How to setup IPsec interoperable for Linux, OpenBSD and Kame/*BSD

Copyright 2000 - 2003 by Hans-Jörg Höxer
This document is always under construction and the information is partly untested and might be completely wrong.
Consider yourself warned.

Preface

This HOWTO is Copyrighted 2000 - 2003 by Hans-Jörg Höxer. It can be distributed freely. It cannot be modified. If you have any kind of suggestion, please send me an email (I will update the document if the suggestion proceeds). No liability for the contents of this document can be accepted. I have no responsability about the consequences of following the steps provided in this document. If you have questions, please contact me at Hans-Joerg.Hoexer@yerbouti.franken.de.

Content

  • Introduction
  • General Configuration
  • The sample Network
  • OpenBSD
  • GNU/Linux
  • Kame/NetBSD 1.6.1
  • Windows2000 (gateway)
  • WindowsME with PGPNet (road warrior)
  • Links
  • Summary

    Introduction

    It is the aim of this document to give some examples for setting up IPsec between different operating systems. Tested platforms were OpenBSD 3.3, GNU/Linux using Super-FreeS/WAN 1.99_kb4, Kame/NetBSD 1.6.1, Windows 2000 and PGPNet on WindowsME.

    FreeBSD was not tested, but configuration should be similar to NetBSD as both use Kame IPv6 and IPsec. The IPsec implementation of the upcoming Linux 2.6 release provides a Kame compatible userland-interface, so the here provided examples for NetBSD should be suitable as well.

    Given configuration files will be minimal and focused on an interoperable setup. Therefor a very simple LAN of severel boxes is used and only host-to-host connections will be covered.

    Extending the following examples to reallife VPN configurations, e.g. host-to-network or network-to-network, will not affect the basic setup concerning interoperability.

    UP

    General Configuration

    In the following examples all IPsec clients and gateways use the following main mode configuration:

  • 3DES encryption
  • SHA and MD5 hmacs
  • RSA-based authentication using X509 certificates
  • MODP 1024 for Diffie-Hellman exponentiations
  • 3600 seconds lifetime for IKE security associations

    These quick mode parameters are used:

  • tunnel mode
  • AES encryption
  • SHA and MD5 hmacs
  • perfect forward secrecy using MODP 1024
  • 600 secondes lifetime for IPsec security associations

    For all systems I present configuration for two typical applications:

  • VPN gateway with tunnels to other gateways and anonymous tunnels for road warriors.
  • Road warrior machine connecting to its home gateway.

    We will use X509 certificates to authenticate the quick mode exchanges. Therefore we need the following items:

  • The certificate of the certification authority (CA) which signes our client certificates.
  • For each machine (gateways and clients) one client certificate signed by the CA.
  • For each certificate the corresponding private key.

    In the examples, the file cacert.pem contains the PEM-encoded CA certificate. The certificates of the gateways and clients are called fqdn.pem and the private key fqdn.priv. By the way, make sure to set the permission of the privte keys to 0400.

    How these certificates and keys are generated is described in this document.

    UP

    The sample Network

    The sample network consists of the following machines (some of them are actually VMware guests):

  • openbsd1.as10.net (192.168.3.19, OpenBSD 3.3), gateway for the private network 192.168.233.0/24
  • linux1.as10.net (192.168.3.11, Debian GNU/Linux unstable with Super-FreeS/WAN 1.99_kb4), gateway for the private network 172.16.235.0/24
  • netbsd1.as10.net (192.168.3.21, NetBSD 1.6.1), gateway for the private network 172.16.89.0/24
  • win2000.as10.net (192.168.3.64, Windows2000), no private network attached
  • roadwarrior[1234].as10.net (192.168.3.X (dynamic address), running WinMe with PGPNet, OpenBSD 3.3, Debian GNU/Linux with Super-FreeS/WAN and NetBSD 1.6.1)

    Openbsd1, linux1, netbsd1 and win2000 are gateways and are connected to each other using an IPsec tunnel. The roadwarrior[1234].as10.net machines obtain arbitrary dynamic IP adresses and also connect to the gateways using IPsec tunnels.

