[Swan] Opportunistic Encryption in VirtualBox
Jonathan Thompson
jonathan.thompson at polarisalpha.com
Fri Dec 7 00:28:57 UTC 2018
Hello,
I'm working on setting up a libreswan testbed in VirtualBox with two virtual machines utilizing opportunistic encryption. I'm following the guide here: https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec
I've made a good amount of progress, but have had a few gotchas along the way, and am ultimately blocked; I'm listing the gotchas to hopefully help someone else trying to do the same thing.
1) Both "rightauth" and "leftauth" need to be set to "rsasig" in /etc/ipsec.d/oe-certificate.conf.
2) In VirtualBox, I'm using an internal network to connect the two machines which isn't exposed to the host machine. Since the default route for VirtualBox VMs is eth0, I had to configure IPSec to run on the eth1 interface by specifying 'interfaces="ipsec0=eth1"'.
3) Since I'm using a network interface other than the %defaultroute, it seems I had to manually set "left=<eth1 ip>" in oe-certificate.conf. Is there a more elegant way to accomplish this? (like, a %ipsec0 magic, which I tried out of curiosity but didn't work. Couldn't find more documentation on that.).
Once that's all done and ipsec is restarted, I ping one machine from the other, and get the following result in the pluto logs:
dest (192.168.50.2):
Dec 7 00:16:04.763482: packet from 192.168.50.3:500: local IKE proposals for private#192.168.50.0/24 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
Dec 7 00:16:04.779511: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: certificate verified OK: CN=192.168.50.3, *************
Dec 7 00:16:04.780176: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: switched from "private#192.168.50.0/24"[1] ...192.168.50.3 to "private#192.168.50.0/24"
Dec 7 00:16:04.781855: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: certificate verified OK: CN=192.168.50.3,*************
Dec 7 00:16:04.782210: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: Authenticated using RSA
Dec 7 00:16:04.785707: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: responding to AUTH message (ID 1) from 192.168.50.3:500 with encrypted notification AUTHENTICATION_FAILED
Dec 7 00:16:04.786171: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: deleting state (STATE_PARENT_R2) and sending notification
Dec 7 00:16:04.787074: packet from 192.168.50.3:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA
[root at bast ipsec.d]#
source (192.168.50.3):
Dec 7 00:16:04.758046: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local IKE proposals for private#192.168.50.0/24 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
Dec 7 00:16:04.772481: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local ESP/AH proposals for private#192.168.50.0/24 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 5:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED (default)
Dec 7 00:16:04.784389: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: IKE SA authentication request rejected: AUTHENTICATION_FAILED
Dec 7 00:16:04.784418: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: scheduling retry attempt 1 of an unlimited number
Dec 7 00:16:04.784433: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: STATE_PARENT_I2: suppressing retransmits; will wait 2.988 seconds for retry
Dec 7 00:16:04.784864: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: responding to INFORMATIONAL message (ID 0) from 192.168.50.2:500 with encrypted notification INVALID_IKE_SPI
Dec 7 00:16:07.774486: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: STATE_PARENT_I2: 3 second timeout exceeded after 0 retransmits. Possible authentication failure: no acceptable response to our first encrypted message
Dec 7 00:16:07.774716: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: expire pending child #2 STATE_PARENT_I2 of connection "private#192.168.50.0/24"[1] ...192.168.50.2 - the parent is going away
The IPSec configurations for both machines is identical, save for the "left" field in "conn private" in /etc/ipsec.d/oe-certificate.conf. I've verified that the certs are good; I intentionally generated them with bad SANs/CNs, which generated a totally different error that didn't yield "certificate verified OK" like the current configuration does.
Here's my current configuration:
oe-certificate.conf:
------
conn private
# IPsec mandatory
rightrsasigkey=%cert
right=%opportunisticgroup
rightca=%same
rightauth=rsasig
left=192.168.50.2
leftcert=mycertname
leftid=%fromcert
leftauth=rsasig
narrowing=yes
type=tunnel
ikev2=insist
auto=ondemand
# tune remaining options to taste - fail fast to prevent packet loss to the app
negotiationshunt=hold
failureshunt=drop
# 0 means infinite tries
keyingtries=0
retransmit-timeout=3s
------
ipsec.conf:
------
config setup
protostack=netkey
#plutodebug="all"
logfile=/var/log/pluto.log
include /etc/ipsec.d/*.conf
------
policies/private:
------
192.168.50.0/24
------
``ipsec --version``:
------
Linux Libreswan 3.25 (netkey) on 3.10.0-862.14.4.el7.x86_64
------
``vboxmanage --version``:
------
5.2.22r126257
------
I'm working from the base 'centos/7' Vagrant image. I can add the Vagrantfile I'm using as well.
Thanks in advance! I'm hoping this is something super simple. Please let me know what other information I can provide to help.
-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181207/0306c994/attachment.html>
More information about the Swan
mailing list