- •Table of Contents
- •Preface
- •What This Book Covers
- •What You Need for This Book
- •Conventions
- •Reader Feedback
- •Customer Support
- •Errata
- •Questions
- •The Need for Cryptography
- •Privacy
- •Security
- •A History of the Internet
- •Holding the Internet Together
- •The Creation of ICANN
- •ICANN Bypassed
- •The Root Name Servers
- •Running the Top-Level Domains
- •History of Internet Engineering
- •The Internet Engineering Task Force (IETF)
- •RFCs—Requests For Comments
- •IETF and Crypto
- •The War on Crypto
- •Dual Use
- •Public Cryptography
- •The Escrowed Encryption Standard
- •Export Laws
- •The Summer of '97
- •The EFF DES Cracker
- •Echelon
- •The End of the Export Restrictions
- •Free Software
- •Free as in Verifiable
- •The Open Source Movement
- •The History of Openswan
- •IETF Troubles over DNS
- •Super FreeS/WAN
- •The Arrival of Openswan
- •NETKEY
- •Further Reading
- •Using Openswan
- •Copyright and License Conditions
- •Writing and Contributing Code
- •Legality of Using Openswan
- •International Agreements
- •International Law and Hosting Openswan
- •Unrecognized International Claims
- •Patent Law
- •Expired and Bogus Patents
- •Useful Legal Links
- •Summary
- •A Very Brief Overview of Cryptography
- •Valid Packet Rewriting
- •Ciphers
- •Algorithms
- •Uniqueness
- •Public-Key Algorithms
- •Exchanging Public Keys
- •Digital Signatures
- •Diffie-Hellman Key Exchange
- •Avoiding the Man in the Middle
- •Session Keys
- •Crypto Requirements for IPsec
- •IPsec: A Suite of Protocols
- •Kernel Mode: Packet Handling
- •Authentication Header (AH)
- •Encapsulated Security Payload (ESP)
- •Transport and Tunnel Mode
- •Choosing the IPsec Mode and Type
- •The Kernel State
- •Encryption Details
- •Manual Keying
- •Final Note on Protocols and Ports
- •Usermode: Handling the Trust Relationships
- •The IKE Protocol
- •Phase 1: Creating the ISAKMP SA
- •Phase 2: Quick Mode
- •The NAT Problem
- •Summary
- •Linux Distributions
- •Debian
- •SuSE
- •Slackware
- •Gentoo
- •Linux 'Router' Distributions
- •Deciding on the Userland
- •Pluto
- •Racoon
- •Isakmpd
- •More Reasons to Pick Pluto
- •Choosing the Kernel IPsec Stack
- •KLIPS, the Openswan Stack
- •ipsecX Interfaces
- •First Packet Caching
- •Path MTU Discovery
- •KLIPS' Downside
- •NETKEY, the 2.6 IPsec Stack
- •The USAGI / SuSE IPsec Stack
- •Making the Choice
- •GPL Compliance and KLIPS
- •Binary Installation of the Openswan Userland
- •Checking for Old Versions
- •Installing the Binary Package for Openswan
- •Building from Source
- •Using RPM-based Distributions
- •Rebuilding the Openswan Userland
- •Building src.rpm from Scratch
- •Openswan Options
- •Building the Openswan Userland from Source
- •Downloading the Source Code
- •Configuring the Userland Tools
- •Optional Features
- •Compile Flags
- •File Path Options
- •Obscure Pluto Options
- •Compiling and Installing
- •Binary Installation of KLIPS
- •Building KLIPS from Source
- •Kernel Prerequisites
- •Identifying your Kernel's Abilities
- •Using Both KLIPS and NETKEY
- •The Kernel Build Options
- •Required Kernel Options
- •Desired Options
- •NETKEY Stack Options
- •KLIPS Stack Options
- •L2TP Options
- •Patching the Kernel