    UP

    OpenBSD 3.3

    The ISAKMP/IKE-daemon of OpenBSD ist called isakmpd and all necessary configuration files are located in /etc/isakmpd:
       # ls /etc/isakmpd
       ca/             crls/           isakmpd.policy  private/
       certs/          isakmpd.conf    keynote/
       
    The CA certificate is stored in ca/, the machines certificate in certs/ and the private key in private/:
       # ls -l ca/ certs/ private/
       ca/:
       total 4
       -r--r--r--  1 root  wheel  1379 Jun 16 21:21 cacert.pem
    
       certs/:
       total 10
       -r--r--r--  1 root  wheel  4312 Jun 16 21:21 openbsd1.as10.net.pem
    
       private/:
       total 4
       -r--------  1 root  wheel  1679 Jun 16 21:21 openbsd1.as10.net.priv
       
    Note the permissions for the private key!

    There are two configuration files for isakmpd: isakmpd.conf and isakmpd.policy. isakmpd.conf is the main configuartion file and isakmpd.policy defines rules for authenticating quick mode exchanges.

       # Incoming phase 1 negotiations are multiplexed on the source IP address
       [Phase 1]
       Default=	ISAKMP-peer-void
    
       # These connections are walked over after config file parsing and told
       # to the application layer so that it will inform us when traffic wants to
       # pass over them.  This means we can do on-demand keying.
       [Phase 2]
       Connections=IPsec-openbsd1-gate
    
       # The peers
       [ISAKMP-peer-void]
       Phase=		1
       Transport=		udp
       Local-address=	192.168.3.19
       Configuration=	Default-main-mode
       ID=			openbsd1-ID
    
       [ISAKMP-peer-linux1]
       Phase=		1
       Transport=		udp
       Local-address=	192.168.3.19
       Address=		192.168.3.11
       Configuration=	Default-main-mode
       ID=			openbsd1-ID
       Remote-ID=		gate-ID
    
       [ISAKMP-peer-netbsd1]
       Phase=		1
       Transport=		udp
       Local-address=	192.168.3.19
       Address=		192.168.3.21
       Configuration=	Default-main-mode
       ID=			openbsd1-ID
       Remote-ID=		netbsd1-ID
    
       [ISAKMP-peer-win2000]
       Phase=		1
       Transport=		udp
       Local-address=	192.168.3.19
       Address=		192.168.3.64
       Configuration=	Default-main-mode
       ID=			openbsd1-ID
       Remote-ID=		win2000-ID
    
       [openbsd1-ID]
       ID-type=		FQDN
       Name=		openbsd1.as10.net
    
       [linux1-ID]
       ID-type=		FQDN
       Name=		linux1.as10.net
    
       [netbsd1-ID]
       ID-type=		FQDN
       Name=		netbsd1.as10.net
    
       [win2000-ID]
       ID-type=		FQDN
       Name=		win2000.as10.net
    
       # The connections
       [IPsec-openbsd1-void]
       Phase=		2
       Configuration=	Default-quick-mode
       Local-ID=		Net-default
       Remote-ID=		Net-remote
    
       [IPsec-openbsd1-linux1]
       Phase=		2
       ISAKMP-peer=		ISAKMP-peer-gate
       Configuration=	Default-quick-mode
       Local-ID=		Host-openbsd1
       Remote-ID=		Host-linux1
    
       [IPsec-openbsd1-netbsd1]
       Phase=		2
       ISAKMP-peer=		ISAKMP-peer-gate
       Configuration=	Default-quick-mode
       Local-ID=		Host-openbsd1
       Remote-ID=		Host-netbsd1
    
       [IPsec-openbsd1-win2000]
       Phase=		2
       ISAKMP-peer=		ISAKMP-peer-gate
       Configuration=	Default-quick-mode
       Local-ID=		Host-openbsd1
       Remote-ID=		Host-win2000
    
