French version available on the site.
ESP and AH protocols, transport and tunnel modes.
IPSec proposes two protocols: ESP and AH. ESP provides confidentiality and authentication of exchanges (encryption), AH provides only authentication (signature).
IPSec proposes also two modes: transport and tunnel. Transport mode modifies the IP header. Tunnel mode encapsulates the whole IP packet in a new IP packet.
The choice between these modes and protocols impacts security proprieties:
AH:
(picture from ciscopress [26])
AH + transport
With transport mode, the source IP address is kept and authenticated. It can't be modified by a router: NAT translation is not possible.AH + tunnel
With tunnel mode, IP addresses of the gateway and source are authenticated. The tunnel mode does not allow to hide IP address of the local network. NAT addresses translation is possible.ESP:
(picture from ciscopress [26])
ESP + transport
With transport mode, the source IP address is not signed. Only datas are authenticated. The routing of packets is possible. That allows NAT addresses translation.ESP + tunnel
With tunnel mode, the source IP address is encrypted with datas. Only destination can know it.As with transport mode, the new IP header is not authenticated, which allows NAT addresses translation.SA and SPD
A security association (SA) is a secured commuication, protected with IPSEC, between two machines.The database which defines the security policy (SPD) holds rules for sending and receiving IP packets.
Have a look to ipframe.com [28] for more informations about SA and SPD.
Ipsec-tools
Ipsec-tools in Linux include [29]:libipsec: encryption library,
setkey: set of tools to manipulate and list SPD and SA,
Remark: racoon, the Internet Key Exchange (IKE) daemon, used to negotiate automatically IPSEC connexion keys, is not installed by default.
secure connexion with manual key management
First, install ipsec-tools on serveur and client Linuxserveur$ sudo apt-get install ipsec-toolsModify rights of /etc/ipsec-tools.conf
client_linux$ sudo apt-get install ipsec-tools
serveur$ sudo chmod 750 /etc/ipsec-tools.confedit /etc/ipsec-tools.conf of each machine:
client-linux$ sudo chmod 750 /etc/ipsec-tools.conf
serveur$ sudo cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
flush;
spdflush;
## AH security association (SA)
add 192.168.0.2 192.168.0.11 ah 10000 -A hmac-md5 "1234567890123456";
add 192.168.0.2 192.168.0.11 esp 10001 -E 3des-cbc "123456789012345678901234";
add 192.168.0.11 192.168.0.2 ah 20000 -A hmac-md5 "1234567890123456";
add 192.168.0.11 192.168.0.2 esp 20001 -E 3des-cbc "123456789012345678901234";
## security policy
spdadd 192.168.0.2 192.168.0.11 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.11 192.168.0.2 any -P in ipsec esp/transport//require ah/transport//require;
client_linux$ sudo cat /etc/ipsec-tools.confStart the daemon (it will be started at each boot).
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
flush;
spdflush;
## AH security association (SA)
add 192.168.0.2 192.168.0.11 ah 10000 -A hmac-md5 "1234567890123456";
add 192.168.0.2 192.168.0.11 esp 10001 -E 3des-cbc "123456789012345678901234";
add 192.168.0.11 192.168.0.2 ah 20000 -A hmac-md5 "1234567890123456";
add 192.168.0.11 192.168.0.2 esp 20001 -E 3des-cbc "123456789012345678901234";
spdadd 192.168.0.11 192.168.0.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.2 192.168.0.11 any -P in ipsec esp/transport//require ah/transport//require;
serveur$ sudo /etc/init.d/setkey startNow, start Wireshark in intrus, and ping:
client-linux$ sudo /etc/init.d/setkey start
client-linux$ ping 192.168.0.2
intrus$ sudo wireshark
this method has disadvantages: keys are static and hardcoded in the configuration file.
secure connexion with automatic key management
IPSec can implements Internet Key Exchange (IKE) [31] protocol to avoid hard coded keys. This protocol has two steps:phase1: first key generation. Either with :
- shared secret mode: from a shared secret, with a Diffie-Hellman exchange,
- asymmetric encryption mode:with a public keys cryptosystem,
- signature mode: the asymmetric encryption is used to sign and authenticate hosts, the shared secret is defined with Diffie Hellman.