- •NAT-Traversal Patch
- •KLIPS Compile Shortcut
- •Activating KLIPS
- •Determining the Stack in Use
- •Building KLIPS into the Linux Kernel Source Tree
- •Building a Standard Kernel
- •NAT Traversal
- •Patching KLIPS into the Linux Kernel
- •Verifying the Installation
- •Summary
- •Manual versus Automatic
- •PSK versus RSA
- •Pitfalls of Debugging IPsec
- •Pre-Flight Check
- •The ipsec verify Command
- •NAT and Masquerading
- •Checking External Commands
- •Opportunistic Encryption
- •The ipsec livetest Command
- •Configuration of Openswan
- •The ipsec.conf File
- •Host-to-Host Tunnel
- •Left and Right
- •The type Options
- •The auto Option
- •The rsasigkey Options
- •Bringing Up the IPsec Tunnels
- •Listing IPsec Connections
- •Testing the IPsec Tunnel
- •Connecting Subnets Through an IPsec Connection
- •Testing Subnet Connections
- •Testing Properly
- •Encrypting the Host and the Network Behind It
- •Employing Advanced Routing
- •Creating More Tunnels
- •Avoiding Duplication
- •The Also Keyword
- •KLIPS and the ipsecX Interfaces
- •Pre-Shared Keys (PSKs)
- •Proper Secrets
- •Dynamic IP Addresses
- •Hostnames
- •Roadwarriors
- •Multiple Roadwarrior Connections
- •Dynamic IP and PSKs
- •Mixing PSK and RSA
- •Connection Management
- •Subnet Extrusion
- •NAT Traversal
- •Deprecated Syntax
- •Confirming a Functional NAT-T
- •Dead Peer Detection
- •DPD Works Both Ways
- •Configuring DPD
- •Buggy Cisco Routers
- •Ciphers and Algorithms
- •Using ike= to Specify Phase 1 Parameters
- •Using esp= to Specify Phase 2 Parameters
- •Defaults and Strictness
- •Unsupported Ciphers and Algorithms
- •Aggressive Mode
- •XAUTH
- •XAUTH Gateway (Server Side)
- •XAUTH Client (Supplicant Side)
- •Fine Tuning
- •Perfect Forward Secrecy
- •Rekeying
- •Key Rollover
- •Summary
- •X.509 Certificates Explained
- •X.509 Objects
- •X.509 Packing
- •Types of Certificates
- •Passphrases, PIN Codes, and Interactivity
- •IKE and Certificates
- •Using the Certificate DN as ID for Openswan
- •Generating Certificates with OpenSSL
- •Setting the Time
- •Configuring OpenSSL
- •Be Consistent with All Certificates
- •OpenSSL Commands for Common Certificate Actions
- •Configuring Apache for IPsec X.509 Files
- •Creating X.509-based Connections
- •Using a Certificate Authority
- •Using Multiple CAs
- •Sending and Receiving Certificate Information
- •Creating your own CA using OpenSSL
- •Creating Host Certificates with Your Own CA
- •Host Certificates for Microsoft Windows (PKCS#12)
- •Certificate Revocation
- •Dynamic CRL Fetching
- •Configuring CRL
- •Online Certificate Status Protocol (OCSP)
- •Summary
- •History of Opportunistic Encryption
- •Trusting Third Parties
- •Trusting the DNS?
- •OE in a Nutshell
- •An OE Security Gateway
- •DNS Key Records
- •Forward and Reverse Zones
- •The OE DNS Records
- •Different Types of OE
- •Policy Groups
- •Internal States
- •Configuring OE
- •Configuring Policies
- •Full OE or Initiate-Only
- •Generating Correct DNS Records
- •Name Server Updates
- •Verifying Your OE Setup
- •Testing Your OE Setup
- •The trap eroute
- •The pass eroute
- •The hold eroute
- •Manipulating OE Connections Manually
- •Advanced OE Setups
- •Caveats
- •Summary
- •Where to Firewall?
