i.e/ cert.pem above has to be validated
through a CA tustchain.

Thanks,
Jafar


--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] StrongSwan Android app, NO_PROPOSAL_CHOSEN error & Digital Ocean's VPN tutorial

2017-11-20 Thread Andreas Steffen
Hi Alexander,

could you increase the debug level to "cfg 2" on the server which would
show the received and installed crypto algorithms.

Regards

Andreas

On 20.11.2017 16:30, Bugakov, Alexander wrote:
>  Hello,
> 
> I tried to install StrongSwan IKEv2 on DigitalOcean's freshly
> configured server using this tutorial -
> https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-16-04
> 
> I created fresh Ubuntu instance, got an IP address 128.199.36.88 and
> followed all steps in the guide. I've saved server-root-ca.pem to my
> Android phone and installed it. I obtained StrongSwan client from
> Google Play and added profile, choosing the cert, and specifying my
> password and login name.
> 
> I am getting the following in the charon's log on Android:
> 
> Nov 20 17:54:40 00[DMN] Starting IKE charon daemon (strongSwan
> 5.6.1dr3, Android 7.0 - NRD90M/2017-10-01, MI 5s Plus -
> Xiaomi/natrium/Xiaomi, Linux 3.18.31-perf-gb46523a, aarch64)
> Nov 20 17:54:40 00[LIB] loaded plugins: androidbridge charon
> android-log openssl fips-prf random nonce pubkey chapoly curve25519
> pkcs1 pkcs8 pem xcbc hmac socket-default revocation eap-identity
> eap-mschapv2 eap-md5 eap-gtc eap-tls x509
> Nov 20 17:54:40 00[JOB] spawning 16 worker threads
> Nov 20 17:54:40 10[IKE] initiating IKE_SA android[4] to 128.199.36.88
> Nov 20 17:54:40 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No
> N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
> Nov 20 17:54:40 10[NET] sending packet: from 10.220.173.129[46526] to
> 128.199.36.88[500] (704 bytes)
> Nov 20 17:54:40 09[NET] received packet: from 128.199.36.88[500] to
> 10.220.173.129[46526] (36 bytes)
> Nov 20 17:54:40 09[ENC] parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
> Nov 20 17:54:40 09[IKE] received NO_PROPOSAL_CHOSEN notify error
> 
> Here is the log on the server's side:
> 
> Nov 20 14:49:01 vpn charon: 12[NET] received packet: from
> 31.173.82.18[62259] to 128.199.36.88[500] (704 bytes)
> Nov 20 14:49:01 vpn charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
> Nov 20 14:49:01 vpn charon: 12[IKE] 31.173.82.18 is initiating an IKE_SA
> Nov 20 14:49:01 vpn charon: 12[IKE] remote host is behind NAT
> Nov 20 14:49:01 vpn charon: 12[IKE] received proposals inacceptable
> Nov 20 14:49:01 vpn charon: 12[ENC] generating IKE_SA_INIT response 0
> [ N(NO_PROP) ]
> Nov 20 14:49:01 vpn charon: 12[NET] sending packet: from
> 128.199.36.88[500] to 31.173.82.18[62259] (36 bytes)
> Nov 20 14:54:38 vpn charon: 13[NET] received packet: from
> 31.173.82.18[56711] to 128.199.36.88[500] (704 bytes)
> Nov 20 14:54:38 vpn charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
> Nov 20 14:54:38 vpn charon: 13[IKE] 31.173.82.18 is initiating an IKE_SA
> Nov 20 14:54:38 vpn charon: 13[IKE] remote host is behind NAT
> Nov 20 14:54:38 vpn charon: 13[IKE] received proposals inacceptable
> Nov 20 14:54:38 vpn charon: 13[ENC] generating IKE_SA_INIT response 0
> [ N(NO_PROP) ]
> Nov 20 14:54:38 vpn charon: 13[NET] sending packet: from
> 128.199.36.88[500] to 31.173.82.18[56711] (36 bytes)
> N
> 
> Here is my /etc/ipsec.conf:
> 
> config setup
> charondebug="ike 1, knl 1, cfg 0"
> uniqueids=no
> 
> conn ikev2-vpn
> auto=add
> compress=no
> type=tunnel
> keyexchange=ikev2
> fragmentation=yes
> forceencaps=yes
> ike=aes256-sha1-modp1024,3des-sha1-modp1024!
> esp=aes256-sha1,3des-sha1!
> dpdaction=clear
> dpddelay=300s
> rekey=no
> left=%any
> leftid=128.199.36.88
> leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem
> leftsendcert=always
> leftsubnet=0.0.0.0/0
> right=%any
> rightid=%any
> rightauth=eap-mschapv2
> rightdns=8.8.8.8,8.8.4.4
> rightsourceip=10.10.10.0/24
> rightsendcert=never
> eap_identity=%identity
> 
> My  /etc/ipsec.secrets contains:
> 
> 128.199.36.88 : RSA "/etc/ipsec.d/private/vpn-server-key.pem"
> vpnusername %any% : EAP "vpnpasswordredacted"
> 
> What might be the issue?
> 
> Thank you.
> 
> A.
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] what the use (effect) of "righthostaccess=yes"

2017-11-20 Thread Andreas Steffen

Hi Rajiv,

if "left" is local and "right" is remote then only
leftfirewall and lefthostaccess are defined.

rightfirewall and righthostaccess are used when
"right" is local and "left" is remote as in the
following scenario where sides are swapped:


https://www.strongswan.net/testing/testresults/ikev2/config-payload-swapped/

Regards

Andreas

On 20.11.2017 15:15, Rajiv Kulkarni wrote:

Hi

I have a ipsec tunnel deployed/configured as below:

PC1(lan)[GW1](wan)=IPSEC(wan)[GW2](lan)---PC2

PC1-ipaddr: 192.168.22.x
PC2-ipaddr: 192.168.25.x

GW1-lan-ipaddr: 192.168.22.1
GW2-lan-ipaddr: 192.168.25.1


I see that to allow access to 192.168.22.1 from PC2 (via the ipsec
tunnel) i should use the options "lefthostaccess=yes" (and also
leftfirewall=yes)  on GW1

And when we use the options..we have the following iptable rules added
on GW1 (thru the updown script automatically whenever the tunnel is UP)

---
root@lssimgw1:/usr/local/etc# iptables -nvL
Chain INPUT (policy ACCEPT 52 packets, 4680 bytes)
  pkts bytes target prot opt in out source
destination
 0 0 ACCEPT all  --  eth0   * 192.168.22.0/24
<http://192.168.22.0/24> 192.168.25.0/24 <http://192.168.25.0/24>
policy match dir in pol ipsec reqid 1 proto 50

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target prot opt in out source
destination
 0 0 ACCEPT all  --  eth0   * 192.168.22.0/24
<http://192.168.22.0/24> 192.168.25.0/24 <http://192.168.25.0/24>
policy match dir in pol ipsec reqid 1 proto 50
 0 0 ACCEPT all  --  *  eth0 192.168.25.0/24
<http://192.168.25.0/24> 192.168.22.0/24 <http://192.168.22.0/24>
policy match dir out pol ipsec reqid 1 proto 50

Chain OUTPUT (policy ACCEPT 40 packets, 3976 bytes)
  pkts bytes target prot opt in out source
destination
 0 0 ACCEPT all  --  *  eth0 192.168.25.0/24
<http://192.168.25.0/24> 192.168.22.0/24 <http://192.168.22.0/24>
policy match dir out pol ipsec reqid 1 proto 50
root@lssimgw1:/usr/local/etc#


- so once we have the above fw rules in place in the INPUT/OUTPUT
chain,..we can access the GW1-lan-ip from PC2 via the ipsec tunnel
successfully...
- The similar observation is also made for using the lefthostaccess
option on GW2 too..



Now if i use "righthostaccess=yes"...i dont see any rules getting added
in the INPUT/OUTPUT chain...neither in GW1 or in GW2

- So my query is: whats the use of the option
"righthostaccess=yes"...where and when do we use this option?


thanks & regards
Rajiv





--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] Remote Attestation through Cisco ASA

2017-11-15 Thread Andreas Steffen

Hi Mario,

if the Cisco ASA does not tunnel the strongSwan IKE traffic then just
do remote attestation via the PT-TLS protocol. On the client side you
can use the strongSwan pt-tls-client and on the server side add the
tnc-pdp plugin listening on the PT-TLS TCP port 271 to the strongSwan
charon daemon.

Regards

Andreas

On 15.11.2017 23:22, Mario Maldonado wrote:

Hi all,

I wish to use StrongSwan for remote attestation through a Cisco ASA, eg:
StrongSwan gateway 192.168.0.0/24 <http://192.168.0.0/24>
ASA 192.168.1.0/24 <http://192.168.1.0/24> Device

With no ASA I have successfully configured StrongSwan with remote
attestation using the EAP-TTLS plugin. I have also managed to configure
a StrongSwan connection to the ASA, giving me access to the
192.168.0.0/24 <http://192.168.0.0/24> subnet. I am then unable to bring
up the attestation connection. I was hoping it would setup a tunnel
within the ASA tunnel but from what I understand IKE traffic is exempt
from the negotiated tunnel (preventing nested tunnels) and then blocked
by the ASA.

Is there a way around this / a nice way of achieving such a connection?

Can I use StrongSwan for TNC integrity measurement without the tls
tunnel? This way the TPM and IMA measurements can be sent through the
ASA tunnel with no issues. From looking around the docs it looks like
the only way of performing remote attestation is with the EAP-TTLS
plugin? This would also be ideal as the traffic only has to be decrypted
once by the device.

