[strongSwan] REKEYING, IKEv1, forever

2018-03-23 Thread karthik kumar 
Hi,
  I am setting up route based VPN, the service starts up and VPN tunnel is
created

I have add=route and it should have setup the trap and automatically up'd
the tunnel, (i am running a ping) not sure why it didn't do

*initiating Main Mode IKE_SA Tunnel1[1] to *
*generating ID_PROT request 0 [ SA V V V V V ]*
*sending packet: from [500] to [500] (240 bytes)*
*received packet: from [500] to [500] (120 bytes)*
*parsed ID_PROT response 0 [ SA V V ]*
*received NAT-T (RFC 3947) vendor ID*
*received FRAGMENTATION vendor ID*
*generating ID_PROT request 0 [ KE No NAT-D NAT-D ]*
*sending packet: from [500] to [500] (308 bytes)*
*received packet: from [500] to [500] (368 bytes)*
*parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]*
*received Cisco Unity vendor ID*
*received XAuth vendor ID*
*received unknown vendor ID:
ec:1a:31:1f:a7:a0:7c:e7:04:8f:96:31:e0:51:78:f2*
*received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00*
*generating ID_PROT request 0 [ ID HASH ]*
*sending packet: from [500] to [500] (76 bytes)*
*received packet: from [500] to [500] (92 bytes)*
*parsed ID_PROT response 0 [ ID HASH V ]*
*received DPD vendor ID*
*IKE_SA Tunnel1[1] established between []...[]*
*generating QUICK_MODE request 2763822149 [ HASH SA No KE ID ID ]*
*sending packet: from [500] to [500] (380 bytes)*
*received packet: from [500] to [500] (92 bytes)*
*parsed INFORMATIONAL_V1 request 1304498435 [ HASH N((24576)) ]*
*received (24576) notify*
*received packet: from [500] to [500] (396 bytes)*
*parsed QUICK_MODE response 2763822149 [ HASH SA No KE ID ID N((24576)) ]*
*received 28800s lifetime, configured 0s*
*CHILD_SA Tunnel1{2} established with SPIs c9d21ed5_i a0429fc7_o and TS
10.131.0.0/24  === 10.49.0.0/16 *
*connection 'Tunnel1' established successfully*


Tunnel1 is in *REKEYING *state forever. Can someone help in understanding
why this is happening ?


*# swanctl --list-sas*
*Tunnel1: #2, ESTABLISHED, IKEv1, 9303a91759fd0ade:f595d3cea90f3978*
*  local  '' @ *
*  remote '' @ *
*  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536*
*  established 2262s ago*
*  Tunnel1: #2, reqid 1, INSTALLED, TUNNEL,
ESP:AES_CBC-256/HMAC_SHA1_96/MODP_1536*
*installed 2262s ago*
*in  cc71fb62,  0 bytes, 0 packets*
*out 7b6dd570, 185556 bytes,  2209 packets*
*local  10.131.0.0/24 *
*remote 10.49.0.0/16 *
*Tunnel1: #1, REKEYING, IKEv1, cb22de82b36ddf5a:882d6338ccc0a906*
*  local  '' @ *
*  remote '' @ *
*  AES_CBC-256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536*



*# strongswan  statusall*
*Status of IKE charon daemon (strongSwan 5.3.2, Linux 4.9.82-, x86_64):*
*  uptime: 3 minutes, since Mar 23 11:46:46 2018*
*  malloc: sbrk 405504, mmap 0, used 354208, free 51296*
*  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0*
*  loaded plugins: charon aes des rc2 sha1 sha2 md4 md5 random nonce x509
revocation constraints acert pubkey pkcs1 pkcs8 pgp dnskey sshkey pem
fips-prf gmp xcbc cmac hmac ctr ccm curl attr kernel-netlink resolve
socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc
eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam
xauth-noauth dhcp*
*Listening IP addresses:*
**
*Connections:*
* Tunnel1:  ...  IKEv1*
* Tunnel1:   local:  [] uses pre-shared key authentication*
* Tunnel1:   remote: [] uses pre-shared key authentication*
* Tunnel1:   child:  10.131.0.0/24  ===
10.49.0.0/16  TUNNEL*
*Routed Connections:*
* Tunnel1{1}:  ROUTED, TUNNEL, reqid 1*
* Tunnel1{1}:   10.131.0.0/24  === 10.49.0.0/16
*
*Security Associations (0 up, 0 connecting):*
*  none*