- •Allowing IPsec Traffic
- •NAT and IPsec Passthrough
- •Configuring the Firewall on the Openswan Host
- •Firewalling and KLIPS
- •Firewalling and NETKEY
- •Packet Size
- •Summary
- •Microsoft Windows
- •Layer 2 Tunneling Protocol (L2TP)
- •Assigning an IP for VPN Access
- •L2TP Properties
- •Pure IPsec versus L2TP/IPsec
- •Client and Server Configurations for L2TP/IPsec
- •The L2TP Openswan Server
- •Configuring Openswan for L2TP/IPsec
- •Linux Kernel Runtime Parameters for L2TP/IPsec
- •Protecting the L2TP Daemon with IPsec using iptables
- •Choosing an L2TP Daemon
- •Configuring L2TPD
- •Configuring User Authentication for pppd
- •Microsoft Windows XP L2TP Configuration
- •Microsoft Windows 2000 L2TP Configuration
- •Apple Mac OS X L2TP Configuration
- •Server Configuration for X.509 IPsec without L2TP
- •Openswan Configuration for X.509 without L2TP
- •Client Configuration for X.509 IPsec without L2TP
- •Microsoft's IKE Daemon
- •Microsoft's Certificate Store
- •Clients using Microsoft Native IPsec Implementation
- •The ipsec.exe Wrapper
- •The Linsys IPsec Tool (lsipsectool)
- •Securepoint IPsec Client
- •TauVPN (iVPN)
- •The WaveSEC Client
- •Third-Party Replacement Clients for Windows
- •The GreenBow VPN Client
- •Astaro Secure Client
- •Mac OS X IPSecuritas
- •VPNtracker
- •Manual Racoon Configuration
- •Importing X.509 Certificates into Windows
- •Importing X.509 Certificates on Mac OS X (Tiger)
- •Summary
- •Openswan as a Client to an Appliance
- •Preparing the Interop
- •The Human Factor
- •Terminology
- •Preparation
- •IPsec Passthrough
- •Tunnel Limitations
- •Anticipate Known Problems
- •Update the Firmware
- •GUI Issues
- •Keepalives
- •ISP Filtering
- •Frequently used VPN Gateways
- •Webmin with Openswan
- •Cisco VPN 3000
- •Cisco PIX Concentrator
- •Nortel Contivity
- •Checkpoint
- •WatchGuard Firebox
- •Symantec
- •Frequently used VPN Client Appliances
- •ZyXEL
- •DrayTek Vigor
- •The Vigor Web Interface
- •Windows Logon Issues
- •Other Vigorisms
- •Unresolved Issues
- •NetScreen
- •Known Issues
- •SonicWALL
- •BinTec
- •LANCOM
- •Linksys
- •Lucent Brick
- •NETGEAR
- •KAME/Racoon
- •Aftercare
- •Summary
- •Methods of Encryption
- •Host-to-Host Mesh
- •Host-to-Gateway Setup
- •Single IP Extrusiautomation or L2TP
- •Opportunistic Encryption in the LAN
- •Non-OE-Capable Machines
- •Designing a Solution for Encrypting the LAN
- •Design Goals
- •Separation of WiFi and Crypto
- •Link Layer Protection
- •The Logical Choice: IPsec
- •Hotspot
- •WaveSEC
- •Full WaveSEC
- •Catch 22 Traffic
- •Building a WaveSEC Server
- •DHCP Server Setup
- •DNS Server Setup
- •Openswan Server Setup
- •Catch 22 Traffic Setup
- •Building a WaveSEC Client
- •DH Client Setup
- •Openswan Setup
- •Testing the WaveSEC
- •Starting the WaveSEC Connection
- •Known Issues with WaveSEC
- •WaveSEC for Windows
- •Design Limitations
- •Building a WaveSEC for Windows Server
- •Obtaining the Certificate and Client Software
- •Our Prototype Experiences
- •Openswan Issues
- •Windows Kernel Issues
- •Summary
- •Cipher Performance
- •Handling Thousands of Tunnels
- •Managing Large Configuration Files
- •Standard Naming Convention
- •The also= Parameter
- •The include Parameter
- •Openswan Startup Time
- •Limitations of the Random Device
- •Other Performance-Enhancing Factors
- •Logging to Disk
- •Disable Dead Peer Detection
- •Reducing the Number of Tunnels
- •OSPF Setup
- •BGPv4 Setup
- •High Availability
- •Heartbeat
- •Xen Migration
- •Using Anycast
- •Summary
- •Do Not Lock Yourself Out!
