Project

General

Profile

Windows Suite B Support with IKEv1 » History » Version 26

Andreas Steffen, 22.07.2009 22:13
added newline

1 10 Andreas Steffen
h1. Windows Suite B Support with IKEv1
2 1 Andreas Steffen
3 20 Andreas Steffen
{{>toc}}
4 1 Andreas Steffen
5 21 Andreas Steffen
Windows Vista Service Pack 1, Windows Server 2008 and Windows 7 support the Suite B cryptographic algorithms for IPsec defined by "RFC 4869":http://tools.ietf.org/html/rfc4869. For Windows configuration details see http://support.microsoft.com/kb/949856/.
6 20 Andreas Steffen
7 21 Andreas Steffen
Starting with strongSwan release 4.3.3 the IKEv1 pluto daemon also fully supports the Suite B cryptographic algorithms. This is the reason that we created this HOWTO on Windows Suite B interoperability.
8 21 Andreas Steffen
9 22 Andreas Steffen
h2. 1 Preparations
10 1 Andreas Steffen
11 22 Andreas Steffen
h3. 1.1 Import of Windows Machine Certificates
12 16 Andreas Steffen
13 23 Andreas Steffen
First we import both an ECDSA-256 and an ECDSA-384 machine certificate plus the corresponding private keys and root CA certificate in PKCS#12 format (.p12) into the local computer part of the Windows registry using the Microsoft Management Console *mmc*. The following "step-by-step tutorial":http://wiki.strongswan.org/wiki/strongswan/Win7Certs shows how this is done. If you have been successful then the mmc console display should look like this:
14 16 Andreas Steffen
15 14 Andreas Steffen
!advfirewall_mmc.png!
16 14 Andreas Steffen
17 23 Andreas Steffen
Here are some details on the imported ECDSA-256 certificate:
18 14 Andreas Steffen
19 1 Andreas Steffen
!advfirewall_ecdsa256_cert.png!
20 16 Andreas Steffen
21 23 Andreas Steffen
and here on the imported ECDSA-384 certificate:
22 16 Andreas Steffen
23 1 Andreas Steffen
!advfirewall_ecdsa384_cert.png!
24 1 Andreas Steffen
25 22 Andreas Steffen
h3. 1.2 Import of strongSwan Private Keys
26 1 Andreas Steffen
27 20 Andreas Steffen
The path to RSA and ECDSA private keys are defined in /etc/ipsec.secrets:
28 20 Andreas Steffen
29 20 Andreas Steffen
<pre>
30 20 Andreas Steffen
# /etc/ipsec.secrets - strongSwan IPsec secrets file
31 20 Andreas Steffen
32 20 Andreas Steffen
: RSA vpnKey.pem
33 20 Andreas Steffen
34 20 Andreas Steffen
: ECDSA koala_ec256Key.pem
35 20 Andreas Steffen
36 20 Andreas Steffen
: ECDSA koala_ec384Key.pem
37 20 Andreas Steffen
38 20 Andreas Steffen
</pre>
39 20 Andreas Steffen
40 22 Andreas Steffen
h3. 1.3 Windows Main Mode Security Methods
41 20 Andreas Steffen
42 24 Andreas Steffen
The following command sets the IKEv1 Main Mode security methods globally since the Suite B parameters cannot be set via the graphical advanced firewall interface:
43 1 Andreas Steffen
44 19 Andreas Steffen
<pre>
45 19 Andreas Steffen
netsh advfirewall set global mainmode mmsecmethods ecdhp256:aes128-sha256,ecdhp384:aes192-sha384,dhgroup14:aes128-sha1
46 19 Andreas Steffen
</pre>
47 19 Andreas Steffen
48 19 Andreas Steffen
The currently configured algorithms can be checked using the command:
49 19 Andreas Steffen
50 19 Andreas Steffen
<pre>
51 19 Andreas Steffen
netsh advfirewall show global
52 19 Andreas Steffen
53 19 Andreas Steffen
Main Mode:
54 19 Andreas Steffen
KeyLifetime  480min,0sess
55 19 Andreas Steffen
SecMethods   ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
56 19 Andreas Steffen
ForceDH      No
57 19 Andreas Steffen
</pre>
58 19 Andreas Steffen
59 22 Andreas Steffen
h2. 2 Suite B with 128 Bit Security
60 1 Andreas Steffen
61 22 Andreas Steffen
h3. 2.1 Windows Connection Security Rule
62 16 Andreas Steffen
63 24 Andreas Steffen
First we create a new "VPN Suite B 256" security rule. As first authentication method we choose ECDSA-P256 and and select our Root CA:
64 1 Andreas Steffen
65 24 Andreas Steffen
!advfirewall_auth_method_ecdsa_256.png!
