[Swan] Opportunistic Encryption in VirtualBox

Jonathan Thompson jonathan.thompson at polarisalpha.com
Fri Dec 7 00:28:57 UTC 2018


Hello,


I'm working on setting up a libreswan testbed in VirtualBox with two virtual machines utilizing opportunistic encryption. I'm following the guide here: https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec


I've made a good amount of progress, but have had a few gotchas along the way, and am ultimately blocked; I'm listing the gotchas to hopefully help someone else trying to do the same thing.


1) Both "rightauth" and "leftauth" need to be set to "rsasig" in /etc/ipsec.d/oe-certificate.conf.

2) In VirtualBox, I'm using an internal network to connect the two machines which isn't exposed to the host machine. Since the default route for VirtualBox VMs is eth0, I had to configure IPSec to run on the eth1 interface by specifying 'interfaces="ipsec0=eth1"'.

3) Since I'm using a network interface other than the %defaultroute, it seems I had to manually set "left=<eth1 ip>" in oe-certificate.conf. Is there a more elegant way to accomplish this? (like, a %ipsec0 magic, which I tried out of curiosity but didn't work. Couldn't find more documentation on that.).


Once that's all done and ipsec is restarted, I ping one machine from the other, and get the following result in the pluto logs:


dest (192.168.50.2):


Dec  7 00:16:04.763482: packet from 192.168.50.3:500: local IKE proposals for private#192.168.50.0/24 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
Dec  7 00:16:04.779511: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: certificate verified OK: CN=192.168.50.3, *************
Dec  7 00:16:04.780176: "private#192.168.50.0/24"[1] ...192.168.50.3 #1: switched from "private#192.168.50.0/24"[1] ...192.168.50.3 to "private#192.168.50.0/24"
Dec  7 00:16:04.781855: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: certificate verified OK: CN=192.168.50.3,*************
Dec  7 00:16:04.782210: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: Authenticated using RSA
Dec  7 00:16:04.785707: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: responding to AUTH message (ID 1) from 192.168.50.3:500 with encrypted notification AUTHENTICATION_FAILED
Dec  7 00:16:04.786171: "private#192.168.50.0/24"[2] ...192.168.50.3===? #1: deleting state (STATE_PARENT_R2) and sending notification
Dec  7 00:16:04.787074: packet from 192.168.50.3:500: ISAKMP_v2_INFORMATIONAL message response has no matching IKE SA
[root at bast ipsec.d]#


source (192.168.50.3):


Dec  7 00:16:04.758046: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local IKE proposals for private#192.168.50.0/24 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256,HMAC_SHA1;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128,HMAC_SHA1_96;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256 (default)
Dec  7 00:16:04.772481: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: local ESP/AH proposals for private#192.168.50.0/24 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 5:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED (default)
Dec  7 00:16:04.784389: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: IKE SA authentication request rejected: AUTHENTICATION_FAILED
Dec  7 00:16:04.784418: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: scheduling retry attempt 1 of an unlimited number
Dec  7 00:16:04.784433: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: STATE_PARENT_I2: suppressing retransmits; will wait 2.988 seconds for retry
Dec  7 00:16:04.784864: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: responding to INFORMATIONAL message (ID 0) from 192.168.50.2:500 with encrypted notification INVALID_IKE_SPI
Dec  7 00:16:07.774486: "private#192.168.50.0/24"[1] ...192.168.50.2 #2: STATE_PARENT_I2: 3 second timeout exceeded after 0 retransmits.  Possible authentication failure: no acceptable response to our first encrypted message
Dec  7 00:16:07.774716: "private#192.168.50.0/24"[1] ...192.168.50.2 #1: expire pending child #2 STATE_PARENT_I2 of connection "private#192.168.50.0/24"[1] ...192.168.50.2 - the parent is going away


The IPSec configurations for both machines is identical, save for the "left" field in "conn private" in /etc/ipsec.d/oe-certificate.conf. I've verified that the certs are good; I intentionally generated them with bad SANs/CNs, which generated a totally different error that didn't yield "certificate verified OK" like the current configuration does.



Here's my current configuration:


oe-certificate.conf:

------

conn private
        # IPsec mandatory
        rightrsasigkey=%cert
        right=%opportunisticgroup
        rightca=%same
        rightauth=rsasig
        left=192.168.50.2
        leftcert=mycertname
        leftid=%fromcert
        leftauth=rsasig
        narrowing=yes
        type=tunnel
        ikev2=insist
        auto=ondemand
        # tune remaining options to taste - fail fast to prevent packet loss to the app
        negotiationshunt=hold
        failureshunt=drop
        # 0 means infinite tries
        keyingtries=0
        retransmit-timeout=3s
------

ipsec.conf:
------
config setup
protostack=netkey
#plutodebug="all"
logfile=/var/log/pluto.log

include /etc/ipsec.d/*.conf
------

policies/private:
------
192.168.50.0/24
------

``ipsec --version``:
------
Linux Libreswan 3.25 (netkey) on 3.10.0-862.14.4.el7.x86_64
------

``vboxmanage --version``:
------
5.2.22r126257
------

I'm working from the base 'centos/7' Vagrant image. I can add the Vagrantfile I'm using as well.

Thanks in advance! I'm hoping this is something super simple. Please let me know what other information I can provide to help.


-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181207/0306c994/attachment.html>


More information about the Swan mailing list