Many thanks,

Mario


--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] No private key found

2017-10-05 Thread Andreas Steffen
thentication:
> 
>     id: fc00:cada:c404:607::1001
> 
>   remote public key authentication:
> 
>   gcpfc00:cada:c404::200: TRANSPORT, rekeying every 3600s
> 
>     local:  fc00:cada:c404:607::1001/128[tcp]
> 
>     remote: 2017::5002/128[tcp]
> 
>   l2tpfc00:cada:c404::200: TRANSPORT, rekeying every 3600s
> 
>     local:  fc00:cada:c404:607::1001/128[l2tp]
> 
>     remote: 2017::5002/128[l2tp]
> 
> 
> 
> 
> root@E6kn-2016:# swanctl --list-certs
> 
> 
> List of X.509 End Entity Certificates
> 
> 
>   subject:  "C=US, O=ARRIS, OU=LOWELL, CN=00:33:5f:ab:8c:9e"
> 
>   issuer:   "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
> 
>   validity:  not before Sep 28 18:18:53 2017, ok
> 
>              not after  Sep 28 18:18:53 2037, ok (expires in 7300 days)
> 
>   serial:    dd:dc:09:21:36:f2:e8:71
> 
>   authkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
> 
>   subjkeyId: 9d:c7:c5:20:f7:bf:0c:fb:39:d2:5d:a2:8f:73:37:f1:f3:e0:a4:f9
> 
>   pubkey:    RSA 2048 bits, has private key
> 
>   keyid:     8d:40:7d:fb:38:7b:4b:e2:fe:00:ba:72:6c:82:63:2b:6b:75:30:6e
> 
>   subjkey:   9d:c7:c5:20:f7:bf:0c:fb:39:d2:5d:a2:8f:73:37:f1:f3:e0:a4:f9
> 
> 
> List of X.509 CA Certificates
> 
> 
>   subject:  "C=US, O=CableLabs, OU=TEST Device CA01, CN=TEST CableLabs
> Device Certification Authority"
> 
>   issuer:   "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
> Root Certification Authority"
> 
>   validity:  not before Dec 09 23:08:49 2014, ok
> 
>              not after  Dec 09 23:08:49 2049, ok (expires in 11755 days)
> 
>   serial:    a0:16:bc:73:85:0e:65:37
> 
>   altNames:  CN=SYMC-3072-5
> 
>   flags:     CA CRLSign 
> 
>   pathlen:   0
> 
>   authkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:59:dd:b6:dc:65:0b:33:54:ff:fb
> 
>   subjkeyId: f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
> 
>   pubkey:    RSA 3072 bits
> 
>   keyid:     b7:98:32:e4:ae:30:02:57:f7:ad:cb:2b:37:41:17:9c:1b:9d:79:28
> 
>   subjkey:   f6:dc:40:8a:89:b6:7b:7a:08:f6:78:b5:4a:28:7a:7f:57:9b:f9:9b
> 
> 
>   subject:  "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
> Root Certification Authority"
> 
>   issuer:   "C=US, O=CableLabs, OU=TEST Root CA01, CN=TEST CableLabs
> Root Certification Authority"
> 
>   validity:  not before Nov 11 17:19:44 2014, ok
> 
>              not after  Nov 11 17:19:44 2064, ok (expires in 17206 days)
> 
>   serial:    b1:b0:d3:be:83:ee:bf:e3
> 
>   altNames:  CN=MPKI-4096-1-206
> 
>   flags:     CA CRLSign self-signed 
> 
>   subjkeyId: 89:62:79:3d:b4:07:c9:f3:c6:97:59:dd:b6:dc:65:0b:33:54:ff:fb
> 
>   pubkey:    RSA 4096 bits
> 
>   keyid:     bd:0e:4c:0f:21:cf:f0:49:af:19:34:3b:c2:64:c5:31:a1:2e:11:07
> 
>   subjkey:   89:62:79:3d:b4:07:c9:f3:c6:97:59:dd:b6:dc:65:0b:33:54:ff:fb
> 
> 
> 
> pki --print --type rsa-priv --in privKey.pem
> 
>   privkey:   RSA 2048 bits
> 
>   keyid:     8d:40:7d:fb:38:7b:4b:e2:fe:00:ba:72:6c:82:63:2b:6b:75:30:6e
> 
>   subjkey:   9d:c7:c5:20:f7:bf:0c:fb:39:d2:5d:a2:8f:73:37:f1:f3:e0:a4:f9
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Permission Denied error

2017-09-18 Thread Andreas Steffen
Hi, try

  sudo -s
  ipsec pki --gen > caKey.der

Regards

Andreas

On 19.09.2017 02:24, R. Masucci wrote:
> I just got StrongSwan installed on Ubuntu 14.04 and I tried to create a
> key using the instructions provided: 
> 
> ipsec pki --gen > caKey.der
> 
> gets me the following error:
> 
> 
> bash: caKey.der: Permission denied
> 
> 
> I tried to run it with sudo and I get the same error.   I assume the key
> would be populated in:
> 
>   /etc/ipsec.d/private
> 
> 
> Any help is appreciated!
> 
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] nonce Length

2017-09-14 Thread Andreas Steffen

Hi Jafar,

the mandatory nonce plugin is a nonce generator which returns
the requested number of random bytes. There are many other places in
the strongSwan code where nonces of variable size are needed
(e.g. for the IKE SPI or for the TLS client or server Hello).

Kind regards

Andreas

On 14.09.2017 17:28, Jafar Al-Gharaibeh wrote:

Hi Andreas,

Thanks for the quick and thorough answer. I did not find that piece
of information (nonce size) in the documentation, but as you noted about
the source code, I did download and dig through the source code
yesterday and came across the the 32 byte number. Thanks for confirming
that.

I also came across nonce plugin configuration:
nonce {
}

Is there really any thing configurable here or is that just there for
completeness?

Kind Regards,
Jafar

On 9/14/2017 1:56 AM, Andreas Steffen wrote:

Hi Jafar,

section 2.10 of IKEv2 RFC 7296 [1] states that

Nonces used in IKEv2
MUST be randomly chosen, MUST be at least 128 bits in size, and MUST
be at least half the key size of the negotiated pseudorandom function
(PRF).  However, the initiator chooses the nonce before the outcome
of the negotiation is known.  Because of that, the nonce has to be
long enough for all the PRFs being proposed.

This is why strongSwan generates nonces with a constant size of 32 bytes
(256 bits) as defined in nonce_payloads.h [2]

   /**
* Nonce size in bytes for nonces sending to other peer.
*/
   #define NONCE_SIZE 32

Best regards

Andreas

[1]https://tools.ietf.org/html/rfc7296#section-2.10
[2]https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/encoding/payloads/nonce_payload.h;h=ee8ad17f789ed4fe6a2e3476fc710b79d74885aa;hb=HEAD#l30


On 13.09.2017 20:37, Jafar Al-Gharaibeh wrote:

Hi,

What is the default length of the nonce used  to establish and rekey
IKE/Child SAs?  is that based on the DH group? and is the length
configurable?

Thanks,
Jafar

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==





--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] nonce Length

2017-09-14 Thread Andreas Steffen
Hi Jafar,

section 2.10 of IKEv2 RFC 7296 [1] states that

   Nonces used in IKEv2
   MUST be randomly chosen, MUST be at least 128 bits in size, and MUST
   be at least half the key size of the negotiated pseudorandom function
   (PRF).  However, the initiator chooses the nonce before the outcome
   of the negotiation is known.  Because of that, the nonce has to be
   long enough for all the PRFs being proposed.

This is why strongSwan generates nonces with a constant size of 32 bytes
(256 bits) as defined in nonce_payloads.h [2]

  /**
   * Nonce size in bytes for nonces sending to other peer.
   */
  #define NONCE_SIZE 32

Best regards

Andreas

[1]https://tools.ietf.org/html/rfc7296#section-2.10
[2]https://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/encoding/payloads/nonce_payload.h;h=ee8ad17f789ed4fe6a2e3476fc710b79d74885aa;hb=HEAD#l30

On 13.09.2017 20:37, Jafar Al-Gharaibeh wrote:
> Hi,
> 
>What is the default length of the nonce used  to establish and rekey 
> IKE/Child SAs?  is that based on the DH group? and is the length
> configurable?
> 
> Thanks,
> Jafar

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Default value of inactivity in ipsec.conf

2017-09-12 Thread Andreas Steffen

Hi Terry,

by default no inactivity timer is set. In the default case
the CHILD SA exists until it expires.

Regards

Andreas

On 12.09.2017 08:50, Terry Wang wrote:

Hi folks,

I've been assigned to review IPsec VPN deployment configurations
(hundreds of strongSwan 5.3.2).

I want to understand how CHILD_SAs are closed if there is no traffic
sent or received.

Based on: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection

`inactivity` defines the timeout interval after which a CHILD_SA (phase
2 SA) is closed if it does not send or receive any traffic.

I've looked at the source code:

  * src/libcharon/config/child_cfg.c
  * src/libcharon/config/child_cfg.h

There is no default value assigned to the variable inactivity
(uint32_t). So how does charon (strongSwan) decide when to close a
CHILD_SA if no traffic is sent/received.

Thanks,
Terry



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==


Re: [strongSwan] Strongswan and TPM

2017-08-31 Thread Andreas Steffen
Hi John,

currently strongSwan supports signature keys residing in the NVRAM
of the TPM 2.0, only. These can be accessed using the object handle
range 0x8101. Private keys stored in the NVRAM of the TPM 2.0
have the big advantage that you can wipe the hard disk or SSD
without irretrievably losing the keys.

But as you correctly mention in principle an unlimited number of
keys can be stored in encrypted form outside the TPM. With the TPM 2.0
you have to load them into NVRAM first, before you can do any
signature operations. strongSwan does not support external keys, though.

strongSwan does not offer any signature key support for the TPM 1.2.
The TPM 1.2 can be used for attestation, only (implemented by the
Attestion IMC dynamic library) where the TPM 1.2 loads an external
attestation key blob and generates a Quote signature over a certain
number of PCR registers.

Hope this helps.

