Project

General

Profile

Windows Suite B Support with IKEv1 » History » Version 25

Version 24 (Andreas Steffen, 22.07.2009 20:37) → Version 25/26 (Andreas Steffen, 22.07.2009 21:28)

h1. Windows Suite B Support with IKEv1

{{>toc}}

Windows Vista Service Pack 1, Windows Server 2008 and Windows 7 support the Suite B cryptographic algorithms for IPsec defined by "RFC 4869":http://tools.ietf.org/html/rfc4869. For Windows configuration details see http://support.microsoft.com/kb/949856/.

Starting with strongSwan release 4.3.3 the IKEv1 pluto daemon also fully supports the Suite B cryptographic algorithms. This is the reason that we created this HOWTO on Windows Suite B interoperability.

h2. 1 Preparations

h3. 1.1 Import of Windows Machine Certificates

First we import both an ECDSA-256 and an ECDSA-384 machine certificate plus the corresponding private keys and root CA certificate in PKCS#12 format (.p12) into the local computer part of the Windows registry using the Microsoft Management Console *mmc*. The following "step-by-step tutorial":http://wiki.strongswan.org/wiki/strongswan/Win7Certs shows how this is done. If you have been successful then the mmc console display should look like this:

!advfirewall_mmc.png!

Here are some details on the imported ECDSA-256 certificate:

!advfirewall_ecdsa256_cert.png!

and here on the imported ECDSA-384 certificate:

!advfirewall_ecdsa384_cert.png!

h3. 1.2 Import of strongSwan Private Keys

The path to RSA and ECDSA private keys are defined in /etc/ipsec.secrets:

<pre>
# /etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA vpnKey.pem

: ECDSA koala_ec256Key.pem

: ECDSA koala_ec384Key.pem

</pre>

h3. 1.3 Windows Main Mode Security Methods

The following command sets the IKEv1 Main Mode security methods globally since the Suite B parameters cannot be set via the graphical advanced firewall interface:

<pre>
netsh advfirewall set global mainmode mmsecmethods ecdhp256:aes128-sha256,ecdhp384:aes192-sha384,dhgroup14:aes128-sha1
</pre>

The currently configured algorithms can be checked using the command:

<pre>
netsh advfirewall show global

Main Mode:
KeyLifetime 480min,0sess
SecMethods ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
ForceDH No
</pre>

h2. 2 Suite B with 128 Bit Security

h3. 2.1 Windows Connection Security Rule

First we create a new "VPN Suite B 256" security rule. As first authentication method we choose ECDSA-P256 and and select our Root CA:

!advfirewall_auth_method_ecdsa_256.png!

Also the connection endpoints (traffic selectors) as well as the local and remote IP address of the VPN connection must be defined:

!advfirewall_security_rule_256.png!

The following command sets the IKEv1 Quick Mode algorithms in the rule "VPN Suite B 256":

<pre>
netsh advfirewall consec set rule name="VPN Suite B 256" new qmsecmethods=esp:aesgcm128-aesgcm128,esp:aesgcm192-aesgcm192,esp:aesgcm256-aesgcm256
</pre>

These Suite B Quick Mode parameters cannot be set via the graphical advanced firewall interface. The resulting current rule settings are shown with the following command:

<pre>
netsh advfirewall consec show rule name="VPN Suite B 256"

Rule Name: VPN Suite B 256
----------------------------------------------------------------------
Enabled: Yes
Profiles: Domain,Private,Public
Type: Static
Mode: Tunnel
LocalTunnelEndpoint: 10.10.0.6
RemoteTunnelEndpoint: 10.10.0.1
Endpoint1: 10.10.0.6/32
Endpoint2: 10.10.1.0/24
Protocol: Any
Action: RequireInRequireOut
Auth1: ComputerCertECDSAP256
Auth1ECDSAP256CAName: C=CH, O=strongSec GmbH, CN=strongSec 2007 CA
Auth1ECDSAP256CertMapping: No
Auth1ECDSAP256ExcludeCAName: No
Auth1ECDSAP256CertType: Root
Auth1ECDSAP256HealthCert: No
MainModeSecMethods: ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
QuickModeSecMethods: ESP:AESGCM128-AESGCM128+60min+100000kb,ESP:AESGCM192-AESGCM192+60min+100000kb,ESP:AESGCM256-AESGCM256+60min+100000kb
ExemptIPsecProtectedConnections: No
ApplyAuthorization: No
Ok.
</pre>

h3. 2.2 strongSwan Connection Definition

On the strongSwan side the following entries are required in ipsec.conf for 128 bit security:

