[Swan] Opportunistic Encryption in VirtualBox

Fri, 07 Dec 2018 06:01:24 -0800 

Hello,


I'm working on setting up a libreswan testbed in VirtualBox with two virtual 
machines utilizing opportunistic encryption. I'm following the guide here: 
https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec


I've made a good amount of progress, but have had a few gotchas along the way, 
and am ultimately blocked; I'm listing the gotchas to hopefully help someone 
else trying to do the same thing.


1) Both "rightauth" and "leftauth" need to be set to "rsasig" in 
/etc/ipsec.d/oe-certificate.conf.

2) In VirtualBox, I'm using an internal network to connect the two machines 
which isn't exposed to the host machine. Since the default route for VirtualBox 
VMs is eth0, I had to configure IPSec to run on the eth1 interface by 
specifying 'interfaces="ipsec0=eth1"'.

3) Since I'm using a network interface other than the %defaultroute, it seems I 
had to manually set "left=<eth1 ip>" in oe-certificate.conf. Is there a more 
elegant way to accomplish this? (like, a %ipsec0 magic, which I tried out of 
curiosity but didn't work. Couldn't find more documentation on that.).


Once that's all done and ipsec is restarted, I ping one machine from the other, 
and get the following result in the pluto logs:


dest (192.168.50.2):


Dec  7 00:16:04.763482: packet from 192.168.50.3:500: local IKE proposals for 
private#192.168.50.0/24 (IKE SA responder matching remote proposals): 
1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 (default)
Dec  7 00:16:04.779511: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: 
certificate verified OK: CN=192.168.50.3, *************
Dec  7 00:16:04.780176: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: 
switched from "private#192.168.50.0/24"[1] ...192.168.50.3 to 
"private#192.168.50.0/24"
Dec  7 00:16:04.781855: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: 
certificate verified OK: CN=192.168.50.3,*************
Dec  7 00:16:04.782210: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: 
Authenticated using RSA
Dec  7 00:16:04.785707: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: 
responding to AUTH message (ID 1) from 192.168.50.3:500 with encrypted 
notification AUTHENTICATION_FAILED
Dec  7 00:16:04.786171: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: 
deleting state (STATE_PARENT_R2) and sending notification
Dec  7 00:16:04.787074: packet from 192.168.50.3:500: ISAKMP_v2_INFORMATIONAL 
message response has no matching IKE SA
[root@bast ipsec.d]#


source (192.168.50.3):


Dec  7 00:16:04.758046: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local 
IKE proposals for private#192.168.50.0/24 (IKE SA initiator selecting KE): 
1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 
4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256
 (default)
Dec  7 00:16:04.772481: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local 
ESP/AH proposals for private#192.168.50.0/24 (IKE SA initiator emitting ESP/AH 
proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 
2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 
3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 
4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 
5:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED (default)
Dec  7 00:16:04.784389: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: IKE SA 
authentication request rejected: AUTHENTICATION_FAILED
Dec  7 00:16:04.784418: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: 
scheduling retry attempt 1 of an unlimited number
Dec  7 00:16:04.784433: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: 
STATE_PARENT_I2: suppressing retransmits; will wait 2.988 seconds for retry
Dec  7 00:16:04.784864: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: 
responding to INFORMATIONAL message (ID 0) from 192.168.50.2:500 with encrypted 
notification INVALID_IKE_SPI
Dec  7 00:16:07.774486: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: 
STATE_PARENT_I2: 3 second timeout exceeded after 0 retransmits.  Possible 
authentication failure: no acceptable response to our first encrypted message
Dec  7 00:16:07.774716: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: expire 
pending child #2 STATE_PARENT_I2 of connection "private#192.168.50.0/24"[1] 
...192.168.50.2 - the parent is going away


The IPSec configurations for both machines is identical, save for the "left" 
field in "conn private" in /etc/ipsec.d/oe-certificate.conf. I've verified that 
the certs are good; I intentionally generated them with bad SANs/CNs, which 
generated a totally different error that didn't yield "certificate verified OK" 
like the current configuration does.



Here's my current configuration:


oe-certificate.conf:

------

conn private
        # IPsec mandatory
        rightrsasigkey=%cert
        right=%opportunisticgroup
        rightca=%same
        rightauth=rsasig
        left=192.168.50.2
        leftcert=mycertname
        leftid=%fromcert
        leftauth=rsasig
        narrowing=yes
        type=tunnel
        ikev2=insist
        auto=ondemand
        # tune remaining options to taste - fail fast to prevent packet loss to 
the app
        negotiationshunt=hold
        failureshunt=drop
        # 0 means infinite tries
        keyingtries=0
        retransmit-timeout=3s
------

ipsec.conf:
------
config setup
protostack=netkey
#plutodebug="all"
logfile=/var/log/pluto.log

include /etc/ipsec.d/*.conf
------

policies/private:
------
192.168.50.0/24
------

``ipsec --version``:
------
Linux Libreswan 3.25 (netkey) on 3.10.0-862.14.4.el7.x86_64
------

``vboxmanage --version``:
------
5.2.22r126257
------

I'm working from the base 'centos/7' Vagrant image. I can add the Vagrantfile 
I'm using as well.

Thanks in advance! I'm hoping this is something super simple. Please let me 
know what other information I can provide to help.


-Jonathan

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to