Andreas

On 31.08.2017 10:46, John Brown wrote:
> Hi Tobias/Hi all,
> After some reading I have a conclusion that TPM 2.0 can only be used
> with strongswan 5.5.2 or newer.
> The example that the strongswan wiki provides shows storing the keys
> inside the tpm (as far as I understand the example correctly). But all
> the tpm sources I've read states that the keys can also be stored
> externally but in encrypted form by the tpm. Is this a general rule that
> can also be used with strongswan?
> Additionaly, an example shows usage with swanctl.conf. Can ipsec.conf be
> also used?
> 
> What about TPM 1.2? I've found that it is mentioned in TNC. But can I
> use TPM 1.2 only for key storage in strongswan? If yes, which version of
> strongswan is the oldest that can be used for this?
> 
> Best regards,
> John
> 
> 
> 2017-07-18 12:46 GMT+02:00 John Brown <jb20141...@gmail.com
> <mailto:jb20141...@gmail.com>>:
> 
> Hi Tobias,
> Thank you for your answer. I'm on the first stage of learning TPM
> but as far as I understand the general rule the private key should
> not be accessible and that was a reason that aforementioned log
> message drew my attention. This wiki page I've read is the only way
> I can learn TPM and strongswan cooperation or there are some more
> detailed explanations somewhere how the process is going?
> 
> Best regards,
> John
> 
> 
> 2017-07-18 12:05 GMT+02:00 Tobias Brunner <tob...@strongswan.org
> <mailto:tob...@strongswan.org>>:
> 
> Hi John,
> 
> > and I conclude from this example, that private key stored in TPM is
> > loaded to program memory the same way as if it was stored in a file 
> (log
> > message: "...charon-systemd[21165]: loaded RSA private key from 
> token").
> > Am I correct?
> 
> No, that's only the generic log message that you'll see for any
> private
> key loaded by the configuration backend, whether that private key is
> actually loaded into memory or it's just a reference to a key
> (as is the
> case here).  Private keys on PKCS#11 tokens or in a TPM can't be
> accessed directly, so they never end up in memory.
> 
> Regards,
> Tobias
> 
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] SHA1 vs SHA256

2017-08-04 Thread Andreas Steffen
Hi Dusan,

hmmm, our documentation says that the correct ESP SHA256_128 HMAC
truncation was introduced with the 2.6.33 kernel but your kernel
might not be a vanilla 2.6.36 kernel:

 https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites

 (ESP integrity algorithm footnote n)

Regards

Andreas

On 04.08.2017 16:41, Dusan Ilic wrote:
> Hi Andreas
> 
> One side is 2.6.36 and the other 3.10.20
> 
> 
> Den 2017-08-04 kl. 12:48, skrev Andreas Steffen:
>> Hi Dusan,
>>
>> this is a Linux kernel issue. Which kernel versions are you running
>> on the two endpoints?.
>>
>> Regards
>>
>> Andreas
>>
>> On 04.08.2017 12:41, Dusan Ilic wrote:
>>> Hi Noel,
>>>
>>> One side is Strongswan 5.2.2 and the other is 5.5.2.
>>> How do I switch?
>>>
>>>
>>> Den 2017-08-04 kl. 12:25, skrev Noel Kuntze:
>>>> the remote peer probably uses the DRAFT variant of sha2-256, which
>>>> uses 96 bit truncation. strongSwan uses the actual standardized
>>>> variant that truncates to 128 bit.
>>>> You can switch between the two in the newest version of strongSwan
>>>>
>>>> On 04.08.2017 12:23, Dusan Ilic wrote:
>>>>> Hello!
>>>>>
>>>>> I have a strange issue, with both settings below the tunnel goes up
>>>>> as it should, but only with SHA1 in ESP traffic goes through. When I
>>>>> ping the remote client with ESP SHA256 it times out, even though the
>>>>> tunnel reports as being up by Strongswan.
>>>>>
>>>>> Traffic working:
>>>>>
>>>>> ike=aes256-sha256-modp2048!
>>>>> esp=aes128-sha1-modp2048!
>>>>>
>>>>> Traffic not working:
>>>>>
>>>>> ike=aes256-sha256-modp2048!
>>>>> esp=aes256-sha256-modp2048!
>>>>>
>>>>> Below combo doesn't work either:
>>>>>
>>>>> ike=aes256-sha256-modp2048!
>>>>> esp=aes128-sha256-modp2048!
>>>>>
>>>>>
>>>>> Also, are above settings good? I'm having AES128 on ESP because with
>>>>> AES256 I loose too much througput. Do you have any suggestions for
>>>>> change?
>>>>>
>>>>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] SHA1 vs SHA256

2017-08-04 Thread Andreas Steffen
Hi Dusan,

this is a Linux kernel issue. Which kernel versions are you running
on the two endpoints?.

Regards

Andreas

On 04.08.2017 12:41, Dusan Ilic wrote:
> Hi Noel,
> 
> One side is Strongswan 5.2.2 and the other is 5.5.2.
> How do I switch?
> 
> 
> Den 2017-08-04 kl. 12:25, skrev Noel Kuntze:
>> the remote peer probably uses the DRAFT variant of sha2-256, which
>> uses 96 bit truncation. strongSwan uses the actual standardized
>> variant that truncates to 128 bit.
>> You can switch between the two in the newest version of strongSwan
>>
>> On 04.08.2017 12:23, Dusan Ilic wrote:
>>> Hello!
>>>
>>> I have a strange issue, with both settings below the tunnel goes up
>>> as it should, but only with SHA1 in ESP traffic goes through. When I
>>> ping the remote client with ESP SHA256 it times out, even though the
>>> tunnel reports as being up by Strongswan.
>>>
>>> Traffic working:
>>>
>>> ike=aes256-sha256-modp2048!
>>> esp=aes128-sha1-modp2048!
>>>
>>> Traffic not working:
>>>
>>> ike=aes256-sha256-modp2048!
>>> esp=aes256-sha256-modp2048!
>>>
>>> Below combo doesn't work either:
>>>
>>> ike=aes256-sha256-modp2048!
>>> esp=aes128-sha256-modp2048!
>>>
>>>
>>> Also, are above settings good? I'm having AES128 on ESP because with
>>> AES256 I loose too much througput. Do you have any suggestions for
>>> change?
>>>
>>>
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] charon unmet dependency on native android build

2017-05-25 Thread Andreas Steffen

Hi Nathan,

you are missing the nonce and sha1 plugins which are required for
charon to start up successfully.

Regards

Andreas

On 25.05.2017 01:37, Nathan Bahr wrote:

Hello,

I've been trying to cross compile strongswan to run on android natively
and I am having trouble starting the charon daemon.

The output I get is (I get the same log output if I do ipsec start
instead of executing charon directly):

root@kltetmo:/ # charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 3.4.0, armv7l)
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet
dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon'
has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon'
has unmet dependency: HASHER:HASH_SHA1
00[LIB] failed to load 3 critical plugin features



> 00[DMN] initialization failed - aborting charon
root@kltetmo:/ # pki --help
strongSwan 5.5.2 PKI tool
loaded plugins: aes des rc2 sha2 sha1 md5 random x509 revocation pkcs1
pkcs7 pkcs8 pkcs12 dnskey sshkey pem gmp hmac


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature


Re: [strongSwan] listen interface specification

2017-05-02 Thread Andreas Steffen
wrote:

Hi,
I am using strongswan 5.1.2 on Ubuntu 14.04 and I need
to specify the IP address on which to listen on. I found
some ipsec.conf manpages
(https://linux.die.net/man/5/ipsec.conf
<https://linux.die.net/man/5/ipsec.conf>) which suggest
a config item "listen", but strongswan 5.1.2 at least
doesn't seem to have this option.

Is there not a way to specify the listen IP address? In
my case, this IP address is actually on the loopback
interface. As long as I can specify the listen
interface, I should be fine.

config setup
*listen=10.100.0.5*

conn %default
 ikelifetime=60m
 keylife=20m
 rekeymargin=3m
 keyingtries=1
 keyexchange=ikev2
 authby=rsasig

conn 10.10.10.8
 type=transport
 left=10.100.0.5
 leftcert=left.cert
 leftsendcert=always
 rightcert=right.cert
 right=10.10.10.8
 auto=start

*/etc/ipsec.conf:7: unknown keyword 'listen' [10.100.0.5]*
*unable to start strongSwan -- fatal errors in config*


--
Piyush Agarwal
Life can only be understood backwards; but it must be
lived forwards.




--
Piyush Agarwal
Life can only be understood backwards; but it must be lived
forwards.




--
Piyush Agarwal
Life can only be understood backwards; but it must be lived
forwards.




--
Piyush Agarwal
Life can only be understood backwards; but it must be lived forwards.




--
Piyush Agarwal
Life can only be understood backwards; but it must be lived forwards.


___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] remote_addrs with more than one IP address

2017-04-27 Thread Andreas Steffen
Hi Vijaya,

the functionality of multiple remote addresses, address ranges or
address subnets is rather intended for use by the responder,
allowing to restrict the hosts that are allowed to connect.

Regards

Andreas

On 27.04.2017 13:20, Vijaya Venkatachalam wrote:
> hi,
> 
> I am using VICI strongswan interface to build an application to start an
> IPsec connection.
> Now in my configuration, I have specified two IP addresses in remote_addrs.
> But when I initiate the connection, it only establishes connection with
> the first IP address.
> And if no ipsec is running on the first IP address, it does not fallback
> on the second IP address.
> 
> Does this mean currently there is no support for failover to the one or
> more IP addresses specified in the remote_addrs list??
> 
> can you pls clarify this.
> 
> cheers,
> vijaya

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Security Associations

2017-04-06 Thread Andreas Steffen
Hi Filip,

since you set up an IP route policy in the kernel, the first IP packet
from the 192.168.3.0/26 subnet with destination 10.2.0.0/24 will
trigger the IKEv2 negotiation an set up the active tunnel.