66 24 Andreas Steffen
67 24 Andreas Steffen
Also the connection endpoints (traffic selectors) as well as the local and remote IP address of the VPN connection must be defined:
68 24 Andreas Steffen
69 16 Andreas Steffen
!advfirewall_security_rule_256.png!
70 16 Andreas Steffen
71 16 Andreas Steffen
The following command sets the IKEv1 Quick Mode algorithms in the rule "VPN Suite B 256":
72 1 Andreas Steffen
73 16 Andreas Steffen
<pre>
74 1 Andreas Steffen
netsh advfirewall consec set rule name="VPN Suite B 256" new qmsecmethods=esp:aesgcm128-aesgcm128,esp:aesgcm192-aesgcm192,esp:aesgcm256-aesgcm256
75 3 Andreas Steffen
</pre>
76 4 Andreas Steffen
77 24 Andreas Steffen
These Suite B Quick Mode parameters cannot be set via the graphical advanced firewall interface. The resulting current rule settings are shown with the following command:
78 5 Andreas Steffen
79 5 Andreas Steffen
<pre>
80 16 Andreas Steffen
netsh advfirewall consec show rule name="VPN Suite B 256"
81 5 Andreas Steffen
82 16 Andreas Steffen
Rule Name:                            VPN Suite B 256
83 5 Andreas Steffen
----------------------------------------------------------------------
84 5 Andreas Steffen
Enabled:                              Yes
85 5 Andreas Steffen
Profiles:                             Domain,Private,Public
86 5 Andreas Steffen
Type:                                 Static
87 5 Andreas Steffen
Mode:                                 Tunnel
88 11 Andreas Steffen
LocalTunnelEndpoint:                  10.10.0.6
89 5 Andreas Steffen
RemoteTunnelEndpoint:                 10.10.0.1
90 5 Andreas Steffen
Endpoint1:                            10.10.0.6/32
91 5 Andreas Steffen
Endpoint2:                            10.10.1.0/24
92 5 Andreas Steffen
Protocol:                             Any
93 5 Andreas Steffen
Action:                               RequireInRequireOut
94 11 Andreas Steffen
Auth1:                                ComputerCertECDSAP256
95 11 Andreas Steffen
Auth1ECDSAP256CAName:                 C=CH, O=strongSec GmbH, CN=strongSec 2007 CA
96 11 Andreas Steffen
Auth1ECDSAP256CertMapping:            No
97 11 Andreas Steffen
Auth1ECDSAP256ExcludeCAName:          No
98 11 Andreas Steffen
Auth1ECDSAP256CertType:               Root
99 1 Andreas Steffen
Auth1ECDSAP256HealthCert:             No
100 1 Andreas Steffen
MainModeSecMethods:                   ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
101 11 Andreas Steffen
QuickModeSecMethods:                  ESP:AESGCM128-AESGCM128+60min+100000kb,ESP:AESGCM192-AESGCM192+60min+100000kb,ESP:AESGCM256-AESGCM256+60min+100000kb
102 5 Andreas Steffen
ExemptIPsecProtectedConnections:      No
103 11 Andreas Steffen
ApplyAuthorization:                   No
104 1 Andreas Steffen
Ok.
105 1 Andreas Steffen
</pre>
106 5 Andreas Steffen
107 22 Andreas Steffen
h3. 2.2 strongSwan Connection Definition
108 16 Andreas Steffen
109 8 Andreas Steffen
On the strongSwan side the following entries are required in ipsec.conf for 128 bit security:
110 8 Andreas Steffen
111 1 Andreas Steffen
<pre>
112 17 Andreas Steffen
conn suiteB-256
113 17 Andreas Steffen
     leftcert=koala_ec256Cert.pem
114 17 Andreas Steffen
     rightid="C=CH, O=strongSec GmbH, OU=ECDSA-256, CN=bonsai.strongsec.com"
115 17 Andreas Steffen
     ike=aes128-sha256-ecp256!
116 17 Andreas Steffen
     esp=aes128gcm16!