Phase 2: creation of IPSec tunnel.
shared secret mode
racoon
Install racoon (chose "modification directe")serveur$ sudo apt-get install racoonWithout already defined SA, the Setkey daemon will use Racoon. Modify /etc/ipsec-tools.conf on both machines as follow:
client-linux$ sudo apt-get install racoon
serveur$ sudo cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
flush;
spdflush;
## security policy
spdadd 192.168.0.2 192.168.0.11 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.11 192.168.0.2 any -P in ipsec esp/transport//require ah/transport//require;
client_linux$ sudo cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
## Flush the SAD and SPD
flush;
spdflush;
## security policy
spdadd 192.168.0.11 192.168.0.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.0.2 192.168.0.11 any -P in ipsec esp/transport//require ah/transport//require;
racoon.conf
Modify /etc/racoon/racoon.conf on both machines:client_linux$ sudo cat /etc/racoon/racoon.confserveur$ sudo cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous
{
exchange_mode main;
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024 ;
}
}
sainfo anonymous
{
pfs_group modp1024;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate ;
}
(..idem...)Remark: if configuration files are different on the two machines, the IP exchange could fail or could not be started from one of them. For example if "blowfish 448" or "rijndael" are missing on client_linux.
Use racoon.conf documentation [30] to clarify:
The configuration file is divided in three parts:
- First on gives a path to the file which holds the shared secret.
path pre_shared_key "/etc/racoon/psk.txt";
- Second one (remote) defines IKE protocol phase One parameters.
These rules apply to all machines:
remote anonymousthe exchange mode of this phase will deny "aggressive" mode (cf vulnerability [32])
exchange_mode main;Exchange will last one day
lifetime time 24 hour;the only modes allowed will be 3des, sha1, shared secret mode, with a Diffie-Hellman modulus of 1024.
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024 ;
}
- Third one (sainfo) defines the parameters of IKE second phase. These parameters will jointly use the security policy defind in the SPD of the kernel.
These rules are for any machine:
sainfo anonymousDiffie-Hellman modulus is 1024
pfs_group modp1024;the exchange will last maximum 12 hours
lifetime time 12 hour;the encryption algorithm allowed are 3des, blowfish 448 or rijnael
encryption_algorithm 3des, blowfish 448, rijndael ;signature algorithms are hmac_sha1 or hmac_md5
authentication_algorithm hmac_sha1, hmac_md5;compression algorithm is deflate
compression_algorithm deflate ;
preshared key psk.txt
Verify rights of /etc/racoon/psk.txt on both machinesserveur$ sudo chmod 750 /etc/racoon/psk.txtModify psk.txt on both machines as follow (tabulation between IP and secret):
client_linux$ sudo chmod 750 /etc/racoon/psk.txt
serveur$ sudo cat /etc/racoon/psk.txt
# IPv4/v6 addresses
192.168.0.11 secretpartage
client_linux$ sudo cat /etc/racoon/psk.txt
# IPv4/v6 addresses
192.168.0.2 secretpartage
restart daemons
restart racoon and setkey daemonsserveur$ sudo /etc/init.d/racoon restart
serveur$ sudo /etc/init.d/setkey restart
client_linux$ sudo /etc/init.d/racoon restart
client_linux$ sudo /etc/init.d/setkey restart
test
client_linux$ sudo wireshark
serveur$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.823 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 1 received, 66% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.823/0.823/0.823/0.000 ms
This automatic key management method with shared secret allows the generation of session keys. The secret does not travel through the network. Nevertheless, the secret is hardcoded and not encrypted on both machines.
asymmetric encryption mode
With this mode, we use X509 certificates during phase 1 of IKE protocol.Remark: if you don't want to rub you right away with openssl, the foolowing keys can be download there . Then, jump to next paragraph "install keys in Racoon".
generate keys with openSSL
install openSSL on serveurserveur$ sudo apt-get install opensslcreate directory for public keys, and another for private keys
serveur$ sudo mkdir /etc/caControl rights of private directory
serveur$ sudo mkdir /etc/ca/private
serveur$ sudo chmod 750 /etc/ca/privatego to /etc/ca and generate a pair of keys. Chose "utilisateur" as password for encryption of private key.
serveur$ cd /etc/ca
serveur:/etc/ca$ sudo openssl req -new -x509 -days 365 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem
copy private key in /etc/ca/private, and modify access rights
serveur:/etc/ca$ sudo mv /etc/ca/cakey.pem /etc/ca/privatecreate index.txt to log each signed certificate
serveur:/etc/ca$ sudo chmod 600 /etc/ca/private/cakey.pem
serveur:/etc/ca$ sudo touch index.txtcreate a file serial to hold next serial number X509 series available
serveur:/etc/ca$ sudo touch serialcreate a directory /etc/ca/newcerts where you'll put a copy of each certficate signed by CA
serveur:/etc/ca$ sudo vi serial
01
:wq
serveur:/etc/ca$ sudo mkdir newcertsmodify configuration file of openssl
serveur$ sudo vim /usr/lib/ssl/openssl.cnfcreate a certificate signing request for each machine
(...)