Regards

Andreas

On 06.04.2017 13:06, Filip Maroul wrote:
> Hello today I start configuring strangswan as net2net witj IKEv2. I
> think everything works so far and heve this ipsec statusall:
> 
> Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64,
> x86_64):
>   uptime: 17 minutes, since Apr 06 11:09:15 2017
>   malloc: sbrk 1462272, mmap 0, used 298784, free 1163488
>   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
> scheduled: 0
>   loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509
> revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
> pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve
> socket-default stroke updown
> Listening IP addresses:
>   192.168.100.200
>   192.168.3.59
> Connections:
>  net-net:  192.168.100.200...192.168.101.154  IKEv2
>  net-net:   local:  [neptun.test.local] uses pre-shared key
> authentication
>  net-net:   remote: [pluto.test.local] uses pre-shared key
> authentication
>  net-net:   child:  192.168.3.0/26 === 10.2.0.0/24 TUNNEL
> Routed Connections:
>  net-net{1}:  ROUTED, TUNNEL
>  net-net{1}:   192.168.3.0/26 === 10.2.0.0/24
> Security Associations (0 up, 0 connecting):
>   none
> 
> Problem is I have no SA Associations.
> 
> 
> I attach conf file from both sites. I have strongswan 5.2.1 on Debian 8 x64
> 
> Thank you for any help.
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Config/Install compiled strongswan

2017-03-07 Thread Andreas Steffen
Hi Di,

could you provide a log of the daemon's startup which would show what
actually fails? What does "swanctl --stats" or alternatively "ipsec
statusall" show?

Regards

Andreas

On 08.03.2017 02:07, 吕迪 wrote:
> Hi Andreas,
> 
> I tried the default setup, but it's still not binding to port 500. Is
> there any other place I should look at?
> 
> Thanks,
> Di
> 
> 
> 2017-03-07 14:36 GMT-08:00 Andreas Steffen
> <andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>>:
> 
> Hi,
> 
> selecting the --enable-all option is not a good idea. This might
> lead to the loading of conflicting socket plugins preventing the
> charon daemon of starting up at all.
> 
> Couldn't you just start with the default setup
> 
>   ./configure --prefix=/usr --sysconfdir=/etc
>   make
>   sudo make install
> 
> at the outset and enabling additional desired plugins later on?
> 
> Regards
> 
> Andreas
> 
> On 07.03.2017 22:58, 吕迪 wrote:
> > Hi,
> >
> > I tried to compile and install a strongswan on my computer by doing
> >
> >> ./configure --prefix=/usr --sysconfdir=/etc --enable-all
> >> make
> >> sudo make install
> > ,
> > but the charon process is not binding to port 500 for ike when I do
> > "sudo ipsec start".
> >
> > When I run "sudo lsof -i:500 -n -P", nothing shows up.
>     >
> > Please give me some help on this, anything l missed or I should
> configure?
> >
> > Thanks,
> > Di
> 
> ==
> Andreas Steffen   
>  andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>
> strongSwan - the Open Source VPN Solution! 
> www.strongswan.org <http://www.strongswan.org>
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===[INS-HSR]==
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Config/Install compiled strongswan

2017-03-07 Thread Andreas Steffen
Hi,

selecting the --enable-all option is not a good idea. This might
lead to the loading of conflicting socket plugins preventing the
charon daemon of starting up at all.

Couldn't you just start with the default setup

  ./configure --prefix=/usr --sysconfdir=/etc
  make
  sudo make install

at the outset and enabling additional desired plugins later on?

Regards

Andreas

On 07.03.2017 22:58, 吕迪 wrote:
> Hi,
> 
> I tried to compile and install a strongswan on my computer by doing
> 
>> ./configure --prefix=/usr --sysconfdir=/etc --enable-all
>> make
>> sudo make install
> ,
> but the charon process is not binding to port 500 for ike when I do
> "sudo ipsec start".
> 
> When I run "sudo lsof -i:500 -n -P", nothing shows up.
> 
> Please give me some help on this, anything l missed or I should configure?
> 
> Thanks,
> Di

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Can strongSwan support 100k concurrent connections?

2017-01-16 Thread Andreas Steffen

On 16.01.2017 20:39, Varun Singh wrote:

On Mon, Jan 16, 2017 at 6:04 PM, Michael Schwartzkopff <m...@sys4.de> wrote:

Am Montag, 16. Januar 2017, 20:06:45 schrieb Andreas Steffen:

Hi Varun,

we have customers who have successfully been running up to 60k
concurrent tunnels. In order to maximize performance please have
a look at the use of hash tables for IKE_SA lookup

https://wiki.strongswan.org/projects/strongswan/wiki/IkeSaTable

as well as job priority management

https://wiki.strongswan.org/projects/strongswan/wiki/JobPriority

We also recommend to use file-based logging since writing to syslog
extremely slows down the charon daemon

https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

The bottleneck for IKE processing is the Diffie-Hellman key exchange
where 70-80 % of the computing effort is spent. Use the ecp256 or
the new curve25519 (available with strongSwan 5.5.2) DH groups for
maximum performance.

ESP throughput is limited by the number of available cores and the
processor clock frequency. Use aes128gcm16 for maximum performance.

Best regards

Andreas

On 16.01.2017 19:00, Varun Singh wrote:

Hi,
As I understand, strongSwan supports scalability from 4.x onwards. I
am new to strongSwan and to VPN in general.
I have setup a strongSwan 5.3.5 installed on Ubuntu 16.04LTS.
Though I have read that strongSwan supports scalability, I couldn't
find stats to support it.
Before adopting strongSwan, my team wanted to know *if it can support
upto 100k simultaneous connections*. Hence I need to find pointers to
obtain this kind of information.


hi,

I think further scaling might be possible with loadbalancers. But this is
topic of deeper investigation of the project.

Mit freundlichen Grüßen,

Michael Schwartzkopff

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users


Thanks Michael,
I was just searching whether load balancing is supported by strongSwan
or not. Came across this thread:
https://lists.strongswan.org/pipermail/users/2013-November/005615.html

But this didn't lead to any conclusion.
So is load balancing supported by strongSwan?


Have a look at strongSwan's High Availability (HA) solution

  https://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability

which can be run in an active-active mode where the load-balancing
is achieved by Cluster IP.

Andreas

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Android TNC server basic setup

2017-01-14 Thread Andreas Steffen

Hi Mark,

the strongTNC guide tells you how to create the config.db database:

https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc#Initialize-PTS-Database

Andreas

On 15.01.2017 04:15, Mark M wrote:

Andreas,

The guides that I follow do not create the /etc/pts/config.db database?

Thanks,

Mark


On Thursday, January 12, 2017 2:26 PM, Mark M <mark0...@yahoo.com> wrote:


Andreas,

Thank you for the info,

Now when I follow the guide to install the policy manager I only get the
default apache page.

I am following this guide -
https://wiki.strongswan.org/projects/strongswan/wiki/StrongTNC

Thanks,

Mark


On Thursday, January 12, 2017 6:09 AM, Andreas Steffen
<andreas.stef...@strongswan.org> wrote:


Hi Mark,

you can find a [little-outdated] TNC server configuration HOWTO
under the following link:

https://wiki.strongswan.org/projects/strongswan/wiki/TNCS

In the meantime the TNC measurement policies are not hard-coded
any more in /etc/strongswan.conf but can be configured via the
strongTNC policy manager available from the strongSwan gitHub
repository

https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc

The IMVs on the strongTNC server must now connect to the strongTNC
/etc/pts/config.db database. A sample configuration can be found here


https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Set-up-the-Attestation-Server

Hope this helps!

Andreas

On 11.01.2017 10:43, Mark M wrote:
 > Hi,
 >
 > I would like to setup a basic demo of the android client using TNC
 > connecting to a strongSwan server as show in in this guide -
 > https://wiki.strongswan.org/projects/strongswan/wiki/BYOD
 >
 > Is there a guide I can follow for a basic strongSwan server setup to
 > test out TNC with the android client? And is there anything special that
 > needs to be configured on the android client or does the android client
 > support TNC by default?
 >
 > Thanks,
 >
 > Mark


==========
Andreas Steffen andreas.stef...@strongswan.org
<mailto:andreas.stef...@strongswan.org>
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==







--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Android TNC server basic setup

2017-01-12 Thread Andreas Steffen

Hi Mark,

you can find a [little-outdated] TNC server configuration HOWTO
under the following link:

  https://wiki.strongswan.org/projects/strongswan/wiki/TNCS

In the meantime the TNC measurement policies are not hard-coded
any more in /etc/strongswan.conf but can be configured via the
strongTNC policy manager available from the strongSwan gitHub
repository

 https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc

The IMVs on the strongTNC server must now connect to the strongTNC 
/etc/pts/config.db database. A sample configuration can be found here



https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Set-up-the-Attestation-Server

Hope this helps!

Andreas

On 11.01.2017 10:43, Mark M wrote:

Hi,

I would like to setup a basic demo of the android client using TNC
connecting to a strongSwan server as show in in this guide -
https://wiki.strongswan.org/projects/strongswan/wiki/BYOD

Is there a guide I can follow for a basic strongSwan server setup to
test out TNC with the android client? And is there anything special that
needs to be configured on the android client or does the android client
support TNC by default?

Thanks,

Mark


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Resubmission as plaintext - Strongswan with ESP-NULL and ESP-NONE , NULL encryption and NONE integrity

2017-01-06 Thread Andreas Steffen
 inside, IKE Peer 10.1.9.119  local Proxy Address 192.168.2.0, 
remote Proxy Address 0.0.0.0,  Crypto map (outside_map)
Jan 06 16:17:41 [IKEv1]IP = 10.1.9.119, Connection landed on tunnel_group 
10.1.9.119
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Automatic NAT 
Detection Status: Remote end is NOT behind a NAT device This   end is 
NOT behind a NAT device
Jan 06 16:17:41 [IKEv1]IP = 10.1.9.119, Connection landed on tunnel_group 
10.1.9.119
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, PHASE 1 COMPLETED
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Generating secret 
keys: unknown encryption algorithm!
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Generating secret 
keys: unknown encryption algorithm!
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Security 
negotiation complete for LAN-to-LAN Group (10.1.9.119)  Initiator, Inbound SPI 
= 0x068a607a, Outbound SPI = 0xc86c05d2
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, QM FSM error (P2 struct 
&0x76f85318, mess id 0x3345b948)!
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Removing peer from 
correlator table failed, no match!
Jan 06 16:17:41 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Session is being 
torn down. Reason: Unknown
---

ASA with NULL-SHA:


ciscoasa(config)# Jan 06 16:19:44 [IKEv1]IP = 10.1.9.119, Connection landed on 
tunnel_group 10.1.9.119
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Automatic NAT 
Detection Status: Remote end is NOT behind a NAT device This   end is 
NOT behind a NAT device
Jan 06 16:19:44 [IKEv1]IP = 10.1.9.119, Connection landed on tunnel_group 
10.1.9.119
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, PHASE 1 COMPLETED
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Generating secret 
keys: unknown encryption algorithm!
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Generating secret 
keys: unknown encryption algorithm!
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, Security 
negotiation complete for LAN-to-LAN Group (10.1.9.119)  Initiator, Inbound SPI 
= 0xae679c9a, Outbound SPI = 0xcef968c7
Jan 06 16:19:44 [IKEv1]Group = 10.1.9.119, IP = 10.1.9.119, PHASE 2 COMPLETED 
(msgid=ee427ffd)
---
's


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] AH Transport AES CMAC PSK

2016-11-27 Thread Andreas Steffen
Hi Gyula,

the Linux kernel does not support AES_CMAC but strongSwan has IKE
support via the cmac plugin which is enabled by default.

