IPSEC vpn between IPHONE and Linux/FreeBSD racoon daemon
Iphone ipsec vpn linuxIn this post, I will configure an IPSEC VPN tunnel between Iphone using Aggressive mode.
A good guide on IPSEC is "Ipsec Illustrated" found here:
http://www.unixwiz.net/techtips/iguide-ipsec.htmlBasically, Aggressive mode uses less messages in phase1 to establish the tunnel than Main mode (3 vs 6) and it is less secure. Less secure in the fact that the ike identity is sent in clear text.
The IKE ID can be one of the following:
Code:
ID Type Value
------- -----
RESERVED 0
ID_IPV4_ADDR 1
ID_FQDN 2
ID_USER_FQDN 3
ID_IPV4_ADDR_SUBNET 4
ID_IPV6_ADDR 5
ID_IPV6_ADDR_SUBNET 6
ID_IPV4_ADDR_RANGE 7
ID_IPV6_ADDR_RANGE 8
ID_DER_ASN1_DN 9
ID_DER_ASN1_GN 10
ID_KEY_ID 11
For aggressive mode at least, Iphone uses ID_KEY_ID (type 11).
Here is a pcap of an aggressive mode first packet sent by the iphone:
Code:
0x0000: 4500 031c 9e5c 0000 3411 0407 3e8c 84df E....\..4...>...
0x0010: 0a01 1402 615c 01f4 0308 eb8b 6620 d459 ....a\......f..Y
0x0020: 06a4 c45e 0000 0000 0000 0000 0110 0400 ...^............
0x0030: 0000 0000 0000 0300 0400 0124 0000 0001 ...........$....
0x0040: 0000 0001 0000 0118 0101 0008 0300 0024 ...............$
0x0050: 0101 0000 800b 0001 800c 0e10 8001 0007 ................
0x0060: 800e 0100 8003 fde9 8002 0002 8004 0002 ................
0x0070: 0300 0024 0201 0000 800b 0001 800c 0e10 ...$............
0x0080: 8001 0007 800e 0080 8003 fde9 8002 0002 ................
0x0090: 8004 0002 0300 0024 0301 0000 800b 0001 .......$........
0x00a0: 800c 0e10 8001 0007 800e 0100 8003 fde9 ................
0x00b0: 8002 0001 8004 0002 0300 0024 0401 0000 ...........$....
0x00c0: 800b 0001 800c 0e10 8001 0007 800e 0080 ................
0x00d0: 8003 fde9 8002 0001 8004 0002 0300 0020 ................
0x00e0: 0501 0000 800b 0001 800c 0e10 8001 0005 ................
0x00f0: 8003 fde9 8002 0002 8004 0002 0300 0020 ................
0x0100: 0601 0000 800b 0001 800c 0e10 8001 0005 ................
0x0110: 8003 fde9 8002 0001 8004 0002 0300 0020 ................
0x0120: 0701 0000 800b 0001 800c 0e10 8001 0001 ................
0x0130: 8003 fde9 8002 0002 8004 0002 0000 0020 ................
0x0140: 0801 0000 800b 0001 800c 0e10 8001 0001 ................
0x0150: 8003 fde9 8002 0001 8004 0002 0a00 0084 ................
0x0160: 88a2 76fc 476b 1ef7 9fc2 d94d a5c8 db03 ..v.Gk.....M....
0x0170: fd78 df0d 1425 f14d 3515 8b40 db55 1afb .x...%.M5..@.U..
0x0180: 7408 b92c 1650 a8f3 4ba5 46a5 6581 cdf1 t..,.P..K.F.e...
0x0190: df10 841e 79fb 579e 79f9 a4c2 d1e1 e737 ....y.W.y......7
0x01a0: 45b4 9b72 234b 4561 dcc3 f89c 3677 1584 E..r#KEa....6w..
0x01b0: 2b5f 9dae 7141 adf8 4fca ecad 1f90 d3f8 +_..qA..O.......