Here is my configs


*config setup*
*  uniqueids=no*

*conn Tunnel1*
*  fragmentation=yes*
*  ikelifetime=60m*
*  keyingtries=%forever*
*  keyexchange=ikev1*
*  authby=secret*
*  leftauth=psk*
*  rightauth=psk*
*  aggressive=no*
*  dpddelay=60*
*  dpdtimeout=300*
*  esp=aes256-sha1-modp1536*
*  lifetime=3600*
*  ike=aes256-sha1-modp1536*
*  ikelifetime=86400*
*  auto=route*
*  left=*
*  right=*
*  leftsubnet=10.131.0.0/24 *
*  rightsubnet=10.49.0.0/16 *
*  mark=100*
*  leftupdown="/etc/init.d/updown.sh -ln Tunnel1 -ll 169.254.4.1/30
 -lr 169.254.4.2/30  -m 100
-r 10.49.0.0/16 "*

*# ip tunnel show Tunnel1*
*Tunnel1: ip/ip  remote   local   ttl inherit  nopmtudisc key 100*

*iptables*
*-A INPUT -s /32 -d /32 -p esp -j MARK --set-xmark 0x64/0x*
*-A INPUT -s /32 -d /32 -p esp -j MARK --set-xmark 0x64/0x*
*-A FORWARD -o Tunnel1 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS

Re: [strongSwan] 2 factor in mac os x with native ikev2

2018-03-04 Thread karthik kumar 
Thanks Volodymyr.
I tried with strongswan app
https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX but "Currently
supported are IKEv2 connections using EAP-MSCHAPv2 or EAP-MD5 client
authentication"


Thanks

On Sun, Mar 4, 2018 at 7:44 PM, Volodymyr Litovka <doka...@gmx.com> wrote:

> Hi Karthik,
>
> see below
>
> On 3/4/18 1:23 PM, karthik kumar wrote:
>
> Hi,
>Is it possible to do two factor authentication with Mac OS X's IKEv2
> native client ? As far as I searched,
>
> a) with strongswan client in osx its possible with eap-gtc and pam + oath
> but native client leftauth is always eap-mschapv2 (also confirmed here
> <https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile#Authentication-options>
> )
>
> b) as per this mail
> <https://lists.strongswan.org/pipermail/users/2012-March/002656.html> its
> not possible to combine mschapv2 with pam.
>
> c) as per this explanation
> <http://lists.freeradius.org/pipermail/freeradius-users/2016-June/083723.html>
>  the
> problem that needs to be solved is *HASH( pw+otp) != HASH(pw) + HASH
> (otp). *I am not sure it can be done with strongswan
>
> question:
> a) on the server is there a way we can do two factor auth with
> eap-mschapv2 ?
>
> if you will find ways to transfer cleartext passwords from client
> (impossible with with mschapv2), you can use eap-radius plugin to forward
> requests to FreeRadius in order to do 2f auth, as explained here
> http://www.supertechguy.com/help/security/freeradius-google-auth
>
> or
> b) on the osx native client is there a way we can use eap-gtc with native
> client ?
>
> it seems that native client support nothing except mschapv2
>
>
> --
> Volodymyr Litovka
>   "Vision without Execution is Hallucination." -- Thomas Edison
>
>

[strongSwan] 2 factor in mac os x with native ikev2

2018-03-04 Thread karthik kumar 
Hi,
   Is it possible to do two factor authentication with Mac OS X's IKEv2
native client ? As far as I searched,

a) with strongswan client in osx its possible with eap-gtc and pam + oath
but native client leftauth is always eap-mschapv2 (also confirmed here

)

b) as per this mail
 its
not possible to combine mschapv2 with pam.

c) as per this explanation

the
problem that needs to be solved is *HASH( pw+otp) != HASH(pw) + HASH (otp).
*I am not sure it can be done with strongswan

question:
a) on the server is there a way we can do two factor auth with eap-mschapv2
?
or
b) on the osx native client is there a way we can use eap-gtc with native
client ?


Thanks

Re: [strongSwan] osx Sierra ikev2 connection successful but no traffic

2018-02-15 Thread karthik kumar 
Thanks for your response. I did fix that by changing to 0.0.0.0/0 ..