Regards

Andreas

On 27.11.2016 14:46, Gyula Kovács wrote:
> Hello,
> 
> I tried to set up an ikev2/host2host-ah connectionwith pre-shared key.
> The connection failed, when choosing aescmac as integrity algorithm.
> The connection was successfully built up when choosing aesxcbc integrity
> algorithm.
> I tried this scenario on two Debian 8.6 VMs (kernel 3.16.0-4-586 with
> CONFIG_CRYPTO_CMAC=m option set) with the latest StrongSwan (v5.5.1).
> I checked the log files, and found "algorithm AES_CMAC_96 not supported
> by kernel!" message.
> Additionally, I found that AES-CMAC-96 is not supported by StrongSwan
> (https://wiki.strongswan.org/projects/strongswan/wiki/IpsecStandards).
> 
> From where comes this limitation?
> Does it come from StrongSwan implementation or from Linux kernel (as
> suggested by the error message)?
> Does anybody have ideas?
> 
> Best regards,
> Gyula Kovacs
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] how to use 'rightca' connection option?

2016-11-23 Thread Andreas Steffen

Hi John,

could you send me a log file showing that a CA different from the CA
requested by rightca is accepted?

Best regards

Andreas

On 23.11.2016 16:41, John Brown wrote:

Hello all,

I'm using Linux strongSwan U5.2.1/K3.4.112 and I'm trying to implement
rightca option in ipsec.conf file but without a success.

As far as I understand the documentation, if rightca contains DN of a
certificate authority which lies in the trust path from the end device
cert to rootca, authentication process will pass (assuming that other
elements are configured fine) otherwise will fail and this is the
functionality I need. But in my scenario,  whatever is the value of
rightca, the authentication process pass with success.

I've put rightca on the initiator of IKEv2 tunnel, root ca chain path
lenght is 2 (root ca->sub1->sub2->end device cert). Currently only root
ca is installed in /etc/ipsec.d/cacerts.

Part of the connection config:

conn lap1
 auto=add
 left=%any
 right=192.168.1.1
 rightsubnet=10.0.0.0/24 <http://10.0.0.0/24>
 ...
 leftauth=pubkey
 rightauth=pubkey
 leftcert=cert.crt
 rightid="CN=*, ST=S, C=Cccc, E=E@, O=Oo, L=Lll,
OU=*, OU=Ouu"
 rightca="CN=aa, ST=aa, C=aa, E=aa, O=aa, L=aa, OU=aa, OU=aa"

I've changed values of fields in righid, but rightca is taken from real
config without modification.

I'm probably missing something obvious, or does not understand this
feature, but I have no idea, what this can be.

Does anybody knows?

Best regards,
John,


==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] triggering MOBIKE in strongswan

2016-11-16 Thread Andreas Steffen
Hi Ravi,

yes, your understanding is correct. Our MOBIKE example scenario

https://www.strongswan.org/testing/testresults/ikev2/mobike/index.html

shows the interface change:

13[IKE] peer supports MOBIKE
07[KNL] 192.168.0.50 disappeared from eth1
15[KNL] interface eth1 deactivated
16[KNL] fec0::5 disappeared from eth1
07[KNL] fe80::5054:ff:fe3b:cd7 disappeared from eth1
12[IKE] old path is not available anymore, try to find another
12[IKE] looking for a route to 192.168.0.2 ...
12[IKE] requesting address change using MOBIKE
12[ENC] generating INFORMATIONAL request 2 [ ]
12[IKE] checking path 10.1.0.10[4500] - 192.168.0.2[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (80 bytes)
12[IKE] checking path 10.1.0.10[4500] - 10.2.0.1[4500]
12[NET] sending packet: from 10.1.0.10[4500] to 10.2.0.1[4500] (80 bytes)
15[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (80
bytes)
15[ENC] parsed INFORMATIONAL response 2 [ ]
15[ENC] generating INFORMATIONAL request 3 [ N(UPD_SA_ADDR) N(NATD_S_IP)
N(NATD_D_IP) N(COOKIE2) N(ADD_6_ADDR) ]
15[NET] sending packet: from 10.1.0.10[4500] to 192.168.0.2[4500] (192
bytes)
13[NET] received packet: from 192.168.0.2[4500] to 10.1.0.10[4500] (160
bytes)
13[ENC] parsed INFORMATIONAL response 3 [ N(NATD_S_IP) N(NATD_D_IP)
N(COOKIE2) ]

Regards

Andreas

On 16.11.2016 15:54, Ravi Kanth Vanapalli wrote:
> Hi,
> 
>I wanted to know how is MOBIKE triggered in Strongswan.
>I have setup an IKEv2 connection to the gateway with MOBIKE enabled.
> I confirmed it from the logs.
>My understanding of MOBIKE is, if the default route to the gateway is
> changed i.e lets say from IP1 to IP2.  IP1 is on interface 1 , IP2 is on
> interface 2, UE triggers MOBIKE based IKE SA update to update the source
> IP. strongswan doesn't bind to any specific interface for sending the
> packets out to the ipsec gateway.
> Could you please confirm if this understanding is correct.
> 
> 
> -- 
> Regards,
> 
> RaviKanth VN Vanapalli
> Email: vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>
> 
> 
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] libhydra

2016-11-15 Thread Andreas Steffen
Hi Joy,

kernel_ipsec_t just defines a standardized strongSwan interface, but
the actual interface code is in the plugins. So if you have an IPsec
ESP implementation of your own, e.g. a HW accelerator then you have
to write a plugin of your own.

Best regards

Andreas

BTW - In the latest strongSwan releases libhydra doesn't exist any more.
  The functionality has been moved back to libcharon.

On 15.11.2016 17:01, Joy Latten wrote:
> Hi Tobias,
> 
> Thank you!
> So is it safe to conclude that without a plugin, libhydra does nothing?
> (I think you get return of "NOT_SUPPORTED".)
> And libhydra is required in order for charon/ike to manage SAs and SPs
> with kernel.
> 
> Again, thanks!
> 
> regards,
> Joy
> 
> On 11/15/2016 01:53 AM, Tobias Brunner wrote:
>> Hi Joy,
>>
>>> Any new plugin for talking
>>> to the kernel would require a kernel_ipsec_t as well. Is this correct?
>>
>> Yes.
>>
>> Regards,
>> Tobias
>>
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Why doesn't table 220 change forwarded packets source IP address?

2016-11-06 Thread Andreas Steffen

Hi Richard,

the table 220 source IP routing rule applies to packets originating
from the VPN gateway itself, only . If you want roadwarriors from a
subnet behind the GW to assume this address then you have to NAT them
to the GW's address. Since the table 220 rule usually maps the GW's
source address to the local interface on the subnet I don't see
the sense of the roadwarriors belonging to this subnet to assume
the gateway's internal address.

Regards

Andreas

On 05.11.2016 18:01, Richard Chan wrote:

Hi, in the roadwarrior configuration, from a conceptual point of view,
why doesn't table 220 change the source IP address of forwarded packets
(say the roadwarrior has a subnet behind it)?

# ip ro sho table 220
10.0.0.0/8 <http://10.0.0.0/8> via 192.168.1.1 dev eth0  proto static
  src 10.2.0.3

# ip rule show
0:  from all lookup local
220:from all lookup 220
32766:  from all lookup main
32767:  from all lookup default

roadwarrior has a separate subnet 192.168.2.0/24 <http://192.168.2.0/24>
and is forwarding/NAT'ing packets.  When  I ping a host on the central
site LAN

- OUTPUT chain sees the source IP address as 10.2.0.3 (table 220 is
working!)
-  FORWARD chain sees the source IP address as 192.168.2.X  (host cannot
be reached until these packets are SNAT'ed to 10.2.0.3)




Richard Chan

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Testing

2016-10-28 Thread Andreas Steffen

Testing the availability of the strongSwan mailing list server.
Please disregard

Andreas

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Abbreviations

2016-10-13 Thread Andreas Steffen

Hi Brian,

CPRQ stands for Configuration Payload Request and
CPRP for Configuration Payload Response.

The following link defines the long and short form for the various
IKE payloads:

https://github.com/strongswan/strongswan/blob/master/src/libcharon/encoding/payloads/payload.c

and here the same for the notifications

https://github.com/strongswan/strongswan/blob/master/src/libcharon/encoding/payloads/notify_payload.c

and for the configuration attributes

https://github.com/strongswan/strongswan/blob/master/src/libcharon/attributes/attributes.c

Regards

Andreas

On 13.10.2016 09:41, Brian O'Connor wrote:

Hi,

In the logging output of IKE exchanges, the terms

[ HASH CPRQ(X_USER X_PWD) ]

[ HASH CPRP(X_USER X_PWD) ]

are often encountered.

What does CPRQ and CPRP stand for, please?  Is there a dictionary of strongSwan
abbreviations somewhere?