0x01c0: 0a99 71a4 df83 da93 9a83 4101 294f c805 ..q.......A.)O..
0x01d0: 70cc 6252 e166 b736 0f02 20c2 34a9 1fce p.bR.f.6....4...
0x01e0: 0500 0014 b3b9 120f 779b 4c86 1c99 f7b0 ........w.L.....
0x01f0: cbf9 e836 0d00 0014 0b00 0000 7573 6572 ...6........user --> IKE KEY type 11 (hex 0b at offset 0x01f8) and ID_IKE_ID: user@vpn.com
0x0200: 4076 706e 2e63 6f6d 0d00 0018 4048 b7d5 @vpn.com....@H..
0x0210: 6ebc e885 25e7 de7f 00d6 c2d3 8000 0000 n...%...........
0x0220: 0d00 0014 4a13 1c81 0703 5845 5c57 28f2 ....J.....XE\W(.
0x0230: 0e95 452f 0d00 0014 4df3 7928 e9fc 4fd1 ..E/....M.y(..O.
0x0240: b326 2170 d515 c662 0d00 0014 8f8d 8382 .&!p...b........
0x0250: 6d24 6b6f c7a8 a6a4 28c1 1de8 0d00 0014 m$ko....(.......
0x0260: 439b 59f8 ba67 6c4c 7737 ae22 eab8 f582 C.Y..glLw7."....
0x0270: 0d00 0014 4d1e 0e13 6dea fa34 c4f3 ea9f ....M...m..4....
0x0280: 02ec 7285 0d00 0014 80d0 bb3d ef54 565e ..r........=.TV^
0x0290: e846 45d4 c85c e3ee 0d00 0014 9909 b64e .FE..\.........N
0x02a0: ed93 7c65 73de 52ac e952 fa6b 0d00 0014 ..|es.R..R.k....
0x02b0: 7d94 19a6 5310 ca6f 2c17 9d92 1552 9d56 }...S..o,....R.V
0x02c0: 0d00 0014 cd60 4643 35df 21f8 7cfd b2fc .....`FC5.!.|...
0x02d0: 68b6 a448 0d00 0014 90cb 8091 3ebb 696e h..H........>.in
0x02e0: 0863 81b5 ec42 7b1f 0d00 000c 0900 2689 .c...B{.......&.
0x02f0: dfd6 b712 0d00 0014 12f5 f28c 4571 68a9 ............Eqh.
0x0300: 702d 9fe2 74cc 0100 0000 0014 afca d713 p-..t...........
0x0310: 68a1 f1c9 6b86 96fc 7757 0100 h...k...wW..
And the same packet disected by tcpdump (key_id is not printed in this format, only in ASCII/HEX [-xX] flags in tcpdump):
Code:
11:22:00.789395 IP (tos 0x0, ttl 52, id 26575, offset 0, flags [none], proto UDP (17), length 796)
62.140.132.223.18842 > 10.1.20.2.500: isakmp 1.0 msgid 00000000: phase 1 I agg:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=8
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
(t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
(t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=3des)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))
(t: #7 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth value=fde9)(type=hash value=sha1)(type=group desc value=modp1024))
(t: #8 id=ike (type=lifetype value=sec)(type=lifeduration value=0e10)(type=enc value=1des)(type=auth value=fde9)(type=hash value=md5)(type=group desc value=modp1024))))
(ke: key len=128)
(nonce: n len=16)
(id: idtype=keyid protoid=0 port=0 len=12)
(vid: len=20)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=16)
(vid: len=8)
(vid: len=16)
(vid: len=16)
A few things about phase 1 proposals supported by the Iphone:
- all proposals have 3600 seconds lifetime (0x0e10)
- it supports AES encryption with 256 (0x0100), 128(0x0080) block sizes, 3DES
- Auth method is XAuth with PreSharedKeyINIT (0xfde0) type 65001 (below XAuth authentication method types)
- Auth algorithm sha1 and md5
- PFS for phase 1 Diffie Hellman group2 (mod1024)
Code:
------------------------------ -----
XAUTHInitPreShared 65001
XAUTHRespPreShared 65002
XAUTHInitDSS 65003
XAUTHRespDSS 65004
XAUTHInitRSA 65005
XAUTHRespRSA 65006
XAUTHInitRSAEncryption 65007
XAUTHRespRSAEncryption 65008
XAUTHInitRSARevisedEncryption 65009
XAUTHRespRSARevisedEncryption 65010
Below is the racoon configuration to match proposals and identity coming from iphone:
Code:
remote anonymous
{
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
initial_contact off;
passive on;
proposal_check claim; # obey, strict, or claim & lifetime set to 8mil & strict => will take client smaller lifetime
generate_policy unique;
script "/usr/local/etc/racoon/phase1-up.sh" phase1_up;
script "/usr/local/etc/racoon/phase1-down.sh" phase1_down;
dpd_delay 60;
dpd_retry 5;
dpd_maxfail 5;
rekey on;
ike_frag on;
mode_cfg on;
nat_traversal on;
lifetime time 24 hours;
verify_identifier on;
my_identifier address XX.XX.XX.XX;
peers_identifier asn1dn;
peers_identifier keyid "/usr/local/etc/racoon/keyid.txt";
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_server;
dh_group 2;
}
# Proposal for Iphone aggressive
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
}
# Proposal for Iphone main (certificates)
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_rsa_server;
dh_group 2;
}
# PSK proposal for Shrew VPN
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 2;
}
}
sainfo anonymous
{
pfs_group 2; #Iphone doesn't suport L2TP IPSEC PHase2 PFS
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
mode_cfg {
conf_source radius;
auth_source radius;
accounting radius;
banner "/etc/ipsec_motd";
pool_size 10;
auth_throttle 3;
save_passwd on;
dns4 10.0.0.255;
default_domain "ivorde.ro";
pfs_group 2;
}
Since we know that IPHONE uses ID_KEY_ID as IKE ID, we need to configure the racoon daemon to verify the identity correctly:
Code:
peers_identifier keyid "/usr/local/etc/racoon/keyid.txt";
the keyid.txt file has to contain one column with the keyid (
user@vpn.com - matching the "Group Name" setting in Iphone VPN configuration) and another column with the preshared key for that (secret obviously) matching the "Secret" in Iphone vpn configuration.
Code:
my_identifier
has to match the external ip address of the Linux/BSD box running racoon (the IP address where the iphone will connect to, matching the "Server" in Iphone vpn configuration).
the
proposal stanzas inside the "remote anonymous" stanza construct the IKE Phase 1 proposals the racoon is willing to accept. As you can see from those and the proposals presented by the Iphone, there is at least one ike phase 1 proposal in common.
the "sainfo anonymous" stanza configures Ike Phase 2 proposal.
the "mode_cfg" stanza tells racoon to inform the remote dynamic peer (Iphone) about these settings. Since I'm using radius in this case, the IP address is kept in radius config file, but it can be set from racoon statically (radius disabled) also with following config inside the "mode_cfg":
Code:
#starting address of the IP address pool
network4 10.0.0.4;
#maximum number of clients
pool_size 20;
#network mask
netmask4 255.255.255.0;
The only thing left is handling the eXtended AUTHentication (XAUTH). This means a second authentication with a username and a password that can be kept in mysql/radius/ldap/pam. As stated above, this config authenticates in radius, but it can also be a system username (/etc/passwd) and this has to match the "Account" and "Password" in Iphone vpn configuration.
To have racoon authenticat xauth users locally, use following inside "mod_cfg":
Code:
#authentication source – user database on the system
auth_source system;
#configuration source – from data given in this section
conf_source local;
And that is it.