117 17 Andreas Steffen
     also=suiteB
118 17 Andreas Steffen
     auto=add
119 17 Andreas Steffen
120 1 Andreas Steffen
conn suiteB
121 12 Andreas Steffen
     left=10.10.0.1
122 12 Andreas Steffen
     leftsubnet=10.10.1.0/24
123 17 Andreas Steffen
     leftid=@koala.strongsec.com
124 1 Andreas Steffen
     leftfirewall=yes
125 1 Andreas Steffen
     lefthostaccess=yes
126 1 Andreas Steffen
     right=10.10.0.6
127 1 Andreas Steffen
     rightca=%same
128 1 Andreas Steffen
     keyexchange=ikev1
129 10 Andreas Steffen
     pfs=no
130 12 Andreas Steffen
     dpdaction=clear
131 12 Andreas Steffen
     dpddelay=300s
132 12 Andreas Steffen
     rekey=no
133 10 Andreas Steffen
</pre>
134 1 Andreas Steffen
135 22 Andreas Steffen
h3. 2.3 Windows Security Association Monitoring
136 16 Andreas Steffen
137 1 Andreas Steffen
Pinging host 10.10.1.11 behind the Linux VPN gateway from the Windows host triggers the IKEv1 tunnel setup.
138 13 Andreas Steffen
The following Windows status information is available for the Main Mode:
139 1 Andreas Steffen
140 1 Andreas Steffen
!advfirewall_main_mode_128.png!
141 13 Andreas Steffen
142 13 Andreas Steffen
and the established Quick Mode:
143 1 Andreas Steffen
144 13 Andreas Steffen
!advfirewall_quick_mode_128.png!
145 13 Andreas Steffen
146 22 Andreas Steffen
h3. 2.4 strongSwan IPsec Status Information
147 1 Andreas Steffen
148 1 Andreas Steffen
Here the resulting status output on the Linux side:
149 1 Andreas Steffen
150 1 Andreas Steffen
<pre>
151 17 Andreas Steffen
root@koala:~# ipsec statusall suiteB-256
152 1 Andreas Steffen
153 1 Andreas Steffen
Status of IKEv1 pluto daemon (strongSwan 4.3.3):
154 17 Andreas Steffen
interface eth1/eth1 10.10.0.1:4500
155 17 Andreas Steffen
interface eth1/eth1 10.10.0.1:500
156 1 Andreas Steffen
loaded plugins: curl test-vectors aes des sha1 sha2 md5 gmp openssl pubkey random hmac 
157 1 Andreas Steffen
debug options: control
158 17 Andreas Steffen
159 17 Andreas Steffen
"suiteB-256": 10.10.1.0/24===10.10.0.1[@koala.strongsec.com]...10.10.0.6[C=CH, O=strongSec GmbH, OU=ECDSA-256, CN=bonsai.strongsec.com]; erouted; eroute owner: !#2
160 17 Andreas Steffen
"suiteB-256":   CAs: 'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'...'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'
161 17 Andreas Steffen
"suiteB-256":   ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
162 17 Andreas Steffen
"suiteB-256":   dpd_action: clear; dpd_delay: 300s; dpd_timeout: 150s;
163 17 Andreas Steffen
"suiteB-256":   policy: PUBKEY+ENCRYPT+TUNNEL+DONTREKEY; prio: 24,32; interface: eth1; 
164 17 Andreas Steffen
"suiteB-256":   newest ISAKMP SA: !#1; newest IPsec SA: !#2; 
165 17 Andreas Steffen
"suiteB-256":   IKE proposal: AES_CBC_128/HMAC_SHA2_256/ECP_256
166 17 Andreas Steffen
"suiteB-256":   ESP proposal: AES_GCM_16_128/AUTH_NONE/<N/A>
167 1 Andreas Steffen
 
168 17 Andreas Steffen
!#2: "suiteB-256" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3579s; newest IPSEC; eroute owner
169 17 Andreas Steffen
!#2: "suiteB-256" esp.aa4cf272@10.10.0.6 (180 bytes, 16s ago) esp.cdf37664@10.10.0.1 (240 bytes, 16s ago); tunnel
170 17 Andreas Steffen
!#1: "suiteB-256" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 28778s; newest ISAKMP
171 16 Andreas Steffen
172 16 Andreas Steffen
</pre>
173 22 Andreas Steffen
174 1 Andreas Steffen
h2. 3 Suite B with 192 Bit Security
175 16 Andreas Steffen
176 1 Andreas Steffen
h3. 3.1 Windows Connection Security Rule
177 1 Andreas Steffen
178 24 Andreas Steffen
We create a "VPN Suite B 384" security rule: As first authentication method we choose ECDSA-P384 and and select our Root CA:
179 1 Andreas Steffen
180 24 Andreas Steffen
!advfirewall_auth_method_ecdsa_384.png!