TIA,
Brian

___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users



--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Duplicate log entries using default configuration

2016-10-12 Thread Andreas Steffen

Hi James,

yes, with systemd and journalctl active you have to remove the
syslog daemon section from strongswan.conf. If you want to change
the defaults of the systemd logging you can do this in a charon.journal
section in strongswan.conf. And I personally prefer an additional
level 0 output going to auth.log. Here is an example of mine:

charon-systemd {
  journal {
default = 1
tnc = 2
imv = 2
pts = 2
  }
  syslog {
auth {
  default = 0
}
  }
}

Best regards

Andreas

On 12.10.2016 08:48, James Birkett wrote:

Out of the box I seem to get every log message from strongswan
duplicated, once logged by "charon", then again by "strongswan" after a
delay, e.g.

Oct 10 12:26:32 sapphire charon: 05[ENC] generating INFORMATIONAL_V1
request 1411728704 [ HASH N(DPD) ]

followed later by:

Oct 10 12:29:32 sapphire strongswan[19104]: 05[ENC] generating
INFORMATIONAL_V1 request 1411728704 [ HASH N(DPD) ]

I believe this is because the systemd unit file (strongswan.service) has
the line:
StandardOutput=syslog, causing systemd to relay everything to syslog,
but the default /etc/strongswan/strongswan.d/charon-logging.conf also
has a syslog section so charon logs directly to syslog itself as well.

I suspect the delay between the two copies of the log entries may be
related to buffering on standard out, since the logs from "strongswan"
always appear in batches with the same timestamp, but I'm not sure.

In my case I'm using strongswan-5.4.0 on Centos 7 from EPEL
http://koji.fedoraproject.org/koji/buildinfo?buildID=774748 but I have
checked the strongswan 5.5 tarball and it appears the systemd unit file
and charon-logging.conf are unchanged.

I'm not really sure if this is a bug or something specific to my syslog
configuration, but given that charon is logging to syslog itself in the
default configuration, would it make more sense to set "StandardOutput =
null" from the unit file instead? I have made this change on my own
system and it appears to have the desired result.

Thanks,

James Birkett



Scanned by CyberHound <http://cyberhound.com/>

*Confidentiality Notice:* This email, including any attachments, is
confidential and may be privileged. If you are not the intended
recipient please notify the sender immediately and delete it. You should
not copy it or use it for any purpose or disclose its contents to any
other person without CyberHound's prior written permission. CyberHound
Pty Ltd reserves the right to monitor all email communications passing
through its networks and devices.


___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] initialzing EAP TLS peer with a different IDi than the IDi used in teh first IKE AUTH message

2016-10-11 Thread Andreas Steffen
aaa_identity is used by an EAP client to verify the identity
in the TLS server certificate if it is different from the IKEv2
server certificate.

Regards

Andreas

On 11.10.2016 13:36, Ravi Kanth Vanapalli wrote:
> Adding option (3) here.
> 
> 3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id)
> 
> Which of the following identities (1),2 or 3 is used to fetch the
> private key in EAP_TLS authentcation.
> 
> 
> On Tue, Oct 11, 2016 at 7:28 AM, Ravi Kanth Vanapalli
> <vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>> wrote:
> 
> Sure Andreas. Thank you for this valuable input. I will give a try.
> 
> Could you please confirm the difference between 1 and 2 below
> 
> 1) auth->add(auth, AUTH_RULE_IDENTITY, id);
> 2) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id);
> 
> My understanding is that (1) is used to fill the IDi in the first
> IKE_AUTH message.
> Second one is used for Identitiy verification in EAP methods.  eg.
> EAP-TLS uses identity added in AUTH_RULE_EAP_IDENTITY for fetching
> the private certificate.
> (1) and (2) can be different.
> 
> Kindly confirm that my understanding is correct.
> 
> Thanks,
> Ravikanth
> 
> On Tue, Oct 11, 2016 at 3:54 AM, Andreas Steffen
> <andreas.stef...@strongswan.org
> <mailto:andreas.stef...@strongswan.org>> wrote:
> 
> Hi Ravi,
> 
> why don't you use the eap_identity parameter?
> 
> Regards
> 
> Andreas
> 
> On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote:
> > Hi all,
> >
> > I have a situation wherein I need to alter the IDi slightly
> before the
> > EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH
> message
> > should be different to IDi to be used for user private key
> lookup in the
> > EAP-TLS user authentication.
> >
> > I see that the API 'eap_tls_create_peer' is being used, to
> initialize
> > the peer identitiy in TLSplugin.
> > This is being registered with plugin eap_tls_plugin.c
> >
> > I am finding it difficult to know which module calls this API
> > eap_tls_create_peer to initialize EAP TLS peer identity.
> >
> > Kindly provide any inputs regarding my issue.
> >
> > Thank you very much.
> >
> > --
> > Regards,
> > RaviKanth
> 
> ==
> Andreas Steffen   
>  andreas.stef...@strongswan.org
> <mailto:andreas.stef...@strongswan.org>
> strongSwan - the Open Source VPN Solution! 
> www.strongswan.org <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========[ITA-HSR]==
> 
> 
> 
> 
> -- 
> Regards,
> 
> RaviKanth VN Vanapalli
> Email: vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>
> 
> 
> 
> 
> -- 
> Regards,
> 
> RaviKanth VN Vanapalli
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] initialzing EAP TLS peer with a different IDi than the IDi used in teh first IKE AUTH message

2016-10-11 Thread Andreas Steffen
Hi Ravi,

why don't you use the eap_identity parameter?

Regards

Andreas

On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote:
> Hi all,
> 
> I have a situation wherein I need to alter the IDi slightly before the
> EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH message
> should be different to IDi to be used for user private key lookup in the
> EAP-TLS user authentication.
> 
> I see that the API 'eap_tls_create_peer' is being used, to initialize
> the peer identitiy in TLSplugin.
> This is being registered with plugin eap_tls_plugin.c 
> 
> I am finding it difficult to know which module calls this API
> eap_tls_create_peer to initialize EAP TLS peer identity. 
> 
> Kindly provide any inputs regarding my issue.
> 
> Thank you very much.
> 
> -- 
> Regards,
> RaviKanth

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] MacOS 10.12 Sierra IKEv2 user/password auth

2016-10-09 Thread Andreas Steffen

Hi Pete,

there in no AUTH payload in the IKE_AUTH request. This means that
the Mac wants to do EAP-based username/password authentication but
your strongSwan server is not configured for EAP (e.g. EAP-MD5,
EAP-MSCHAPv2 or EAP-GTC).

Regards

Andreas

On 09.10.2016 18:37, Pete Ashdown wrote:

On 10/9/16 10:29 AM, Noel Kuntze wrote:

On 09.10.2016 18:23, Pete Ashdown wrote:

Has anyone actually gotten this to work?  I've tried both the Mac's gui
and Configurator program and a number of iterations of Strongswan
configs and I always end up with this error in the logs:

 charon: 10[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

I have no idea where to go from here.  A little help please?

You start reading the log lines above that message.


Thanks for your helpful response, but there is nothing there that sticks
out as to why the auth fails.  The prior auth entry looks like this:

charon: 10[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT)
N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6)
N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]

If you'd like me to paste the whole thing, I can do that, but I'm not
seeing any smoking guns.

Again, I ask if anyone has actually gotten user/password with IKEv2 to
work on Sierra.


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] file content is not binary ASN.1

2016-10-06 Thread Andreas Steffen

Hi Ravi,

: 08[ASN]   file content is not binary ASN.1

is just an informational message telling you that an
automatic conversion from PEM to ASN.1 format
is being tried. If the pem plugin is present then
this operation should succeed.

Regards

Andreas

P.S. Please do not cross-post to the developers list.


On 05.10.2016 22:07, Ravi Kanth Vanapalli wrote:

Hi all,
   I am trying to use TLS to setup a connection to a gateway
programmatically.

Used the code below.




 private_key_t *key;
char path[512]="/system/etc/user1_private.pem";
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
BUILD_FROM_FILE, path, BUILD_END);
if (!key) {
DBG1(DBG_DMN, "Parsing private key failed");
}


--
On running, I do not see "Parsing private key failed". But I see the
print as below


10-05 15:31:37.266  4630  4650 D : 08[ASN]   file content is not
binary ASN.1
10-05 15:31:37.266  4630  4650 D : 08[ASN]   -BEGIN RSA PRIVATE
KEY---
10-05 15:31:37.266  4630  4650 D : 08[ASN]   -END RSA PRIVATE
KEY-