<pre>
conn suiteB-256
leftcert=koala_ec256Cert.pem
rightid="C=CH, O=strongSec GmbH, OU=ECDSA-256, CN=bonsai.strongsec.com"
ike=aes128-sha256-ecp256!
esp=aes128gcm16!
also=suiteB
auto=add

conn suiteB
left=10.10.0.1
leftsubnet=10.10.1.0/24
leftid=@koala.strongsec.com
leftfirewall=yes
lefthostaccess=yes
right=10.10.0.6
rightca=%same
keyexchange=ikev1
pfs=no
dpdaction=clear
dpddelay=300s
rekey=no
</pre>

h3. 2.3 Windows Security Association Monitoring

Pinging host 10.10.1.11 behind the Linux VPN gateway from the Windows host triggers the IKEv1 tunnel setup.
The following Windows status information is available for the Main Mode:

!advfirewall_main_mode_128.png!

and the established Quick Mode:

!advfirewall_quick_mode_128.png!

h3. 2.4 strongSwan IPsec Status Information

Here the resulting status output on the Linux side:

<pre>
root@koala:~# ipsec statusall suiteB-256

Status of IKEv1 pluto daemon (strongSwan 4.3.3):
interface eth1/eth1 10.10.0.1:4500
interface eth1/eth1 10.10.0.1:500
loaded plugins: curl test-vectors aes des sha1 sha2 md5 gmp openssl pubkey random hmac
debug options: control

"suiteB-256": 10.10.1.0/24===10.10.0.1[@koala.strongsec.com]...10.10.0.6[C=CH, O=strongSec GmbH, OU=ECDSA-256, CN=bonsai.strongsec.com]; erouted; eroute owner: !#2
"suiteB-256": CAs: 'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'...'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'
"suiteB-256": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
"suiteB-256": dpd_action: clear; dpd_delay: 300s; dpd_timeout: 150s;
"suiteB-256": policy: PUBKEY+ENCRYPT+TUNNEL+DONTREKEY; prio: 24,32; interface: eth1;
"suiteB-256": newest ISAKMP SA: !#1; newest IPsec SA: !#2;
"suiteB-256": IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_256
"suiteB-256": ESP proposal: AES_GCM_16_128/AUTH_NONE/<N/A>

!#2: "suiteB-256" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3579s; newest IPSEC; eroute owner
!#2: "suiteB-256" esp.aa4cf272@10.10.0.6 (180 bytes, 16s ago) esp.cdf37664@10.10.0.1 (240 bytes, 16s ago); tunnel
!#1: "suiteB-256" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 28778s; newest ISAKMP

</pre>

h2. 3 Suite B with 192 Bit Security

h3. 3.1 Windows Connection Security Rule

We create a "VPN Suite B 384" security rule: As first authentication method we choose ECDSA-P384 and and select our Root CA:

!advfirewall_auth_method_ecdsa_384.png!

Also the connection endpoints (traffic selectors) as well as the local and remote IP address of the VPN connection must be defined:

!advfirewall_security_rule_384.png!