On Thu, Feb 15, 2018 at 2:50 PM, Tobias Brunner 
wrote:

> Hi Karthik,
>
> > CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
> 10.244.15.1/32 === 0.0.0.0/32
>
> This remote traffic selector (0.0.0.0/32) doesn't look right.  This
> should probably be 0.0.0.0/0.  Since your client config looks OK, check
> how the server is configured.
>
> Regards,
> Tobias
>

Re: [strongSwan] Pre-shared secret and digital certificate simultaneously

2018-02-13 Thread karthik kumar 
You can have server (responder) authenticate itself using certificate and
client (initiator) authenticate using PSK

something like this,

client
  leftauth=secret
  rightauth=pubkey

server
  leftauth=pubkey
  rightauth=secret


Yes you put both the entries in ipsec.secrets

: RSA  
: PSK 


Thanks




On Wed, Feb 7, 2018 at 6:33 AM, Newton, Benjamin David 
wrote:

> Can anyone tell me if strongswan is able to support Authentication using
> both a pre-shared secret and a digital certificate simultaneously?
>
>
> If so, can you give me any pointers on how to configure such a connecton?
> Do you keep authby=secret line?  Do you put both entries in the
> ipsec.secrets file?
>
>
> Thanks,
>
>   Ben Newton
>

[strongSwan] osx Sierra ikev2 connection successful but no traffic

2018-02-13 Thread karthik kumar 
Hi,
  I have successful connection from my Sierra Mac using strongswan-5.6.1 to
our vpn server

$ sudo ipsec up  vpn
Password:
initiating IKE_SA vpn[2] to 
*...*
*installing 10.245.250.251 as DNS server*
*installing 10.245.250.227 as DNS server*
*installing new virtual IP 10.244.15.1*
*created TUN device: utun2*
*CHILD_SA vpn{2} established with SPIs c13091e4_i c869298c_o and TS
10.244.15.1/32  === 0.0.0.0/32 *
*connection 'vpn' established successfully*

$ ifconfig utun2
utun2: flags=8051 mtu 1500
options=6403
inet 10.244.15.1 --> 10.244.15.1 netmask 0xff00

but no traffic is flowing, can't reach hosts/internet. Actually I am not
able to ping the VIP itself

$ ping 10.244.15.1
*PING 10.244.15.1 (10.244.15.1): 56 data bytes*
*Request timeout for icmp_seq 0*
*Request timeout for icmp_seq 1*
*^C*
*--- 10.244.15.1 ping statistics ---*
*3 packets transmitted, 0 packets received, 100.0% packet loss*

initiator configurations

config setup

conn %default
compress=yes
ikelifetime=20h
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2

conn vpn
left=%any
leftid=kart...@altiscale.com
rightid=@vpn02.rt1.altiscale.com
rightauth=pubkey
leftsourceip=%config
rightsubnet=0.0.0.0/0
auto=add
ike=aes256-sha512-modp4096!
esp=aes128-sha512!

The same configs work well on a linux initiator.

Any suggestions please ? Please let me know if you need more info

Thanks

Re: [strongSwan] questions on eap-gtc and xauth

2018-02-08 Thread karthik kumar 
any help on this ?

On Thu, Feb 8, 2018 at 8:54 PM, karthik kumar <kumarkarth...@gmail.com>
wrote:

> Hi,
>We are setting up oath based VPN connection with pam_oath
>
> I have setup in my local with the Xauth config something like this
>
> reponder
> leftauth=pubkey
> rightauth=pubkey
> rightauth2=xauth-pam
>
> initiator
> leftauth=pubkey
> rightauth=pubkey
> leftauth2=xauth
> xauth=client
> xauth_identity=
>
> and it works well and then I came across the eap-gtc plugin,
> a. can someone advice on why would anyone use eap-gtc when xauth works
> well for authenticating user/pass. Is it because xauth can use only ikev1 ?
> b. also if I use eap-gtc the (pam)backend is still xauth-pam right. so
> why would anyone use it
> c. how do I run ikev1 (xauth) and ikev2 (eap-gtc) at the same time ? any
> sample configuration will be helpful
>
> Thanks
>
>
>
>

[strongSwan] questions on eap-gtc and xauth

2018-02-08 Thread karthik kumar 
Hi,
   We are setting up oath based VPN connection with pam_oath

I have setup in my local with the Xauth config something like this

reponder
leftauth=pubkey
rightauth=pubkey
rightauth2=xauth-pam

initiator
leftauth=pubkey
rightauth=pubkey
leftauth2=xauth
xauth=client
xauth_identity=

and it works well and then I came across the eap-gtc plugin,
a. can someone advice on why would anyone use eap-gtc when xauth works well
for authenticating user/pass. Is it because xauth can use only ikev1 ?
b. also if I use eap-gtc the (pam)backend is still xauth-pam right. so why
would anyone use it
c. how do I run ikev1 (xauth) and ikev2 (eap-gtc) at the same time ? any
sample configuration will be helpful

Thanks

Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185

2017-08-22 Thread karthik kumar 
Hi Tobias,
   Thanks for the answer. So it looks like for us, by default, openssl
plugin does all the job (overriding gmp) which means almost invulnerable (
*almost* because rare case of openssl can't verify signature and so gmp
takes over) of CVE-2017-11185. woohooo !!!