- •Narrowing Down the Problem
- •Host Issues
- •Configuration Problems
- •Connection Names
- •Interoperability
- •Hunting Ghosts
- •Rekey Problems (After an Hour)
- •Openswan Error Messages
- •IKE: Unknown VendorIDs
- •Network Issues
- •Firewalls
- •MTU and Fragmentation Issues
- •Debugging IPsec on Apple Mac OS X
- •Debugging IPsec on Microsoft Windows
- •Oakley Debugging
- •Debugging ipsec.exe
- •Microsoft L2TP Errors
- •You Suddenly Cannot Log in Anymore over the VPN
- •Software Bugs
- •Userland Issues: Assertion Failed or Segmentation Faults
- •Kernel Issues: Crashes and Oopses
- •Memory Issues
- •Common IKE Error Messages
- •Common Kernel-Related Error Messages
- •Common Errors when Upgrading
- •Using tcpdump to Debug IPsec
- •Situation A: No Communication on Port 500
- •Situation B: Failure at Third Exchange
- •Situation C: QUICK Mode Initiates, but Never Completes
- •Situation D: All IKE Messages Occur, but no Traffic Flows
- •A Final tcpdump Example
- •User Mode Linux Testing
- •Preparing the Openswan for the UML Build Process
- •Running the UMLs
- •Writing a UML Test Case
- •Debugging the Kernel with GDB
- •Asking the Openswan Community for Help
- •Internet Relay Chat (IRC)
- •The Openswan Mailing Lists
- •Posting to the Lists
- •Research First, Ask Later
- •Free, as in Beer
- •Do not Anonymize
- •Summary
- •Linux Kernel Developments
- •Kernel API Changes between 2.6.12 and 2.6.14
- •Red Hat Kernel Developments
- •Fedora Kernel Source/Headers Packaging Change
- •MD5 Insecurities
- •Discontinuation of Openswan 1 by the End of 2005
- •Update on UML Testing Suite Installation
- •Openswan GIT Repositories
- •Openswan on Windows and Mac OS X Updates
- •Known Outstanding Bugs
- •Vulnerability Fixes in Openswan 2.4.4
- •The OSI Model and the IP Model
- •No Layers, Just Packets
- •The Protocol
- •IP Network Overview
- •IP Address Management
- •The Old IP Classes
- •Classless IP Networks
- •The Definition of a Subnet
- •Calculating with Subnets: The Subnet Mask
- •The Rest of the Network
- •Linux Networking Commands
- •Routing
- •Routing Decisions
- •Peering
- •Network Address Translation
- •Port Forwarding
- •Openswan Links
- •Community Documentation
- •Generic Linux Distributions Containing Openswan
- •Specialized Linux Distributions Containing Openswan
- •Overview RFCs
- •Basic Protocols
- •Key Management
- •Procedural and Operational RFCs
- •Detailed RFCs on Specific Cryptographic Algorithms and Ciphers
- •Dead Peer Detection RFCs
- •NAT-Traversal and UDP Encapsulation RFCs
- •RFCs for Secure DNS Service, which IPSEC May Use
- •RFCs Related to L2TP, Often Used in Combination with IPsec
- •RFCs on IPsec in Relation to Other Protocols
- •RFCs Not in Use or Implemented across Multiple Vendors
- •Index
Debugging and Troubleshooting
A router between this machine and the destination of the packet (in this case the router 62.4.10.15) does not seem to be able to handle the UDP packet size of the IKE packet. This behavior is mostly seen on connections involving lots of NAT and possible bad ISPs with tunnels within tunnels, for instance using PPTP over PPPoE. Adding another layer of packets (IPsec) then finally causes this problem. You can try to play with MTU sizes, or talk to the ISP that owns that particular router and ask for advice.