181 24 Andreas Steffen
182 24 Andreas Steffen
Also the connection endpoints (traffic selectors) as well as the local and remote IP address of the VPN connection must be defined:
183 24 Andreas Steffen
184 18 Andreas Steffen
!advfirewall_security_rule_384.png!
185 18 Andreas Steffen
186 18 Andreas Steffen
The following command sets the IKEv1 Quick Mode algorithms in the rule "VPN Suite B 384":
187 1 Andreas Steffen
188 1 Andreas Steffen
<pre>
189 18 Andreas Steffen
netsh advfirewall consec set rule name="VPN Suite B 384" new qmsecmethods=esp:aesgcm128-aesgcm128,esp:aesgcm192-aesgcm192,esp:aesgcm256-aesgcm256
190 18 Andreas Steffen
</pre>
191 1 Andreas Steffen
192 24 Andreas Steffen
These Suite B Quick Mode parameters cannot be set via the graphical advanced firewall interface. The resulting current rule settings are shown with the following command:
193 18 Andreas Steffen
194 18 Andreas Steffen
<pre>
195 18 Andreas Steffen
netsh advfirewall consec show rule name="VPN Suite B 384"
196 18 Andreas Steffen
197 16 Andreas Steffen
Rule Name:                            VPN Suite B 384
198 16 Andreas Steffen
----------------------------------------------------------------------
199 16 Andreas Steffen
Enabled:                              Yes
200 16 Andreas Steffen
Profiles:                             Domain,Private,Public
201 16 Andreas Steffen
Type:                                 Static
202 16 Andreas Steffen
Mode:                                 Tunnel
203 16 Andreas Steffen
LocalTunnelEndpoint:                  10.10.0.6
204 16 Andreas Steffen
RemoteTunnelEndpoint:                 10.10.0.1
205 16 Andreas Steffen
Endpoint1:                            10.10.0.6/32
206 16 Andreas Steffen
Endpoint2:                            10.10.1.0/24
207 16 Andreas Steffen
Protocol:                             Any
208 16 Andreas Steffen
Action:                               RequireInRequireOut
209 16 Andreas Steffen
Auth1:                                ComputerCertECDSAP384
210 16 Andreas Steffen
Auth1ECDSAP384CAName:                 C=CH, O=strongSec GmbH, CN=strongSec 2007 CA
211 16 Andreas Steffen
Auth1ECDSAP384CertMapping:            No
212 16 Andreas Steffen
Auth1ECDSAP384ExcludeCAName:          No
213 16 Andreas Steffen
Auth1ECDSAP384CertType:               Root
214 16 Andreas Steffen
Auth1ECDSAP384HealthCert:             No
215 16 Andreas Steffen
MainModeSecMethods:                   ECDHP256-AES128-SHA256,ECDHP384-AES192-SHA384,DHGroup14-AES128-SHA1
216 16 Andreas Steffen
QuickModeSecMethods:                  ESP:AESGCM128-AESGCM128+60min+100000kb,ESP:AESGCM192-AESGCM192+60min+100000kb,ESP:AESGCM256-AESGCM256+60min+100000kb
217 16 Andreas Steffen
ExemptIPsecProtectedConnections:      No
218 16 Andreas Steffen
ApplyAuthorization:                   No
219 1 Andreas Steffen
Ok.
220 19 Andreas Steffen
</pre>
221 19 Andreas Steffen
222 22 Andreas Steffen
h3. 3.2 strongSwan Connection Definition
223 19 Andreas Steffen
224 19 Andreas Steffen
On the strongSwan side the following entries are required in ipsec.conf for 192 bit security:
225 19 Andreas Steffen
226 19 Andreas Steffen
<pre>
227 19 Andreas Steffen
conn suiteB-384
228 19 Andreas Steffen
     leftcert=koala_ec384Cert.pem
229 19 Andreas Steffen
     rightid="C=CH, O=strongSec GmbH, OU=ECDSA-384, CN=bonsai.strongsec.com"
230 19 Andreas Steffen
     ike=aes192-sha384-ecp384!
231 19 Andreas Steffen
     esp=aes192gcm16!