       # The networks
       [Net-default]
       ID-type=	IPV4_ADDR
       Address=	0.0.0.0
    
       [Net-remote]
       ID-type=	IPV4_ADDR
       Address=	0.0.0.0
    
       [Host-openbsd1]
       ID-type=	IPV4_ADDR
       Address=	192.168.3.19
    
       [Host-linux1]
       ID-type=	IPV4_ADDR
       Address=	192.168.3.11
    
       [Host-netbsd1]
       ID-type=	IPV4_ADDR
       Address=	192.168.3.21
    
       [Host-win2000]
       ID-type=	IPV4_ADDR
       Address=	192.168.3.64
    
       # Main mode descriptions
       [Default-main-mode]
       EXCHANGE_TYPE=	ID_PROT
       Transforms=		3DES-SHA,3DES-MD5
    
       # Quick mode descriptions
       [Default-quick-mode]
       EXCHANGE_TYPE=	QUICK_MODE
       Suites=		QM-ESP-AES-SHA-PFS-SUITE,QM-ESP-AES-SHA-PFS-SUITE
    
       # #####################################################################
    
       [General]
       Policy-File=		/etc/isakmpd/isakmpd.policy
       Retransmits=		3
       Exchange-max-time=	120
       Listen-on=		192.168.3.19
       Renegotiate-on-HUP=  yes
    
       # KeyNote credential storage
       [KeyNote]
       Credential-directory=/etc/isakmpd/keynote/
    
       # Certificates stored in PEM format
       [X509-certificates]
       CA-directory=	/etc/isakmpd/ca/
       Cert-directory=	/etc/isakmpd/certs/
       Private-key=		/etc/isakmpd/private/openbsd1.as10.net.priv
    
       # Main mode transforms
       ######################
    
       # 3DES
       [3DES-SHA]
       ENCRYPTION_ALGORITHM=   3DES_CBC
       HASH_ALGORITHM=         SHA
       AUTHENTICATION_METHOD=  RSA_SIG
       GROUP_DESCRIPTION=      MODP_1024
       Life=                   LIFE_3600_SECS
    
       [3DES-MD5]
       ENCRYPTION_ALGORITHM=   3DES_CBC
       HASH_ALGORITHM=         MD5
       AUTHENTICATION_METHOD=  RSA_SIG
       GROUP_DESCRIPTION=      MODP_1024
       Life=                   LIFE_3600_SECS
    
       # Quick mode protection suites
       ##############################
    
       # AES
       [QM-ESP-AES-SHA-PFS-SUITE]
       Protocols=              QM-ESP-AES-SHA-PFS
    
       [QM-ESP-AES-MD5-PFS-SUITE]
       Protocols=              QM-ESP-AES-MD5-PFS
    
       # Quick mode protocols
       ######################
    
       # AES
       [QM-ESP-AES-SHA-PFS]
       PROTOCOL_ID=            IPSEC_ESP
       Transforms=             QM-ESP-AES-SHA-PFS-XF
    
       [QM-ESP-AES-MD5-PFS]
       PROTOCOL_ID=            IPSEC_ESP
       Transforms=             QM-ESP-AES-MD5-PFS-XF
    
       # Quick mode transforms
       #######################
    
       # AES
       [QM-ESP-AES-SHA-PFS-XF]
       TRANSFORM_ID=            AES
       ENCAPSULATION_MODE=      TUNNEL
       AUTHENTICATION_ALGORITHM=HMAC_SHA
       GROUP_DESCRIPTION=       MODP_1024
       Life=                    LIFE_600_SECS
    
       [QM-ESP-AES-SHA-MD5-XF]
       TRANSFORM_ID=            AES
       ENCAPSULATION_MODE=      TUNNEL
       AUTHENTICATION_ALGORITHM=HMAC_MD5
       GROUP_DESCRIPTION=       MODP_1024
       Life=                    LIFE_600_SECS
    
       # Lifetimes
       ###########
    
       [LIFE_600_SECS]
       LIFE_TYPE=              SECONDS
       LIFE_DURATION=          600,450:720
    
       [LIFE_3600_SECS]
       LIFE_TYPE=              SECONDS
       LIFE_DURATION=          3600,1800:7200
       
       

    UP

    GNU/Linux

    /etc/ipsec.conf
       # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
    
       # basic configuration
       config setup
    	   interfaces=%defaultroute
    	   klipsdebug=none
    	   plutodebug=none
    	   plutoload=%search
    	   plutostart=%search
    	   uniqueids=yes
    