104 "GroupVPN" #1: STATE_MAIN_I1: initiate
003 "GroupVPN" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] 106 "GroupVPN" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "GroupVPN" #1: ignoring unknown Vendor ID payload [da8e937880010000]
003 "GroupVPN" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]
003 "GroupVPN" #1: received Vendor ID payload [XAUTH]
003 "GroupVPN" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike- 00/01: i am NATed
108 "GroupVPN" #1: STATE_MAIN_I3: sent MI3, expecting MR3 004 "GroupVPN" #1: STATE_MAIN_I4: ISAKMP SA established 117 "GroupVPN" #2: STATE_QUICK_I1: initiate
010 "GroupVPN" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
This is an example of an incoming client that tries to negotiate an XAUTH connection, but Openswan has not been configured with leftxauthserver=yes and rightxauthclient=yes. In this case, Openswan was talking to a SonicWALL machine and XAUTH was not supposed to be negotiated.
023 authentication method disagrees with "ian-nikita", which is also for an unspecified peer
This is a situation where the administrator tried to load more than one connection without uniquely identifying them. That is, you are using multiple connections with right=%any and the same authentication method, so that Pluto is not able to distinguish for which of those two connections an incoming connection is intended. The second connection that coincides with the first connection is refused by Pluto. This often happens if you use multiple PSK-based connections on dynamic IP addresses. You will have to use leftid= and rightid= options to clearly distinguish
these connections, for example leftid=@YourName and rightid=@theirname.
Common Kernel-Related Error Messages
If the NAT-T patch fails with something like:
1 out of 2 hunks FAILED -- saving rejects to file include/net/sock.h.rej 1 out of 3 hunks FAILED -- saving rejects to file net/ipv4/udp.c.rej
you are trying to patch the kernel with the KLIPS NAT-T patch, but the kernel contains conflicting NETKEY code. This is either because there is a NETKEY backport in your kernel (such as RHEL3 and Debian/Woody), or this is Openswan 2.3.x, which did not automatically pick the proper 2.4/2.6 NAT-T patch.
You can try to override the automatic detection using make nattpatch24 or make nattpatch26. If your kernel contains NETKEY code, it should always try the 26 version of the patch. The 24 version is only for 2.4 kernels without the NETKEY backport.
Aug 8 19:37:51 kbantoft pluto[3154]: "kb-to-bp-38" #3: sent QI2, IPsec SA established {ESP=>0x489df436 <0xb7093be3 NATOA=0.0.0.0}
Aug 8 19:38:16 kbantoft pluto[3154]: packet from ##.##.109.70:4500: recvfrom ##.##.109.70:4500 has no Non-ESP marker
Aug 8 19:39:01 kbantoft last message repeated 14 times
286
Chapter 12
This was a NAT-Traversal bug in the NETKEY code that was fixed in Linux kernel 2.6.8.1.
003 ERROR: "cm-vpn" #13: netlink write() of XFRM_MSG_ALLOCSPI message for Get SPI esp.0@192.168.0.13 failed. Errno 111: Connection refused
This kernel has no support for XFRM_USER. Recompile the kernel with CONFIG_XFRM_USER.
Unable to handle kernel NULL pointer dereference at virtual address 000000ec d08bdcf6
*pde = 00000000 Oops: 0002
CPU: 0
EIP: 0010:[<d08bdcf6>] Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010246
eax: 00000000 ebx: cd675f68 ecx: 00000000 edx: cd675f04 esi: 00000000 edi: cd675f14 ebp: cf003000 esp: cd675ef4 ds: 0018 es: 0018 ss: 0018
Process snmpd (pid: 2436, stackpage=cd675000)
Stack: cd675f04 cd675f64 cfe43800 cf154ea0 da0110e9 00000000 00000000 00000000 000089f0 cf003000 cd675f54 cd675f54 c021ec5f cf003000 cd675f54 000089f0 00000000 000089f0 00000001 00000000 c021ee8a cd675f54 000089f0 00000020
Call Trace: [<c021ec5f>] [<c021ee8a>] [<c0216576>] [<c0144ef9>] [<c010729b>]
Code: ff 0d ec 00 00 00 0f 94 c0 84 c0 75 0a b8 fa ff ff ff e9 fd
There was a conflict between KLIPS and the net-snmpd package if both used SIOCDEVPRIVATE. This has been fixed, so if you see this error you are running an old version of Openswan and you should upgrade.
