[Swan] Secure VPN Setup

Kenny thenothing at ofpain.com
Wed Apr 20 22:21:39 UTC 2016



I'm not joking when I say that I am looking to setup the most
secure-possible remote access VPN setup.  Scenario is 1 connection at 1 time
while on the road so I don't care about performance hits with ciphers and
hashing algorithms or key exchange parameters or any other attributes for
setting up the tunnel and ensuring authentication is stronger than necessary
in every way.


Can anyone offer any suggestions if they have already done the research?  I
am a bit opposed to doing 2-factor authentication by introducing other
software into the mix = increasing the attack surface.  But would like to do
some other form of 2 factor authentication, like a USB stick or smart card
or something, is this possible using x.509 with pam?


I have a dedicated and hardened Debian box with only the necessary software
installed (command line and the barest skeleton possible).. it's literally
barebones and I'm only going to install libreswan and any other dependencies
on it.


I'd like to use IKEv2 with the strongest configuration possible - but have
had some issues in finding whether or not  I can utilize client certificates
AND a username and password, or if there are custom checks I can do on the
host (registry values, software installed, certain services running, etc.) I
don't think this is possible but wanted to ask anyway.


This will have to be a NAT-T scenario as my box is going to be reachable via
pass-through (on that note can I use a custom port number, and do port
translation with an already complicated NAT-T setup?).  I will only be using
the VPN tunnel to allow for the remote access client to utilize my home
network instead of an insecure wireless or wired network on the road.



I'd like to avoid NIST recommendations if possible because I don't trust the
selection process..

For some base requirements I'm thinking - main mode, IPv4 only as I don't
trust IPv6 in any way yet, the strongest encryption algorithm (CHACHA?), the
most entropic pseudo-random function PRF_HMAC_SHA2_512?, the strongest
hashing integrity algorithm AUTH_HMAC_SHA2_512_256?, the strongest ESP
encryption = AES-CBC (SUCKS), the strongest ESP authentication algorithm =
AES-GMAC with AES-128?, the strongest DH transform brainpoolP512r1?,
strongest certificate (and way to most safely secure password for cert) and
hashing algorithm SHA3? and other attributes public key size limit = 4096
8192 do we know what the threshold is where we may be introducing other
issues obviously we don't need to go with something insanely high but I
don't want it to even be possible assuming that governments lie about
computing power which they do? Prime number generate for seeding for
certificate with a limit on value lower bounds, the strongest , no
compression, strongest hash algorithm SHA2-512 hash algorithm?, strongest
secure password method PACE?


Depending on the chosen configuration - obviously there would be conflicts



1.)    Can I do main mode IKEv2 with a remote access to VPN server NAT-T

2.)    Can I do AH and ESP with this setup, or is AH or ESP alone more
secure, I know AH is typically tunnel and ESP is typically transport but
there are differing opinions online?

3.)    Can I do client certificate and password without using another
product piece of software that relies on an external source e.g. google or
RSA tokens one OTP - maybe a usb stick or smart card or some other software
token that does not have to reach out externally? My concern is the VPN
server having to get this information primarily - best case scenario would
be cert and pass PLUS a google OTP or RSA token number. I know I'm reaching
on this one, just wondering what thinking out of the box solutions there
might be that libreswan is capable of doing

4.)    Can I check host configuration and OS or other software attributes
before finalizing (finalizing meaning at whatever point would be secure and
still possible)

5.)    Can anyone list the most secure of each IKEv2 spec?  In my research
the ones I've listed above are the best - chacha, brainpool, SHA2, public
key sizes greater or equal to 4096 - but for the others I don't know - like
ESP, AH, PRF, hashing integrity algorithm, prime number seeding with
boundaries on low numbers,  secure password method, etc.


Have I missed anything ?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160420/f75de9c7/attachment.html>

More information about the Swan mailing list