       # defaults for subsequent connection descriptions
       conn %default
    	   keyingtries=0
    	   ikelifetime=1h
    	   rekeymargin=2m
    	   keylife=10m
    	   disablearrivalcheck=no
    	   esp=aes128-sha1
    	   authby=rsasig
    	   left=192.168.3.11
    	   leftnexthop=%defaultroute
    	   leftcert=linux1.as10.net.pem
    	   leftid=@linux1.as10.net
    	   rightrsasigkey=%cert
    	   auto=start
    
       conn linux1-void
    	   auto=add
    	   right=@any
    
       conn linux1-openbsd1
    	   auto=start
    	   right=192.168.3.19
    	   rightid=@openbsd1.as10.net
    
       conn linux1-netbsd1
    	   auto=start
    	   right=192.168.3.21
    	   rightid=@netbsd1.as10.net
    
       conn linux1-win2000
    	   auto=start
    	   right=192.168.3.64
    	   rightid=@win2000.as10.net
       
    /etc/ipsec.secrets
       : RSA linux1.as10.net.priv
       
    Files in /etc
       # ls /etc/ipsec.d
       cacerts/  crls/  linux1.as10.net.pem  private/
    
       # ls /etc/ipsec.d/cacerts
       cacert.pem
    
       # ls -l /etc/ipsec.d/private/
       total 4
       -r--------    1 root     root         1679 Jun 22 20:26 linux1.as10.net.priv
       

    UP

    Kame/NetBSD 1.6.1

    The stock NetBSD kernel has no IPsec enabled. Therefore you have to compile your own kernel (for details see the NetBSD Kernel FAQ). Uncomment these lines in the configuration file for the generic kernel (/usr/src/sys/arch/i386/conf/GENERIC):
       options 	IPSEC		# IP security
       options 	IPSEC_ESP	# IP security (encryption part; define w/IPSEC)
       
    Then recompile and after a reboot IPsec is enabled.

    With NetBSD/KAME the IPsec SAs are configured using the setkey (8) command. As soon as some IP packets are bound to use these SAs, the ISAKMP/IKE daemon called racoon (8) is notified and the keys for IPsec SAs are negotiated.

    To install IPsec SAs and start the racoon (8) automatically on system startup add these to lines to /etc/rc.conf:

       # tail -2 /etc/rc.conf
       ipsec=yes
       racoon=YES
       
    The file /etc/ipsec.conf contains the arguments for setkey (8):
       # netbsd1.as10.net - openbsd1.as10.net
       spdadd 172.16.89.0/24 192.168.233.0/24 any -P out ipsec
    	   esp/tunnel/192.168.3.21-192.168.3.19/require;
       spdadd 192.168.233.0/24 172.16.89.0/24 any -P in  ipsec
    	   esp/tunnel/192.168.3.19-192.168.3.21/require;
    
       # netbsd1.as10.net - linux1.as10.net
       spdadd 172.16.89.0/24 172.16.235.0/24 any -P out ipsec
    	   esp/tunnel/192.168.3.21-192.168.3.11/require;
       spdadd 172.16.235.0/24 172.16.89.0/24 any -P in  ipsec
    	   esp/tunnel/192.168.3.11-192.168.3.21/require;
       
    As IPsec SAs are unidirectional we have to define two SAs for each tunnel: One outgoing and one incoming SA. spdadd adds a new SA to the kernel.

    Let's have a closer look on the tunnel between netbsd1 and openbsd1: The first two arguments for spdadd are the source and destination addresses of IP datagrams which shall use this SA. The private networks attached to netbsd1 and openbsd1 are 172.16.89.0/24 and 192.168.233.0/24 respectively. Thus on netbsd1 the source address for the outgoing SA is 172.16.89.0/24 and the destination address is 192.168.233.0/24. The third argument "any" tells the kernel to send any protocol type through this SA. For example we could say "tcp" to send only TCP segments through this SA.