The following command sets the IKEv1 Quick Mode algorithms in the rule "VPN Suite B 384":

<pre>
netsh advfirewall consec set rule name="VPN Suite B 384" new qmsecmethods=esp:aesgcm128-aesgcm128,esp:aesgcm192-aesgcm192,esp:aesgcm256-aesgcm256
</pre>

These Suite B Quick Mode parameters cannot be set via the graphical advanced firewall interface. The resulting current rule settings are shown with the following command:

<pre>
netsh advfirewall consec show rule name="VPN Suite B 384"

Rule Name: VPN Suite B 384
----------------------------------------------------------------------
Enabled: Yes
Profiles: Domain,Private,Public
Type: Static
Mode: Tunnel
LocalTunnelEndpoint: 10.10.0.6
RemoteTunnelEndpoint: 10.10.0.1
Endpoint1: 10.10.0.6/32
Endpoint2: 10.10.1.0/24
Protocol: Any
Action: RequireInRequireOut
Auth1: ComputerCertECDSAP384
Auth1ECDSAP384CAName: C=CH, O=strongSec GmbH, CN=strongSec 2007 CA
Auth1ECDSAP384CertMapping: No
Auth1ECDSAP384ExcludeCAName: No
Auth1ECDSAP384CertType: Root
Auth1ECDSAP384HealthCert: No
MainModeSecMethods: ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
QuickModeSecMethods: ESP:AESGCM128-AESGCM128+60min+100000kb,ESP:AESGCM192-AESGCM192+60min+100000kb,ESP:AESGCM256-AESGCM256+60min+100000kb
ExemptIPsecProtectedConnections: No
ApplyAuthorization: No
Ok.
</pre>

h3. 3.2 strongSwan Connection Definition

On the strongSwan side the following entries are required in ipsec.conf for 192 bit security:

<pre>
conn suiteB-384
leftcert=koala_ec384Cert.pem
rightid="C=CH, O=strongSec GmbH, OU=ECDSA-384, CN=bonsai.strongsec.com"
ike=aes192-sha384-ecp384!
esp=aes192gcm16!
also=suiteB
auto=add

conn suiteB
left=10.10.0.1
leftsubnet=10.10.1.0/24
leftid=@koala.strongsec.com
leftfirewall=yes
lefthostaccess=yes
right=10.10.0.6
rightca=%same
keyexchange=ikev1
pfs=no
dpdaction=clear
dpddelay=300s
rekey=no

</pre>

h3. 3.3 Windows Security Association Monitoring

Pinging host 10.10.1.11 behind the Linux VPN gateway from the Windows host triggers the IKEv1 tunnel setup.
The following Windows status information is available for the Main Mode:

!advfirewall_main_mode_192.png!

and the established Quick Mode:

!advfirewall_quick_mode_192.png!

h3. 3.4 strongSwan IPsec Status Information

Here the resulting status output on the Linux side:

<pre>
root@koala:~# ipsec statusall suiteB-384

Status of IKEv1 pluto daemon (strongSwan 4.3.3):
interface eth1/eth1 10.10.0.1:4500
interface eth1/eth1 10.10.0.1:500
loaded plugins: curl test-vectors aes des sha1 sha2 md5 gmp openssl pubkey random hmac
debug options: control

"suiteB-384": 10.10.1.0/24===10.10.0.1[@koala.strongsec.com]...10.10.0.6[C=CH, O=strongSec GmbH, OU=ECDSA-384, CN=bonsai.strongsec.com]; erouted; eroute owner: !#6
"suiteB-384": CAs: 'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'...'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'
"suiteB-384": ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
"suiteB-384": dpd_action: clear; dpd_delay: 300s; dpd_timeout: 150s;
"suiteB-384": policy: PUBKEY+ENCRYPT+TUNNEL+DONTREKEY; prio: 24,32; interface: eth1;
"suiteB-384": newest ISAKMP SA: !#5; newest IPsec SA: !#6;
"suiteB-384": IKE proposal: AES_CBC_192/HMAC_SHA2_384/ECP_384
"suiteB-384": ESP proposal: AES_GCM_16_192/AUTH_NONE/<N/A>

!#6: "suiteB-384" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3591s; newest IPSEC; eroute owner
!#6: "suiteB-384" esp.f54365c2@10.10.0.6 (180 bytes, 4s ago) esp.9f80bd7e@10.10.0.1 (240 bytes, 4s ago); tunnel
!#5: "suiteB-384" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 28790s; newest ISAKMP
</pre>