[Swan] Options for Windows clients

Alex mysqlstudent at gmail.com
Thu Dec 31 03:14:25 UTC 2020 

Hi,

> > certutil -S -c "Example CA" -n "win10client.example.com" \
> >          -s "O=Example,CN=win10client.example.com" -k rsa \
> >          -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8
> > "win10client.example.com"
>
> I see that the options -1 and -6 have no argument. Apparently this
> triggers an interactive loop to specify the respective properties.
> I think the client options should be:
> -1 "digitalSignature,keyEncipherment"
> -6 "clientAuth"
>
> For the server:
> -1 "digitalSignature,keyEncipherment"
> -6 "serverAuth,ipsecIKEIntermediate"

I believe it was either the first or second message on this thread I
asked if it was a problem that I was testing on the same network I was
located on, but perhaps that got overlooked :-) I recalled it being a
problem when I did this like fifteen years ago, lol. I've since
connected through my phone.

Anyway, it was either that or a combination of changes I made to the
certutil command that got me a bit further.

Dec 30 22:06:47.568952: "ikev2-cp"[2] 172.58.238.215: local IKE
proposals (IKE SA responder matching remote proposals):
Dec 30 22:06:47.569014: "ikev2-cp"[2] 172.58.238.215:
1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 30 22:06:47.569029: "ikev2-cp"[2] 172.58.238.215:
2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 30 22:06:47.569041: "ikev2-cp"[2] 172.58.238.215:
3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 30 22:06:47.569052: "ikev2-cp"[2] 172.58.238.215:
4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 30 22:06:47.569083: "ikev2-cp"[2] 172.58.238.215 #3: proposal
2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from
r
emote proposals
1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048
2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec 30 22:06:47.573387: "ikev2-cp"[2] 172.58.238.215 #3: sent
IKE_SA_INIT reply {auth=IKEv2 cipher=AES_CBC_256
integ=HMAC_SHA2_256_128 prf
=HMAC_SHA2_256 group=MODP2048}
Dec 30 22:06:47.702497: "ikev2-cp"[2] 172.58.238.215 #3: processing
decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,CP,SA,TSi,TSr}
Dec 30 22:06:47.704044: "ikev2-cp"[2] 172.58.238.215 #3: certificate
verified OK: O=Example,CN=win10client.example.com
Dec 30 22:06:47.704103: "ikev2-cp"[2] 172.58.238.215 #3: IKEv2 mode
peer ID is ID_DER_ASN1_DN: 'CN=win10client.example.com, O=Example'
Dec 30 22:06:47.704669: "ikev2-cp"[2] 172.58.238.215 #3: authenticated
using RSA with SHA1
Dec 30 22:06:47.718096: "ikev2-cp"[2] 172.58.238.215 #4: no local
proposal matches remote proposals
1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED
Dec 30 22:06:47.718122: "ikev2-cp"[2] 172.58.238.215 #4: IKE_AUTH
responder matching remote ESP/AH proposals failed, responder SA
processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN
Dec 30 22:06:47.718134: "ikev2-cp"[2] 172.58.238.215 #4: responding to
IKE_AUTH message (ID 1) from 172.58.238.215:43186 with encrypted
notification NO_PROPOSAL_CHOSEN
Dec 30 22:06:47.718209: "ikev2-cp"[2] 172.58.238.215 #4: state
transition 'Responder: process IKE_AUTH request' failed
Dec 30 22:06:47.718250: "ikev2-cp"[2] 172.58.238.215 #4: deleting
state (STATE_V2_IKE_AUTH_CHILD_R0) aged 0.00017s and NOT sending
notification

Windows reports the same "policy match error".

Here are the certutil commands I am now using:

# generate CA certificate
echo "Generating CA certificate...."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa \
        -g 4096 -v 36 -t "CT,," -2 -d /var/lib/ipsec/nss

# generate orion client certificate
echo "Generating orion client certificate..."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -c "Example CA" -n "orion.example.com" -s
"O=Example,CN=orion.example.com" \
        -k rsa -g 4096 -v 120 -t ",," -1 -6 -8 "orion.example.com" -d
/var/lib/ipsec/nss \
        --extSAN "ip:68.195.111.42" --keyUsage
"digitalSignature,keyEncipherment" \
        --extKeyUsage "serverAuth,ipsecIKEIntermediate"

# generate Windows certificate
echo "Generating Windows certificate..."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -c "Example CA" -n "win10client.example.com" \
        -s "O=Example,CN=win10client.example.com" -k rsa \
        -g 4096 -v 120 -t ",," -8 "win10client.example.com" -d
/var/lib/ipsec/nss \
        --extSAN "ip:68.195.111.42" --keyUsage
digitalSignature,keyEncipherment \
        --extKeyUsage "clientAuth"

certutil -L -d /var/lib/ipsec/nss

pk12util -o win10client.example.com.p12 -n "win10client.example.com"
-d /var/lib/ipsec/nss
pk12util -o orion.example.com.p12 -n "orion.example.com" -d /var/lib/ipsec/nss
ipsec import orion.example.com.p12

Some of this is adapted from
https://github.com/hwdsl2/setup-ipsec-vpn

Here is the set-vpnconnection command:
Set-VpnConnectionIPsecConfiguration -ConnectionName ikev2-cp
-EncryptionMethod AES256 -DHGroup Group14 -IntegrityCheckMethod SHA384
-PfsGroup PFS2048 -AuthenticationTransformConstants SHA256128
-CipherTransformConstants AES256

Thank you again for your help.

More information about the Swan mailing list