My private key file is below. Can you help me find the issue

-BEGIN RSA PRIVATE KEY-
MIIEpAIBAAKCAQEAsVqa9nZctF/gxA26RTN3oSs6MbNiJYFP6jKpVJRAjflB17rC
7Pg6bf5NBr4SdgR0YyklI17wvzwEWxCDjJZHAw/CxeN/icSCsN6VehHoJ6ROhPOo
jdRs2MsyYyut8OZiSoG/jHVmLQWVgJIZvSOxxCGDj+xYqEbd6YhO8ejPrrh4v3/r
NJW6glu6PbbrgNfwtozMeNOQrXnETmSLBNJ5RlM+sntzivq6t8QJzDcjmf2OV3Xk
GwvNaLeOvoq55dbPf1wpuVyaU3npZphQe4EDsrX3p05DhYEW6rwUXc9iyF98D/HR
JTEnCN+Ri/pwXWyuUlEN/1Bq09nU/L6KfAQ8HwIDAQABAoIBADnNvhP2H+DqHufH
UZ6cV7E/1Ye9X4+5xcIfIPFgIGolg0A8rqttfB29dH1uFbZBXW20S1Zr6yto9EJ5
72Yy1JI64NB+hWLxmWbsJOvUSkYhVzYd9CHFynQeRh3sbpTFgeOmxjeRS+wAlemB
tMHgkF/MTITsEzlFX65trs1Jg+b9zc7wJs5ZeebBqw9m+Kn687MBDhOmx4uij59S
xP0ok2FnDlXNIEX1yLJpzSVPtEhhrFhcrFCq7LESUitZULoWD0v9VLaUVNe3n9yH
KPDRqu4lH5Y3bloI+Bx/hiZmxBCTV+kTF+4+PZJq1WzB6PCqmxNhN9zn+O7DDTzB
TSI/QoECgYEA34MnKE93DCNj4qL85NMCyCqo2ynsicqPBOtt1pZGXquYMbffefGx
kBl7BIpDfnn6077hWbTJzTeTO2gEXKcncQPWnDWCwIiCBbmgiec3k6WG+/Fki4mq
J+E1kO9eLn5Qw3uUzMNaey9P4kIore2zg7Ds42xHoNi7c3537evi6KsCgYEAyyHo
gz+gmIHr7mk6aKg6b4WydJuMYcB4g+sVt+JmUhhmfNAXx4MpKJo6c7jhgStAzXXD
d0FaYs4DfuU/ptcNmkmDPkVrpLj8NYHt7i2RZhULiObrY8iNRaW39LDUBvIkeuAr
JbuCJ7gYH8K7cnEF6/LvDsqllDUUEt+1I4UNIl0CgYEAkFyseOvCb3OYOzScdMsZ
W+G5yDxuy5yp/Tp2aggLkW/xUAN78s45qmHaw9btuw3cBNGfyYnsYYDItrD7SECq
R+N7xM8HEYXZvQrk9s0BZ3qdEbMbBsk2vqVGLMN+KDdrwKbcN9jhYvju9qtWjOgf
bypiBo3UQb5abEE+Asy9dRsCgYEAvDiBMAxnDKlmKhWLL6qh6vBheTcgjvs/ME1G
ZIr98Jf3bzOKtS3Nl3fBLbVkDsI7W6YBJqGB1Qe7qXtWzYt7aTkwySSeJ5XY7OOl
ygqjLYnWlFYUSvNsI9r4Z1zqOj1onArXMDFc2tz0TYmtEs+zgvwpkvUnE/tSzGJJ
f84ra2kCgYAY/qErTWgqRkc95A1qCyqsl/oU1swLMDmqe6F4rceFvdXuHkIyWGzL
Op8l/Nj1YzDRiGcQEyEooaGrgS1rvas2Q+nzxHMFBypVQsZE4y6F1qJ5dyr0xRGE
XeWrqWY/8UjLZzgDktjghg7DCoQEjI+c0rUs8ld6fFv4iK9ecI0Gng==
-END RSA PRIVATE KEY-



--
Regards,
RaviKanth VN Vanapalli



___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] need for openssl plugin use case

2016-10-05 Thread Andreas Steffen

Hi Ravi,

the crypto and signature functions are registered by the
openssl_plugin.c code, e.g. via the openssl_crypter_create()
function


https://github.com/strongswan/strongswan/blob/master/src/libstrongswan/plugins/openssl/openssl_plugin.c#L332

or the openssl_rsa_private_key_load() function


https://github.com/strongswan/strongswan/blob/master/src/libstrongswan/plugins/openssl/openssl_plugin.c#L470

crypters are instantiated using the global method

   lib->crypto->crypter_create()

made available by libstrongswan. An example can be found here:


https://github.com/strongswan/strongswan/blob/master/scripts/aes-test.c#L409

RSA private keys can be instantiated using the global method

   lib->creds->create()

made available by libstrongswan. An example can be found here:

https://github.com/strongswan/strongswan/blob/master/scripts/pubkey_speed.c#L85

Hope this helps.

Andreas

On 05.10.2016 15:29, Ravi Kanth Vanapalli wrote:

Hi,
 I have one query regarding the use of openssl plugin.
 I want to write an android plugin which makes use of strongswan
openssl plugin more specifically I was looking to use
'openssl_rsa_private_key_load' in openssl.

 From the link below
https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist

openssl s   Crypto backend based on OpenSSL, provides
RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG



But in the strongswan-master code repo, i see no reference to open-ssl
plugin .

eg. openssl_crypter_create function in openssl_crypter.c

I am expecting this crypter to be created in someother module which
needs to encrypt.
I see no references to any code calling openssl_crypter_create.

Kindly provide me code references how to use API's provided by openssl
plugin.
Any sample example would be highly appreciated.

--
Regards,
RaviKanth



___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users



--
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Strongswan 5.4 issue using certificates

2016-09-16 Thread Andreas Steffen
Hi Rajeev,

yes, you have to load the private key file in your management tool
and transfer it via the VICI interface as a binary blob.

Regards

Andreas

On 15.09.2016 21:20, rajeev nohria wrote:
> Anderas, 
> 
> When using davici- 
> For the loading of private rsa keys, that has to be loaded like the
> certificate?
> 
> Thanks,
> Rajeev
> 
> On Thu, Sep 15, 2016 at 3:19 PM, rajeev nohria <rajnoh...@gmail.com
> <mailto:rajnoh...@gmail.com>> wrote:
> 
> Anderas, 
> 
> For the loading of private rsa keys, that has to be loaded like the
> certificate?
> 
>     Thanks,
> Rajeev
> 
> On Thu, Aug 4, 2016 at 12:16 AM, Andreas Steffen
> <andreas.stef...@strongswan.org
> <mailto:andreas.stef...@strongswan.org>> wrote:
> 
> Hi Rajeev,
> 
> different to the stroke protocol and ipsec.conf where the filename
> of the certificate gets transferred via the stroke socket and the
> charon daemon loads the certificate, vici transfers the certificate
> itself either as a binary DER or a base64-endocded PEM blob. Thus
> your management application has to load the certificate and transfer
> it over the vici socket using davici.
> 
> Regards
> 
> Andreas
> 
> On 04.08.2016 05:03, rajeev nohria wrote:
> > Thanks Andreas,
> >
> > It worked, I know started to implement in Davici. I had PSK working 
> in
> > Davici. With certificates, I am having  following issue during
> > parse_certs().
> >
> > 09[LIB]   file coded in unknown format, discarded
> > 09[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders
> >
> >
> >
> > Corresponding code is for Davici is
> > davici_list_start(r,"certs");
> >
> > 
> davici_list_itemf(r,"%s","/usr/local/etc/swanctl/x509/hostCert.pem");
> > davici_list_end(r);
> >
> >
> > I have tried file name with and without path.
> >
> > certs = hostCert.pem worked in swanctl.conf as attached in previous 
> email.
> >
>     >
> > Do you know what could be issue here? Looks like software is not 
> able to
> > recognize the pem format but again it worked when using 
> swanctl.conf file.
> >
> > Thanks,
> > Rajeev
> >
> >
> > On Tue, Aug 2, 2016 at 5:41 AM, Andreas Steffen
> > <andreas.stef...@strongswan.org
> <mailto:andreas.stef...@strongswan.org>
> <mailto:andreas.stef...@strongswan.org
> <mailto:andreas.stef...@strongswan.org>>>
> > wrote:
> >
> > Hi,
> >
> > according to your log, the initiator and responder create
> their
> > own Root CA certificate and store it locally in
> > /usr/local/etc/swanctl/x509ca. Therefore it is not surprising
> > that no trust into the received host certificate can be
> established
> > because it has been signed with the private key of a different
> > root CA (although the Distinguished Name of the issuer is
> the same).
> >
> > Fix: Generate only one private key and matching self-signed
> > Root CA certificate. Use the private Root CA key to sign both
> > initiator and responder host certificates and deploy the
> Root CA
> > certificate on both hosts.
> >
> > Best regards
> >
> > Andreas
> >
> > On 01.08.2016 21:24, rajeev nohria wrote:
> > >
> > > I was able to establish IKE connection using PSK but
> when using pubkey I
> > > am not able to able to establish the IKE connection.
> > >
> > > When I issue sudo swanctl --initiate --child net
> > >
> > >
> > > At receptor, it returns the Auth_failed.  Please see the
> swanctl.conf,
> > > strongswan.conf and charon.log.
> > >
> > > Aug  1 12:09:21 12[CFG] <rw|1> no issuer certificate
> found for "C=US,
> > > ST=MA, L=Lowell, O=Arris, CN=10.13.199.1

Re: [strongSwan] Empty CRL cache

2016-09-13 Thread Andreas Steffen
> 2016-09-09T14:35:48.993709+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> authentication of 'C=FR, L=Toulouse, O=Education Nationale,
>> OU=ac-toulouse, OU=0002 110043015, CN=0120101V-01-TEST.ac-toulouse.fr'
>> with RSA signature successful
>> 2016-09-09T14:35:48.993915+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> IKE_SA
>> aca.sphynx-default-2.6.0-etb1.amon-default-2.5.2_1-admin-reseau_eth1[1]
>> established between 192.168.0.11[C=FR, L=Dijon, O=Education Nationale,
>> OU=0002 110043015, CN=sphynx.ac-test.fr]...192.168.0.31[C=FR,
>> L=Toulouse, O=Education Nationale, OU=ac-toulouse, OU=0002 110043015,
>> CN=0120101V-01-TEST.ac-toulouse.fr]
>> 2016-09-09T14:35:48.994137+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> IKE_SA
>> aca.sphynx-default-2.6.0-etb1.amon-default-2.5.2_1-admin-reseau_eth1[1]
>> established between 192.168.0.11[C=FR, L=Dijon, O=Education Nationale,
>> OU=0002 110043015, CN=sphynx.ac-test.fr]...192.168.0.31[C=FR,
>> L=Toulouse, O=Education Nationale, OU=ac-toulouse, OU=0002 110043015,
>> CN=0120101V-01-TEST.ac-toulouse.fr]
>> 2016-09-09T14:35:48.994316+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> scheduling reauthentication in 10146s
>> 2016-09-09T14:35:48.994585+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> maximum IKE_SA lifetime 10686s
>> 2016-09-09T14:35:48.994955+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> CHILD_SA
>> aca.sphynx-default-2.6.0-etb1.amon-default-2.5.2_1-admin-reseau_eth1{1}
>> established with SPIs ccdd7bb4_i c01e70f1_o and TS 172.30.101.0/24 ===
>> 10.1.1.0/24
>> 2016-09-09T14:35:48.995159+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> CHILD_SA
>> aca.sphynx-default-2.6.0-etb1.amon-default-2.5.2_1-admin-reseau_eth1{1}
>> established with SPIs ccdd7bb4_i c01e70f1_o and TS 172.30.101.0/24 ===
>> 10.1.1.0/24
>> 2016-09-09T14:35:48.995469+02:00 sphynx.ac-test.lan charon: 11[IKE]
>> received AUTH_LIFETIME of 10248s, scheduling reauthentication in 9708s
>>
>>
>> CRL cache is not empty with Ubuntu 14.04 and strongSwan version
>> 5.1.2-0ubuntu2.4 and the same configuration. I can see this line in log
>> file :
>> 2016-09-09T13:39:42.728748+02:00 amon.etb1.lan charon: 21[CFG]   written
>> crl file
>> '/etc/ipsec.d/crls/cc2e370f06b2b9b5e92dffbe5237c61db4b70717.crl' (1307
>> bytes)
>> ls -l /etc/ipsec.d/crls/
>> total 4
>> -rw-r--r-- 1 root root 1307 sept.  9 13:39
>> cc2e370f06b2b9b5e92dffbe5237c61db4b70717.crl
>>
>>
>> Perhaps, something is wrong in my strongSwan  configuration ?
>>
>>
>> Regards,
>> Fabrice Barconnière
>> http://pcll.ac-dijon.fr/eole/
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> 
> 
> -- 
> Cordialement,
> Fabrice Barconnière
> Pôle logiciels libres - EOLE
> 
> 
> 
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] TPM Owner password in strongswan IMC