232 19 Andreas Steffen
     also=suiteB
233 19 Andreas Steffen
     auto=add
234 25 Andreas Steffen
235 25 Andreas Steffen
conn suiteB
236 25 Andreas Steffen
     left=10.10.0.1
237 25 Andreas Steffen
     leftsubnet=10.10.1.0/24
238 25 Andreas Steffen
     leftid=@koala.strongsec.com
239 25 Andreas Steffen
     leftfirewall=yes
240 25 Andreas Steffen
     lefthostaccess=yes
241 25 Andreas Steffen
     right=10.10.0.6
242 25 Andreas Steffen
     rightca=%same
243 25 Andreas Steffen
     keyexchange=ikev1
244 25 Andreas Steffen
     pfs=no
245 25 Andreas Steffen
     dpdaction=clear
246 25 Andreas Steffen
     dpddelay=300s
247 25 Andreas Steffen
     rekey=no
248 16 Andreas Steffen
</pre>
249 16 Andreas Steffen
250 22 Andreas Steffen
h3. 3.3 Windows Security Association Monitoring
251 1 Andreas Steffen
252 18 Andreas Steffen
Pinging host 10.10.1.11 behind the Linux VPN gateway from the Windows host triggers the IKEv1 tunnel setup.
253 18 Andreas Steffen
The following Windows status information is available for the Main Mode:
254 1 Andreas Steffen
255 18 Andreas Steffen
!advfirewall_main_mode_192.png!
256 18 Andreas Steffen
257 18 Andreas Steffen
and the established Quick Mode:
258 18 Andreas Steffen
259 18 Andreas Steffen
!advfirewall_quick_mode_192.png!
260 18 Andreas Steffen
261 22 Andreas Steffen
h3. 3.4 strongSwan IPsec Status Information
262 18 Andreas Steffen
263 1 Andreas Steffen
Here the resulting status output on the Linux side:
264 18 Andreas Steffen
265 18 Andreas Steffen
<pre>
266 18 Andreas Steffen
root@koala:~# ipsec statusall suiteB-384
267 18 Andreas Steffen
268 18 Andreas Steffen
Status of IKEv1 pluto daemon (strongSwan 4.3.3):
269 18 Andreas Steffen
interface eth1/eth1 10.10.0.1:4500
270 18 Andreas Steffen
interface eth1/eth1 10.10.0.1:500
271 18 Andreas Steffen
loaded plugins: curl test-vectors aes des sha1 sha2 md5 gmp openssl pubkey random hmac 
272 18 Andreas Steffen
debug options: control
273 18 Andreas Steffen
274 18 Andreas Steffen
"suiteB-384": 10.10.1.0/24===10.10.0.1[@koala.strongsec.com]...10.10.0.6[C=CH, O=strongSec GmbH, OU=ECDSA-384, CN=bonsai.strongsec.com]; erouted; eroute owner: !#6
275 18 Andreas Steffen
"suiteB-384":   CAs: 'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'...'C=CH, O=strongSec GmbH, CN=strongSec 2007 CA'
276 18 Andreas Steffen
"suiteB-384":   ike_life: 10800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
277 18 Andreas Steffen
"suiteB-384":   dpd_action: clear; dpd_delay: 300s; dpd_timeout: 150s;
278 18 Andreas Steffen
"suiteB-384":   policy: PUBKEY+ENCRYPT+TUNNEL+DONTREKEY; prio: 24,32; interface: eth1; 
279 18 Andreas Steffen
"suiteB-384":   newest ISAKMP SA: !#5; newest IPsec SA: !#6; 
280 18 Andreas Steffen
"suiteB-384":   IKE proposal: AES_CBC_192/HMAC_SHA2_384/ECP_384
281 18 Andreas Steffen
"suiteB-384":   ESP proposal: AES_GCM_16_192/AUTH_NONE/<N/A>
282 18 Andreas Steffen
283 18 Andreas Steffen
!#6: "suiteB-384" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3591s; newest IPSEC; eroute owner
284 18 Andreas Steffen
!#6: "suiteB-384" esp.f54365c2@10.10.0.6 (180 bytes, 4s ago) esp.9f80bd7e@10.10.0.1 (240 bytes, 4s ago); tunnel
285 18 Andreas Steffen
!#5: "suiteB-384" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 28790s; newest ISAKMP
286 26 Andreas Steffen
287 18 Andreas Steffen
</pre>