-
Notifications
You must be signed in to change notification settings - Fork 0
IPSec
Determines which traffic is applied to IPSec.
setkey -DP
Determines which algorithms to be used for specific IPSec traffic. Can be filled during IKE negotiation.
- shared secret key (negotiated during IKE);
- key lifetime
- hashing algorithm
- etc.
setkey -lD
Set up IKE SA. Negotiates and agrees on how to do IKE. Does agreement on how securely the devices are going to be, how they exchange keys. Does mutual authentication with following methods:
- pre-shared key;
- encrypted RSA nonces;
- RSA or DSS signatures;
- Certificate Authority (CA).
Set up IPsec SA.
- Transport mode is used for connection to specific hosts. It does NOT encapsulate IP header.
- Tunnel mode is used for connection to specific networks. It DOES encapsulate IP header. (more)
Transport or Tunnel mode is selected in SPD (in Linux spdadd command of setkey utility).
AH and ESP are both IP protocols (codes 51 and 50 respectively).
With AH, an HMAC keyed hash is transported in the AH header. That provides data integrity and source authentication: the data must come from an authentic source, one that knows the hash key. And the data cannot be changed by anyone "in the middle", since the keyed hash allows detection of any changes. Note however that AH does not provide for encryption of the actual data. So you would only use AH for things like placing small orders across the Internet, assuming that does not need to be done confidentially.
With ESP, you get the HMAC keyed hash plus encryption of the data. Generally, this is what we want when we run IPsec. (source)
AH or ESP is selected in SPD (in Linux spdadd command of setkey utility).
racoon -F -dd -v
-
Required options:
exchange_mode,proposal -
Useful options:
ph1id(links with sainfo by correspinding remoteid)
encryption_algorithm aes;
hash_algorithm sha1;
dh_group 2;
encryption_algorithm, authentication_algorithm, compression_algorithm
-
remoteid: links with sainfo (by correspinding ph1id)
- Negotiation will not start unless traffic is detected!
- Host-wide SPD entries are required for transparent IPSec!
/etc/racoon/racoon.confdoes NOT specify such entries. Use/etc/ipsec-tools.confadditionally or/etc/racoon/racoon-tool.confwhich supersedes bothipsec-tools.confandracoon.conf. - IPsec-Tools Checklist
- Configuration example
- In RFC mode (default)
setkeyautomatically adds fwd rules. - ISAKMP used for IKE negotiation is UDP protocol
/log print follow
/system logging edit 4 topics
debug,!ssh,!ntp,!dhcp,!script
/ip firewall filter add place-before=0 chain=input action=accept protocol=udp
Note: more precise rule will come later._
/ip ipsec peer add passive=yes auth-method=pre-shared-key secret="secret" nat-traversal=yes send-initial-contact=no hash-algorithm=sha1 enc-algorithm=aes-128 dh-group=modp1024 lifetime=1d
Note: IPSec is enabled when rule is enabled. See:
/log print
12:24:37 ipsec,debug 192.168.1.1[500] used as isakmp port (fd=21)
12:24:37 ipsec,debug 192.168.1.1[4500] used as isakmp port with NAT-T (fd=22)
12:24:37 ipsec,debug 192.168.2.1[500] used as isakmp port (fd=23)
12:24:37 ipsec,debug 192.168.2.1[4500] used as isakmp port with NAT-T (fd=24)
12:24:37 ipsec,debug 178.144.100.100[500] used as isakmp port (fd=25)
12:24:37 ipsec,debug 178.144.100.100[4500] used as isakmp port with NAT-T (fd=26)
Note: port option doesn't influence this (why?).
13:02:08 ipsec,debug,packet Compared: Local:Peer
13:02:08 ipsec,debug,packet (lifetime = 86400:28800)
13:02:08 ipsec,debug,packet (lifebyte = 0:0)
13:02:08 ipsec,debug,packet enctype = AES-CBC:AES-CBC
13:02:08 ipsec,debug,packet (encklen = 128:128)
13:02:08 ipsec,debug,packet hashtype = SHA:SHA
13:02:08 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
13:02:08 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
13:02:08 ipsec,debug,packet an acceptable proposal found.
13:05:47 ipsec,debug,packet Compared: Local:Peer
13:05:47 ipsec,debug,packet (lifetime = 86400:28800)
13:05:47 ipsec,debug,packet (lifebyte = 0:0)
13:05:47 ipsec,debug,packet enctype = AES-CBC:AES-CBC
13:05:47 ipsec,debug,packet (encklen = 256:128)
13:05:47 ipsec,debug,packet hashtype = SHA:SHA
13:05:47 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
13:05:47 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
13:05:47 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
13:05:47 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=28800
13:05:47 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
13:05:47 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
13:05:47 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
13:05:47 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
13:05:47 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
13:05:47 ipsec,debug no suitable proposal found.
Note: error is in (encklen = 256:128), fix:
/ip ipsec peer set 0 enc-algorithm=aes-128
04:41:52 ipsec,debug no policy found: 0.0.0.0/0[0] 192.168.88.0/24[0] proto=any dir=in
04:41:52 ipsec,debug failed to get proposal for responder.
04:41:52 ipsec,error failed to pre-process ph2 packet.
$ time echo test| gpg --passphrase-fd 0 --cipher-algo aes256 --symmetric -o /dev/null yy
Reading passphrase from file descriptor 0
real 0m26.417s
user 0m25.631s
sys 0m0.690s
$ time echo test| gpg --passphrase-fd 0 --cipher-algo twofish --symmetric -o /dev/null yy
Reading passphrase from file descriptor 0
real 0m28.609s
user 0m27.781s
sys 0m0.714s
$ time echo test| gpg --passphrase-fd 0 --cipher-algo camellia256 --symmetric -o /dev/null yy
Reading passphrase from file descriptor 0
real 0m47.360s
user 0m46.442s
sys 0m0.748s
- The most efficient algorithm of above 3: AES (Rijndael)
From Wikipedia:
GCM is ideal for protecting packetized data, because it has minimum latency and minimum operation overhead.
Uses shared secret key to produce hashes: guarantees that third-party will not be able to spoof hashes. Hash proves that original message was not being altered. HMAC uses one of two algorithms as a base MD5 (HMAC-MD5) and SHA (HMAC-SHA).