[ CA default ]
dir = .
(...)
commonName = optional
(...)
serveur:/etc/ca$ sudo openssl req -new -days 365 -newkey rsa:1024 -keyout clientlinuxkey.pem -out clientlinuxreq.pemsign each CSR
serveur:/etc/ca$ sudo openssl req -new -days 365 -newkey rsa:1024 -keyout serveurkey.pem -out serveurreq.pem
serveur:/etc/ca$ sudo openssl ca -in clientlinuxreq.pem -out clientlinuxcert.pem
serveur:/etc/ca$ sudo openssl ca -in serveurreq.pem -out serveurcert.pem
delete private keys password
serveur:/etc/ca$ sudo openssl rsa -in clientlinuxkey.pem -out clientlinuxkey.pem
serveur:/etc/ca$ sudo openssl rsa -in serveurkey.pem -out serveurkey.pem
install keys in racoon
copy public key, private key, CA in directory /etc/racoon/certs of each machineserveur:/etc/ca$ sudo mkdir /etc/racoon/certsUse gftp to send keys to client_linux
serveur:/etc/ca$ sudo cp serveurkey.pem /etc/racoon/certs/
serveur:/etc/ca$ sudo cp serveurcert.pem /etc/racoon/certs/
serveur:/etc/ca$ sudo cp cacert.pem /etc/racoon/certs/
client_linux$ sudo apt-get install gftp
client_linux$ sudo mkdir /etc/racoon/certs
client_linux$ sudo gftp
private key must stay safe:
serveur$ sudo chmod 600 /etc/racoon/certs/serveurkey.pemModify file /etc/racoon/racoon.conf of both machine
client_linux$sudo chmod 600 /etc/racoon/certs/clientlinuxkey.pem
serveur$ sudo cat /etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
#remote anonymous
#{
# exchange_mode main;
# proposal {
# encryption_algorithm 3des;
# hash_algorithm sha1;
# authentication_method pre_shared_key;
# dh_group modp1024 ;
# }
# generate_policy off;
#}
remote 192.168.0.11
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
verify_identifier on;
certificate_type x509 "serveurcert.pem" "serveurkey.pem";
ca_type x509 "cacert.pem";
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024;
}
}
sainfo anonymous
{
pfs_group modp1024;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate ;
}
client_linux$ sudo cat /etc/racoon/racoon.confEvery inputs of these files are well explained in man of racoon.conf [30].
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
#remote anonymous
#{
# exchange_mode main;
# proposal {
# encryption_algorithm 3des;
# hash_algorithm sha1;
# authentication_method pre_shared_key;
# dh_group modp1024 ;
# }
# generate_policy off;
#}
remote 192.168.0.2
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;
verify_identifier on;
certificate_type x509 "clientlinuxcert.pem" "clientlinuxkey.pem";
ca_type x509 "cacert.pem";
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024;
}
}
sainfo anonymous
{
pfs_group modp1024;
lifetime time 12 hour;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate ;
}
restart daemons
restart daemons racoon and setkeyserveur$ sudo /etc/init.d/racoon restart
serveur$ sudo /etc/init.d/setkey restart
client_linux$ sudo /etc/init.d/racoon restart
client_linux$ sudo /etc/init.d/setkey restart
test
intrus$ sudo wireshark
client_linux$ ping 192.168.0.2
$ ping 192.168.0.2
PING 192.168.0.2 (192.168.0.2) 56(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=3 ttl=64 time=0.820 ms
^C
--- 192.168.0.2 ping statistics ---
3 packets transmitted, 1 received, 66% packet loss, time 2019ms
rtt min/avg/max/mdev = 0.820/0.820/0.820/0.000 ms
References
26) IPSEC - http://www.ciscopress.com/articles/article.asp?p=2547727) IPSEC How-To - https://help.ubuntu.com/community/IPSecHowTo
28) IPSEC - http://www.frameip.com/ipsec/
29) ipsec-tools - http://ipsec-tools.sourceforge.net/
30) doc racoon.conf - http://netbsd.gw.com/cgi-bin/man-cgi?racoon.conf
31) protocole IKE - http://sylvestre.ledru.info/howto/securite/tunnels_et_vpn/node29.html
32) IKE agressive mode vulnerability - http://www.kb.cert.org/vuls/id/886601
Aucun commentaire:
Enregistrer un commentaire