Swiss Cyber Storm II Hack & Learn VPN with Windows 7 and Linux strongswan using IKEv2 Prof. Dr. Andreas Steffen andreas.steffen@hsr.ch Andreas Steffen, 19.04.2009, CyberStormII.pptx 1
The Road Warrior Remote Access Case Home Network 10.10.0.0/23 VPN Gateway 77.56.157.76 Internet IPsec Tunnel Virtual IP 10.10.3.6 x.x.x.x Dynamic IP Road Warrior Road Warriors sign on to their home network via IKEv2 with varying IP addresses assigned dynamically by the local ISP. Authentication is preferably based on RSA public keys and X.509 certificates issued by the home network. Virtual IP and internal name server information assigned by the home network. Remote hosts thus become part of an extruded net. Andreas Steffen, 19.04.2009, CyberStormII.pptx 2
IKEv2 Internet Key Exchange v2 (2005) Initiator UDP/500 Responder IKE IKE Header Header SA1 SA1 i i KE KE i i N i i IKE_SA_INIT exchange pair 1 IKE 2 IKE Header Header SA1 SA1 r r KE KE r r N r r IKE IKE Header Header ID ID i i Cert Cert i i ID ID r r 3 Auth Auth i i SA2 SA2 i i TS TS i i TS TS r r encrypted 4 IKE IKE Header Header ID ID r r Cert Cert r r Auth Auth r r IKE_AUTH exchange pair encrypted SA2 SA2 r r TS TS i i TS TS r r Andreas Steffen, 19.04.2009, CyberStormII.pptx 3
Swiss Cyber Storm II Hack & Learn Client Authentication with Machine Certificates Andreas Steffen, 19.04.2009, CyberStormII.pptx 4
Windows 7 Machine Certificates Machine certificates (*.p12) must be imported via the Microsoft management console (mmc) into the Local Computer section of the Windows 7 registry! Do not double-click on machine certificates! Andreas Steffen, 19.04.2009, CyberStormII.pptx 5
Windows 7 VPN Client Configuration I Andreas Steffen, 19.04.2009, CyberStormII.pptx 6
Windows 7 VPN Client Configuration II Andreas Steffen, 19.04.2009, CyberStormII.pptx 7
Windows 7 VPN Client Configuration III VPN gateway Arbitrary name Andreas Steffen, 19.04.2009, CyberStormII.pptx 8
Windows 7 VPN Client Configuration IV Username/Password information not used if authentication is based on machine certificates. Andreas Steffen, 19.04.2009, CyberStormII.pptx 9
Windows 7 VPN Client Configuration V Andreas Steffen, 19.04.2009, CyberStormII.pptx 10
Windows 7 VPN Client Configuration VI Alternatively EAP-MS-CHAPv2 username/password based authentication could be used with a Linux strongswan gateway. Unfortunately, Windows 7 Beta is prone to Man-in-the-Middle attacks since the gateway signature is not verified by the Windows 7 client! Andreas Steffen, 19.04.2009, CyberStormII.pptx 11
Windows 7 VPN Client Configuration VIa Andreas Steffen, 19.04.2009, CyberStormII.pptx 12
Windows 7 VPN Client Configuration VII The Windows 7 Agile VPN Client supports the IKEv2 Mobility and Multihoming Protocol MOBIKE (RFC 4555). A change of the IP address or network interface on the client side is communicated via IKEv2 to the VPN gateway so that an existing IPsec tunnel is migrated automatically! Andreas Steffen, 19.04.2009, CyberStormII.pptx 13
Linux strongswan Gateway Configuration #/etc/ipsec.secrets : RSA koalakey.pem #/etc/ipsec.conf conn win7 keyexchange=ikev2 authby=rsasig left=%any leftsubnet=0.0.0.0/0 leftcert=koalacert.pem leftid=@koala.strongswan.org leftfirewall=yes right=%any rightsourceip=10.10.3.0/24 auto=add #/etc/strongswan.conf charon { dns1 = 62.2.17.60 dns2 = 62.2.24.162 nbns1 = 10.10.1.1 nbns2 = 10.10.0.1 } The strongswan gateway could narrow the traffic selector to the local network but Windows 7 does not allow split-tunneling! Andreas Steffen, 19.04.2009, CyberStormII.pptx 14
Windows 7 VPN Client Connect Andreas Steffen, 19.04.2009, CyberStormII.pptx 15
Windows 7 Status Information Andreas Steffen, 19.04.2009, CyberStormII.pptx 16
Linux strongswan Logfile [NET] received packet: from 193.247.250.37[506] to 77.56.157.76[500] [ENC] parsed IKE_SA_INIT request 0 [SA KE No N(NATD_S_IP) N(NATD_D_IP)] [IKE] 193.247.250.37 is initiating an IKE_SA [IKE] remote host is behind NAT [ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] [NET] sending packet: from 77.56.157.76[500] to 193.247.250.37[506] [NET] received packet: from 193.247.250.37[3226] to 77.56.157.76[4500] [ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CP SA TSi TSr ] [IKE] authentication of 'C=CH, O=Linux strongswan, CN=bonsai.strongswan.org with RSA signature successful [IKE] IKE_SA win7[1] established between 77.56.157.76[koala.strongswan.org]...193.247.250.37[C=CH, O=Linux strongswan, CN=bonsai.strongswan.org] [IKE] assigning virtual IP 10.10.3.6 to peer [ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CP SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ] [IKE] CHILD_SA win7{1} established with SPIs c97fa201_i e7d5941a_o and TS 0.0.0.0/0 === 10.10.3.6/32 [NET] sending packet: from 77.56.157.76[4500] to 193.247.250.37[3226] Andreas Steffen, 19.04.2009, CyberStormII.pptx 17
Summary The Windows 7 Agile VPN Client [and Windows Server 2008 R2] fully support version 2 of the Internet Key Exchange protocol (IKEv2, RFC 4306) as well as the IKEv2 Mobility and Multihoming protocol (MOBIKE, RFC 4555). The Windows 7 Agile VPN Client is easy to set up and fully interoperates e.g. with an Open Source Linux strongswan VPN gateway available from www.strongswan.org. The current Windows 7 Beta release does not implement the EAP-MS-CHAPv2 authentication properly: The secret derived from the user password is vulnerable to Man-in-the-Middle attacks because the Windows 7 client ignores the server certificate and corresponding digital signature! For the time being use strong authentication based on machine certificates instead! Andreas Steffen, 19.04.2009, CyberStormII.pptx 18
Swiss Cyber Storm II Hack & Learn More infos: http://wiki.strongswan.org/wiki/windows7 Questions? Andreas Steffen, 19.04.2009, CyberStormII.pptx 19