Various KLIPS kernel panics on a multi-processor SMP machine (or a Pentium-IV with hyperthreading)
When forwarding between tunnels on two (or more) ipsecX interfaces, KLIPS locks up the kernel and everything is frozen until you hit the reset button. This bug is only triggered when a packet comes in on one ipsecX interface, and goes out another ipsecX interface, which is quite rare. There is also still a bug with a missing spinlock() call, but this has been difficult to track down. This bug is present at least up to Openswan 2.4.4.
Jul 2 15:57:30 xenu pluto[29579]: "BRU" #3: ERROR: netlink response for Add SA comp.661a@hhh.hhh.hhh.158 included errno 12: Cannot allocate memory
Old versions of NETKEY contained some bad memory allocation code for decompressing compressed packets. This has been fixed in recent 2.6 kernels. Either upgrade your kernel or add compress=no (on both ends!) as a workaround to disable compression.
003 "north-pole" #3: ERROR: netlink_get_spi for comp.0@xxx.xxx.xxx.xxx failed with errno 22: Invalid argument
A race condition in the netlink_get_spi function. Notably the RHEL3 kernel, which contains an old NETKEY backport, still features this bug. A workaround for this was released in Openswan 2.3.2. A configuration workaround exists by disabling compression on both ends of the connection using compress=no. Note that setting compress to no only causes Openswan to not advertise the compress capability. It will still respond to requests for compression, so if you keep seeing this error even though you have disabled compression on this end, the other end is still asking for it.
Apr 27 01:05:22 south-park pluto[3448]: "phenome--extrude" #3: ERROR: netlink response for Add SA esp.98650ce8@213.84.21.108 included errno 38: Function not implemented
287
Debugging and Troubleshooting
This error is returned when the kernel's crypto API functions are needed, but not loaded. Either the kernel is compiled without crypto API support, or the modules failed to load. Try:
# modprobe aes_i586 des sha1
For a list of crypto API ciphers, see /lib/modules/`uname -r`/kernel/crypto.
Common Errors when Upgrading
There are some common errors people run into when upgrading from an old FreeS/WAN or Super FreeS/WAN to Openswan, or when upgrading from Openswan 1 to Openswan 2.
"We only support version 2 of ipsec.conf"
If your ipsec.conf does not start with a line "version 2", then Openswan 2 will not start because it assumes an old version 1 configuration file is actually used. Apart from adding this line, you should remove the following two lines:
plutoload=
plutostart=
If you are not using Opportunistic Encryption, add the following line after the config setup and
config default sections:
include /etc/ipsec.d/examples/no_oe.conf
If in this upgrade you also switched from KLIPS to NETKEY, you should be aware that you just lost your ipsecX interfaces. This will require a rewrite of your firewall and NAT rules. If you see errors similar to:
May 31 14:56:09 NoordWest pluto[13329]: "thuis-best" #4: ERROR: netlink response for Add SA esp.b11cbf@193.111.228.3 included errno 2: No such file or directory
then some of the NETKEY modules might have failed to (automatically) load. You can modprobe these modules manually:
# modprobe af_key esp4 ah4 ipcomp xfrm4_tunnel
If you are going to upgrade, first stop Openswan. Since the locations of some lock and pid files have changed, a newer version of Openswan will not be able to stop an older version of Openswan that is still running. If you have already installed the new version, you will have to manually kill the processes. Look for processes with 'pluto' in the name. For the new installed version, you should first run the initscript with 'stop' to clean up the dirty run and pid files, otherwise when you start you will see the following error:
# service ipsec start
ipsec_setup: Openswan IPsec apparently already running, start aborted
Once you have killed all processes, check /var/run and remove the files related to Pluto or IPsec.
Also be careful not to install two versions in different locations. Most distributions will put the package in /usr, while your own compile will put things in /usr/local. However /usr will appear in your path first.
288