[Swan] Options for Windows clients

Alex mysqlstudent at gmail.com
Thu Dec 31 03:14:25 UTC 2020


> > certutil -S -c "Example CA" -n "win10client.example.com" \
> >          -s "O=Example,CN=win10client.example.com" -k rsa \
> >          -g 4096 -v 36 -d sql:/etc/ipsec.d -t ",," -1 -6 -8
> > "win10client.example.com"
> I see that the options -1 and -6 have no argument. Apparently this
> triggers an interactive loop to specify the respective properties.
> I think the client options should be:
> -1 "digitalSignature,keyEncipherment"
> -6 "clientAuth"
> For the server:
> -1 "digitalSignature,keyEncipherment"
> -6 "serverAuth,ipsecIKEIntermediate"

I believe it was either the first or second message on this thread I
asked if it was a problem that I was testing on the same network I was
located on, but perhaps that got overlooked :-) I recalled it being a
problem when I did this like fifteen years ago, lol. I've since
connected through my phone.

Anyway, it was either that or a combination of changes I made to the
certutil command that got me a bit further.

Dec 30 22:06:47.568952: "ikev2-cp"[2] local IKE
proposals (IKE SA responder matching remote proposals):
Dec 30 22:06:47.569014: "ikev2-cp"[2]
Dec 30 22:06:47.569029: "ikev2-cp"[2]
Dec 30 22:06:47.569041: "ikev2-cp"[2]
Dec 30 22:06:47.569052: "ikev2-cp"[2]
Dec 30 22:06:47.569083: "ikev2-cp"[2] #3: proposal
2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from
emote proposals
Dec 30 22:06:47.573387: "ikev2-cp"[2] #3: sent
IKE_SA_INIT reply {auth=IKEv2 cipher=AES_CBC_256
integ=HMAC_SHA2_256_128 prf
=HMAC_SHA2_256 group=MODP2048}
Dec 30 22:06:47.702497: "ikev2-cp"[2] #3: processing
Dec 30 22:06:47.704044: "ikev2-cp"[2] #3: certificate
verified OK: O=Example,CN=win10client.example.com
Dec 30 22:06:47.704103: "ikev2-cp"[2] #3: IKEv2 mode
peer ID is ID_DER_ASN1_DN: 'CN=win10client.example.com, O=Example'
Dec 30 22:06:47.704669: "ikev2-cp"[2] #3: authenticated
using RSA with SHA1
Dec 30 22:06:47.718096: "ikev2-cp"[2] #4: no local
proposal matches remote proposals
Dec 30 22:06:47.718122: "ikev2-cp"[2] #4: IKE_AUTH
responder matching remote ESP/AH proposals failed, responder SA
processing returned STF_FAIL+v2N_NO_PROPOSAL_CHOSEN
Dec 30 22:06:47.718134: "ikev2-cp"[2] #4: responding to
IKE_AUTH message (ID 1) from with encrypted
Dec 30 22:06:47.718209: "ikev2-cp"[2] #4: state
transition 'Responder: process IKE_AUTH request' failed
Dec 30 22:06:47.718250: "ikev2-cp"[2] #4: deleting
state (STATE_V2_IKE_AUTH_CHILD_R0) aged 0.00017s and NOT sending

Windows reports the same "policy match error".

Here are the certutil commands I am now using:

# generate CA certificate
echo "Generating CA certificate...."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -x -n "Example CA" -s "O=Example,CN=Example CA" -k rsa \
        -g 4096 -v 36 -t "CT,," -2 -d /var/lib/ipsec/nss

# generate orion client certificate
echo "Generating orion client certificate..."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -c "Example CA" -n "orion.example.com" -s
"O=Example,CN=orion.example.com" \
        -k rsa -g 4096 -v 120 -t ",," -1 -6 -8 "orion.example.com" -d
/var/lib/ipsec/nss \
        --extSAN "ip:" --keyUsage
"digitalSignature,keyEncipherment" \
        --extKeyUsage "serverAuth,ipsecIKEIntermediate"

# generate Windows certificate
echo "Generating Windows certificate..."
certutil -z <(head -c 1024 /dev/urandom) \
        -S -c "Example CA" -n "win10client.example.com" \
        -s "O=Example,CN=win10client.example.com" -k rsa \
        -g 4096 -v 120 -t ",," -8 "win10client.example.com" -d
/var/lib/ipsec/nss \
        --extSAN "ip:" --keyUsage
digitalSignature,keyEncipherment \
        --extKeyUsage "clientAuth"

certutil -L -d /var/lib/ipsec/nss

pk12util -o win10client.example.com.p12 -n "win10client.example.com"
-d /var/lib/ipsec/nss
pk12util -o orion.example.com.p12 -n "orion.example.com" -d /var/lib/ipsec/nss
ipsec import orion.example.com.p12

Some of this is adapted from

Here is the set-vpnconnection command:
Set-VpnConnectionIPsecConfiguration -ConnectionName ikev2-cp
-EncryptionMethod AES256 -DHGroup Group14 -IntegrityCheckMethod SHA384
-PfsGroup PFS2048 -AuthenticationTransformConstants SHA256128
-CipherTransformConstants AES256

Thank you again for your help.

More information about the Swan mailing list