2016-08-12 Thread Andreas Steffen
Hi Vikas,

there is currently no provision to use a non-default password.
Putting the TPM owner password into strongswan.conf wouldn't make
any sense so some kind of password-prompting mechanism would have
to be built into the IMC. Or if the IMV would transmit the password
via an IF-M attribute to the IMC, this would give the IMC on the
client a chance to retrieve the password.

Best regards

Andreas

On 08/12/2016 05:09 PM, Charak, Vikas wrote:
> 
> Hi StrongSwan Team,
> 
> I have a question regarding Attestation using IMC/IMV. On properly
> configuring attestation plugin in StrongSwan client, I do see that TPM
> quotes being send to the StrongSwan server.
> 
> This all works fine if you are using default TPM owner and SRK auth at
> the client side. Is there a provision in StrongSwan  to use a
> non-default password for TPM owner authentication? If yes, is there a
> configuration in strongswan to set the TPM Owner password?
> 
> Regards,
> 
> Vikas

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] sha256 failing with netlink error

2016-08-11 Thread Andreas Steffen

Hi Lakshmi,

SHA-256 was implemented incorrectly for ESP with a 96 bit instead
of the standard 128 bit truncation in Linux kernels older than
2.6.33.

Workarounds:

1) Update to a kernel >= 2.6.33 (2.6.21 is ancient!)

2) If you run strongSwan on both VPN end points you can select the
   incorrect non-standard 96 bit truncation size by configuring

   esp=aes128-sha256_96

   In order for this non-standard algorithm ID to be accepted it might
   also be necessary to activate the sending of the strongSwan vendor id
   by setting

   charon {
 send_vendor_id = yes
   }

   in /etc/strongswan.conf

Regards

Andreas

On 12.08.2016 03:04, Lakshmi Prasanna wrote:

Experts,

Need urgent help.

When I try to use strongswan with SHA256, I see that the negotiation
fails at child SA creation time. I am using
strongSwan 5.1.3, Linux 2.6.21 version). Following is the log:

arsed CREATE_CHILD_SA response 4 [ N(USE_TRANSP) SA No TSi TSr ]

received netlink error: Invalid argument (22)

unable to add SAD entry with SPI c28f19c1

received netlink error: Invalid argument (22)

unable to add SAD entry with SPI c088894f

unable to install inbound and outbound IPsec SA (SAD) in kernel

failed to establish CHILD_SA, keeping IKE_SA

sending DELETE for ESP CHILD_SA with SPI c28f19c1


I have already tried the changes mentioned in
https://lists.strongswan.org/pipermail/users/2013-September/005203.html
and it doesnt seem to work.

Is there any other fix for this issue?

Rgds,

Lakshmi


==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Authentication algoritm supported by strongSwan

2016-08-05 Thread Andreas Steffen
Hi Codrut,

no strongSwan does not support the ESP authentication algorithm
HMAC-RIPEMD-160-96.

Regards

Andreas

On 05.08.2016 13:41, Codrut Grosu wrote:
> Hi,
> 
> 
> Is the next algorithm supported by strongSwan : MAC-RIPMED-160-96
> [RFC2857] ?
> 
> 
> The name is from wireshark ESP decryption table.
> 
> 
> Cheers,
> 
> Codrut.
> 
> 
> 
> ___
> Users mailing list
> Users@lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
> 

-- 
==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Strongswan not sending encryption algorithm

2016-08-05 Thread Andreas Steffen

Hi Lakshmi,

yes, your understanding is correct. Since AES-GCM is an
authenticated encryption algorithm, you don't need an
additional integrity protection function. Thus

Valid IKEv1 combo:
--

keyexchange=ikev1
ike=aes256-sha256-modp2048!
esp=aes256gcm128!


Valid IKEv2 combo:
--

keyexchange=ikev2
ike=aes256gcm128-prfsha256-modp2048!
esp=aes256gcm128!

Regards

Andreas

On 05.08.2016 10:41, Lakshmi Prasanna wrote:

Thank you for the reply Andreas.

Can you please validate my understanding?

Valid combo:
---

keyexchange=ikev1

ike=aes256-sha256-modp2048!

esp=aes256gcm128-sha256!


Invalid combo:


keyexchange=ikev1

ike=aes256gcm128-sha256-modp2048!

esp=aes256gcm128-sha256!


Thanks,

Lakshmi


On Fri, Aug 5, 2016 at 1:49 PM, Andreas Steffen
<andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>>
wrote:

Hi Lakshmi,

The old IKEv1 protocol does not support AES-GCM for IKE since
IANA hasn't assigned any encryption transform numbers:


http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-4

<http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-4>

AES-GCM can be used for IKE protection with IKEv2, only:


http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5

<http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5>

Anyway, you profit from the speed advantage of AES-GCM mainly
with ESP because many payload packets must be processed.
AES-GCM for ESP can be negotiated both via IKEv1 and IKEv2.

Regards

Andreas

On 08/05/2016 08:42 AM, Lakshmi Prasanna wrote:
 > Hi Team,
 >
 > I am trying to use AES-GCM with IKEV1 and see that strongswan
does not
 > send the encryption algorithm.
 >
 > Is there any plugin or knob to enable the same?
 >
 > Logs:
 >
 > 
 >
 > received proposals: IKE:HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
 >
 > configured
 >
proposals:IKE:AES_GCM_16_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
 >
 >
 > Thanks and Regards,
 >
 > Lakshmi

    ==
Andreas Steffen andreas.stef...@strongswan.org
<mailto:andreas.stef...@strongswan.org>
strongSwan - the Open Source VPN Solution! www.strongswan.org
<http://www.strongswan.org>
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==




--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Strongswan not sending encryption algorithm

2016-08-05 Thread Andreas Steffen
Hi Lakshmi,

The old IKEv1 protocol does not support AES-GCM for IKE since
IANA hasn't assigned any encryption transform numbers:

http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-4

AES-GCM can be used for IKE protection with IKEv2, only:

http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5

Anyway, you profit from the speed advantage of AES-GCM mainly
with ESP because many payload packets must be processed.
AES-GCM for ESP can be negotiated both via IKEv1 and IKEv2.

Regards

Andreas

On 08/05/2016 08:42 AM, Lakshmi Prasanna wrote:
> Hi Team,
> 
> I am trying to use AES-GCM with IKEV1 and see that strongswan does not
> send the encryption algorithm. 
> 
> Is there any plugin or knob to enable the same?
> 
> Logs:
> 
> 
> 
> received proposals: IKE:HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> 
> configured
> proposals:IKE:AES_GCM_16_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
> 
> 
> Thanks and Regards,
> 
> Lakshmi

==========
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Drop data traffic if ipsec is not present

2016-08-04 Thread Andreas Steffen
Hi Sarat,

leftfirewall=yes installs and removes dynamic IPsec policy
iptables rules guaranteeing that only traffic coming or going
into an IPsec tunne are forwarded.

Regards

Andreas

On 04.08.2016 14:00, Sarat Vajrapu wrote:
> Hi Andreas,
> 
> Thanks for the inputs.
> 
> I was expecting leftfirewall=yes would take care of adding default
> policies for IKE, ESP and drop traffic.
> From your explanation, I understood that we need to explicitly configure
> iptables. So what does leftfirewall actually do? 
> 
> Regards,
> Sarat Vajrapu
> 
> On Tue, Aug 2, 2016 at 2:50 PM, Andreas Steffen
> <andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>>
> wrote:
> 
> Hi Sarat,
> 
> leftfirewall=yes is the right way to go. Just set up a
> general drop policy with iptables, just allowing IKE
> traffic via UDP ports 500 and 4500 as well as allowing
> ESP (IP protocol 50). Also make sure that the updown
> plugin is loaded by the charon daemon.
> 
> Best regards
> 
> Andreas
> 
> On 01.08.2016 09:21, Sarat Vajrapu wrote:
> > Hi,
> >
> > I am trying a lab setup with IPsec between two nodes.
> > Is there a way where I can send/receive data packets only if ipsec is
> > UP, else just drop the traffic?
> >
> > I tried "leftfirewall" option but it did not help me.
> > Your inputs are highly appreciated.
> >
> > Regards,
> > Sarat
> >
> >
> > ___
> > Users mailing list
> > Users@lists.strongswan.org <mailto:Users@lists.strongswan.org>
> > https://lists.strongswan.org/mailman/listinfo/users
> >
> 
> --
> ==
> Andreas Steffen   
>  andreas.stef...@strongswan.org <mailto:andreas.stef...@strongswan.org>
> strongSwan - the Open Source VPN Solution! 
> www.strongswan.org <http://www.strongswan.org>
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===[ITA-HSR]==
> 
> 

-- 
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution!  www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==



smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

  1   2   3   4   5   6   7   8   9   10   >