Windows 7

Windows 7 fully supports the IKEv2 (RFC 4306) and MOBIKE (RFC 4555) standards through Microsoft's Agile VPN functionality and is therefore able to interoperate with a strongSwan VPN gateway using these protocols. strongSwan currently can authenticate Windows 7 clients either on the basis of X.509 Machine Certificates using RSA signatures (case A) or Username/Password using EAP-MSCHAP v2 (case B).

Make sure to fulfill the certificate requirements to successfully authenticate peers with Windows 7.

A) Authentication using X.509 Machine Certificates

The strongSwan VPN gateway and each Windows 7 client need an X.509 certificate issued by a Certification Authority (CA). OpenSSL can be used to generate these certificates.

On the Windows 7 Client

On the strongSwan VPN Gateway

B) Authentication using EAP-MSCHAP v2

In order to prevent man-in-the-middle attacks the strongSwan VPN gateway always authenticates itself with an X.509 certificate using a strong RSA signature. After a secure communications channel has been set up by the IKEv2 protocol, the Windows 7 clients authenticate themselves using the EAP-MSCHAPv2 protocol based on user name, optional windows domain and user password.

The Windows 7 Beta client did not verify the certificate trust chain and therefore was prone to man-in-the-middle attacks. This issue has been fixed in the Release Candidate. Additionally, Microsoft added certificate checks to prevent arbitrary certificate holders to act as a gateway.

EAP-MSCHAPv2 requires MD4 to generate the NT-Hashes, so either the MD4 plugin or one of the crypto library wrappers (OpenSSL, Gcrypt) is required.

Important: strongSwan releases before 4.3.1 are not compatible with Windows 7 RC (Build 7100) or later, because Microsoft's EAP-MSCHAPv2 implementation changed from Beta to Release Candidate.

On the Windows 7 Client

On the strongSwan VPN Gateway

Rekeying behavior

IKE_SA rekeying

The Windows 7 client supports IKE_SA rekeying, but can't handle unsupported Diffie Hellman groups. If a strongSwan gateway initiates IKE_SA rekeying, it must use modp1024 as the DH group in the first attempt, otherwise rekeying fails. You can achieve this by setting modp1024 as the first (or only) DH group in the gateways ike proposal.

CHILD_SA rekeying

Rekeying CHILD_SAs is also supported by the Windows 7 client. For some reason, a client behind NAT does not accept a rekeying attempt and rejects it with a Microsoft specific notify 12345, containing an error code ERROR_IPSEC_IKE_INVALID_SITUATION.

To work around the issue, let the client initiate the rekeying. It will do so about every 58 minutes and 46 seconds, so set the gateway rekey time a little higher. There is no way known to change the rekey time (the netsh.ras.ikev2saexpiry options affect the Windows Server implementation only).

Another option is to set no rekey time, but only a hard lifetime to delete the CHILD_SA. The client will renegotiate the SA when required.

Links

  • MoPo users at the University of Freiburg can connect to a strongSwan VPN gateway using Windows 7 (in German).

Acknowledgements

Many thanks go to Edward Chang and Gleb Sechenov from the Information Security Institute (ISI) of the Queensland University of Technology (QUT) who provided the initial Windows 7 Beta and Ubuntu Linux test setup.