Regards

On Tue, Aug 22, 2017 at 12:37 PM, Tobias Brunner 
wrote:

> Hi Karthik,
>
> > * I have increased the priory of gmp plugin, but openssl is loaded at
> > the last. I am thinking whichever is loaded last will override ?
>
> It's the other way around:  The first implementation registered will be
> used.  Unless it fails to load the key, then the next registered
> implementation will be considered.  The latter could also happen if you
> load a private key without specific type and don't have the pkcs1 plugin
> loaded, only the openssl plugin can load such keys directly, the others
> need the pkcs1 plugin to detect the type (or even to pre-parse the key).
>
> > * when both plugins have priority = 1 (load = yes) openssl is loaded
> > first and then gmp.
>
> That's due to the default plugin list (built by the configure script),
> which is used to order the plugins if they have the same priority.
>
> Regards,
> Tobias
>

Re: [strongSwan] User openssl's PUBKEY_VERIFY instead of gmp's for CVE-2017-11185

2017-08-21 Thread karthik kumar 
Thanks for your answer. I have a one further question,

I increased the priority of gmp plugin,
*/etc/strongswan/strongswan.d/charon/gmp.conf: load = 2 *

*/etc/strongswan/strongswan.d/charon/openssl.conf: load = yes*

and it results in gmp plugin loading first and then openssl, sample log line


*Aug 20 03:48:20 00[LIB] loading feature
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256 in plugin 'gmp' *

*Aug 20 03:48:20 00[LIB] loading feature
PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256 in plugin 'openssl'*

Does this mean *PUBKEY_VERIFICATION *will be done by openssl or gmp plugin
? I am confused because,
* I have increased the priory of gmp plugin, but openssl is loaded at the
last. I am thinking whichever is loaded last will override ?
* when both plugins have priority = 1 (load = yes) openssl is loaded first
and then gmp.


Thanks


On Sun, Aug 20, 2017 at 8:22 PM, karthik kumar <kumarkarth...@gmail.com>
wrote:

>
> On Sun, 20 Aug 2017 at 8:06 PM, Noel Kuntze <noel.kuntze+strongswan-users-
> ml@thermi.consulting> wrote:
>
>>
>>
>> On 20.08.2017 09:49, karthik kumar wrote:
>> > Hi,
>> >We are trying to mitigate CVE-2017-11185. We use older than 5.6.0
>> version of strongswan and upgrading will take significant time/effort.
>> >
>> Why don't you patch?
>>
>> > The vulnerability is while gmp plugin doing signature verification, and
>> I found that the same feature is provided by openssl (and gcrypt) so our
>> plan is to use openssl plugin,
>> > /
>> > /
>> > /OPENSSL is enabled /
>> > /Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
>> in plugin 'openssl'/
>> > /Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
>> in plugin 'openssl'/
>> > /Aug 19 19:14:41 00[LIB] loading feature 
>> > PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
>> in plugin 'openssl'/
>> > /Aug 19 19:14:41 00[LIB] loading feature 
>> > PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
>> in plugin 'openssl'/
>> > /Aug 19 19:14:41 00[LIB] loading feature 
>> > PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
>> in plugin 'openssl'/
>> > / /
>> > /
>> > /
>> > /GMP/
>> > Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
>> in plugin 'gmp'
>> > Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
>> in plugin 'gmp'
>> > Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
>> in plugin 'gmp'
>> > Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
>> in plugin 'gmp'
>> > Aug 19 19:14:41 00[LIB] loading feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
>> in plugin 'gmp'
>> > ... 
>> >
>> > I have a couple of questions,
>> > a. how do I determine if its safe to disable (load = no) the gmp plugin
>> ? I compared all features of GMP listed in the log against openssl plugin
>> features, and all of them are available in Openssl plugin. Is that enough
>> or anything else I should consider checking before turning off gmp plugin ?
>> (i have tested disabling gmp in my local and esp packets are created and
>> sent properly)
>> >
>> Your testing is faulty. strongSwan does not send ESP packets or does any
>> traffic processing. It only sets up SAs and SPs. You need to check if the
>> key exchange works.
>>
>> > b. I tried to increase the priority of openssl (load = 2) plugin. But I
>> can't find a way to verify that signature verification is done by openssl
>> plugin and not gmp plugin. Is there a way I can verify that ? (or rather
>> how do I verify which plugin is executing certain feature when the same
>> feature is provided by two loaded plugins)
>> >
>> AFAIK There is no way to check that as of now. The logs mention the order
>> of the plugins when they are loaded, if the logger configuration is
>> correct. You can use the logs to figure out what plugin provides the
>> functionality (it's the one that is loaded first).
>>
>> > Thanks
>> >
>>
>>