    With "-P" we define the policy for this SA: "out ipsec" tells the kernel that this is an outgoing SA and "in ipsec" an incoming SA. The last -- rather long argument -- describes the IPsec protocol to be applied for this policy. For the outgoing SA this is ESP in tunnel mode between netbsd1 and openbsd1. The "require" keyword tells the kernel to drop any packet, which matches this SA but is not protected by IPsec. This is important! If we would use the keyword "use", the kernel would also accept non-protected packets. For our VPN-scenario this is not acceptable.

    Before we can use racoon (8) we have to prepare our certificates and the private key. All these items are stored in the directory /etc/openssl/certs:

       # ls /etc/openssl
       certs/   misc/    private/
    
       # ls -l /etc/openssl/certs
       total 9
       lrwxr-xr-x  1 root  wheel    10 Aug 13 01:38 938565a9.0 -> cacert.pem
       -r--r--r--  1 root  wheel  1379 Aug 13 01:37 cacert.pem
       -r--r--r--  1 root  wheel  4305 Aug 13 01:36 netbsd1.as10.net.pem
       -r--------  1 root  wheel  1679 Aug 13 01:36 netbsd1.as10.net.priv
       
    Again, make sure to keep the private key readable only for root! racoon (8) uses the hash of the CA certificate to identify the file which contains this certificate and expects this file to be named "hashvalue.0". Use this command to create an appropriately named link to cacert.pem:
       ln -sf cacert.pem `openssl x509 -noout -hash -infile cacert.pem`.0
       

    The configuration file for racoon is /etc/racoon/racoon.conf:

       path certificate "/etc/openssl/certs" ;
       log notify;
    
       # phase 1 proposals (for IKE SA)
       # openbsd1.as10.net
       remote 192.168.3.19
       {
    	   exchange_mode main;
    	   my_identifier fqdn "netbsd1.as10.net";
    	   peers_identifier fqdn "openbsd1.as10.net";
    	   certificate_type x509 "netbsd1.as10.net.pem" "netbsd1.as10.net.priv" ;
    	   lifetime time 1 hour ;	# sec,min,hour
    	   passive off ;
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm sha1;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm md5;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal_check obey;
       }
    
       # linux1.as10.net
       remote 192.168.3.11
       {
    	   exchange_mode main;
    	   my_identifier fqdn "netbsd1.as10.net";
    	   peers_identifier fqdn "linux1.as10.net";
    	   certificate_type x509 "netbsd1.as10.net.pem" "netbsd1.as10.net.priv" ;
    	   lifetime time 1 hour ;	# sec,min,hour
    	   passive off ;
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm sha1;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm md5;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal_check obey;
       }
    
       # from the void
       remote anonymous
       {
    	   exchange_mode main;
    	   my_identifier fqdn "netbsd1.as10.net";
    	   certificate_type x509 "netbsd1.as10.net.pem" "netbsd1.as10.net.priv" ;
    	   lifetime time 1 hour ;	# sec,min,hour
    	   passive on;
    	   generate_policy on;
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm sha1;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal {
    		   encryption_algorithm 3des;
    		   hash_algorithm md5;
    		   authentication_method rsasig ;
    		   dh_group 2 ;
    	   }
    	   proposal_check obey;
       }
    
       # phase 2 proposal (for IPsec SA).
       # quick mode description for all connections
       sainfo anonymous
       {
    	   pfs_group 2;
    	   lifetime time 10 min ;
    	   encryption_algorithm rijndael;
    	   authentication_algorithm hmac_sha1, hmac_md5 ;
    	   compression_algorithm deflate ;
       }
       

    UP

    Windows2000 (gateway)

    UP

    WindowsME with PGPNet (road warrior)

    UP

    Links

    Some useful links:
  • http://www.openbsd.org/ -- OpenBSD
  • very detailed german documentation for replacing WEP with IPsec from the guys at http://www.openbsd.de/
  • http://www.kame.net/ -- The Kame Stack
  • http://www.freeswan.org/ -- FreeS/WAN
  • http://www.freeswan.ca/ -- Super FreeS/WAN, a patched up FreeS/WAN
  • examples by Johan Allard
  • an overview of IPsec implementations for Linux by Nico Schottelius

    UP

    Summary

    Enjoy!

    UP


    $Id: HOWTO.html,v 1.16 2003/08/17 09:22:23 hshoexer Exp $