- •Table of Contents
- •Preface
- •What This Book Covers
- •What You Need for This Book
- •Conventions
- •Reader Feedback
- •Customer Support
- •Errata
- •Questions
- •The Need for Cryptography
- •Privacy
- •Security
- •A History of the Internet
- •Holding the Internet Together
- •The Creation of ICANN
- •ICANN Bypassed
- •The Root Name Servers
- •Running the Top-Level Domains
- •History of Internet Engineering
- •The Internet Engineering Task Force (IETF)
- •RFCs—Requests For Comments
- •IETF and Crypto
- •The War on Crypto
- •Dual Use
- •Public Cryptography
- •The Escrowed Encryption Standard
- •Export Laws
- •The Summer of '97
- •The EFF DES Cracker
- •Echelon
- •The End of the Export Restrictions
- •Free Software
- •Free as in Verifiable
- •The Open Source Movement
- •The History of Openswan
- •IETF Troubles over DNS
- •Super FreeS/WAN
- •The Arrival of Openswan
- •NETKEY
- •Further Reading
- •Using Openswan
- •Copyright and License Conditions
- •Writing and Contributing Code
- •Legality of Using Openswan
- •International Agreements
- •International Law and Hosting Openswan
- •Unrecognized International Claims
- •Patent Law
- •Expired and Bogus Patents
- •Useful Legal Links
- •Summary
- •A Very Brief Overview of Cryptography
- •Valid Packet Rewriting
- •Ciphers
- •Algorithms
- •Uniqueness
- •Public-Key Algorithms
- •Exchanging Public Keys
- •Digital Signatures
- •Diffie-Hellman Key Exchange
- •Avoiding the Man in the Middle
- •Session Keys
- •Crypto Requirements for IPsec
- •IPsec: A Suite of Protocols
- •Kernel Mode: Packet Handling
- •Authentication Header (AH)
- •Encapsulated Security Payload (ESP)
- •Transport and Tunnel Mode
- •Choosing the IPsec Mode and Type
- •The Kernel State
- •Encryption Details
- •Manual Keying
- •Final Note on Protocols and Ports
- •Usermode: Handling the Trust Relationships
- •The IKE Protocol
- •Phase 1: Creating the ISAKMP SA
- •Phase 2: Quick Mode
- •The NAT Problem
- •Summary
- •Linux Distributions
- •Debian
- •SuSE
- •Slackware
- •Gentoo
- •Linux 'Router' Distributions
- •Deciding on the Userland
- •Pluto
- •Racoon
- •Isakmpd
- •More Reasons to Pick Pluto
- •Choosing the Kernel IPsec Stack
- •KLIPS, the Openswan Stack
- •ipsecX Interfaces
- •First Packet Caching
- •Path MTU Discovery
- •KLIPS' Downside
- •NETKEY, the 2.6 IPsec Stack
- •The USAGI / SuSE IPsec Stack
- •Making the Choice
- •GPL Compliance and KLIPS
- •Binary Installation of the Openswan Userland
- •Checking for Old Versions
- •Installing the Binary Package for Openswan
- •Building from Source
- •Using RPM-based Distributions
- •Rebuilding the Openswan Userland
- •Building src.rpm from Scratch
- •Openswan Options
- •Building the Openswan Userland from Source
- •Downloading the Source Code
- •Configuring the Userland Tools
- •Optional Features
- •Compile Flags
- •File Path Options
- •Obscure Pluto Options
- •Compiling and Installing
- •Binary Installation of KLIPS
- •Building KLIPS from Source
- •Kernel Prerequisites
- •Identifying your Kernel's Abilities
- •Using Both KLIPS and NETKEY
- •The Kernel Build Options
- •Required Kernel Options
- •Desired Options
- •NETKEY Stack Options
- •KLIPS Stack Options
- •L2TP Options
- •Patching the Kernel
- •NAT-Traversal Patch
- •KLIPS Compile Shortcut
- •Activating KLIPS
- •Determining the Stack in Use
- •Building KLIPS into the Linux Kernel Source Tree
- •Building a Standard Kernel
- •NAT Traversal
- •Patching KLIPS into the Linux Kernel
- •Verifying the Installation
- •Summary
- •Manual versus Automatic
- •PSK versus RSA
- •Pitfalls of Debugging IPsec
- •Pre-Flight Check
- •The ipsec verify Command
- •NAT and Masquerading
- •Checking External Commands
- •Opportunistic Encryption
- •The ipsec livetest Command
- •Configuration of Openswan
- •The ipsec.conf File
- •Host-to-Host Tunnel
- •Left and Right
- •The type Options
- •The auto Option
- •The rsasigkey Options
- •Bringing Up the IPsec Tunnels
- •Listing IPsec Connections
- •Testing the IPsec Tunnel
- •Connecting Subnets Through an IPsec Connection
- •Testing Subnet Connections
- •Testing Properly
- •Encrypting the Host and the Network Behind It
- •Employing Advanced Routing
- •Creating More Tunnels
- •Avoiding Duplication
- •The Also Keyword
- •KLIPS and the ipsecX Interfaces
- •Pre-Shared Keys (PSKs)
- •Proper Secrets
- •Dynamic IP Addresses
- •Hostnames
- •Roadwarriors
- •Multiple Roadwarrior Connections
- •Dynamic IP and PSKs
- •Mixing PSK and RSA
- •Connection Management
- •Subnet Extrusion
- •NAT Traversal
- •Deprecated Syntax
- •Confirming a Functional NAT-T
- •Dead Peer Detection
- •DPD Works Both Ways
- •Configuring DPD
- •Buggy Cisco Routers
- •Ciphers and Algorithms
- •Using ike= to Specify Phase 1 Parameters
- •Using esp= to Specify Phase 2 Parameters
- •Defaults and Strictness
- •Unsupported Ciphers and Algorithms
- •Aggressive Mode
- •XAUTH
- •XAUTH Gateway (Server Side)
- •XAUTH Client (Supplicant Side)
- •Fine Tuning
- •Perfect Forward Secrecy
- •Rekeying
- •Key Rollover
- •Summary
- •X.509 Certificates Explained
- •X.509 Objects
- •X.509 Packing
- •Types of Certificates
- •Passphrases, PIN Codes, and Interactivity
- •IKE and Certificates
- •Using the Certificate DN as ID for Openswan
- •Generating Certificates with OpenSSL
- •Setting the Time
- •Configuring OpenSSL
- •Be Consistent with All Certificates
- •OpenSSL Commands for Common Certificate Actions
- •Configuring Apache for IPsec X.509 Files
- •Creating X.509-based Connections
- •Using a Certificate Authority
- •Using Multiple CAs
- •Sending and Receiving Certificate Information
- •Creating your own CA using OpenSSL
- •Creating Host Certificates with Your Own CA
- •Host Certificates for Microsoft Windows (PKCS#12)
- •Certificate Revocation
- •Dynamic CRL Fetching
- •Configuring CRL
- •Online Certificate Status Protocol (OCSP)
- •Summary
- •History of Opportunistic Encryption
- •Trusting Third Parties
- •Trusting the DNS?
- •OE in a Nutshell
- •An OE Security Gateway
- •DNS Key Records
- •Forward and Reverse Zones
- •The OE DNS Records
- •Different Types of OE
- •Policy Groups
- •Internal States
- •Configuring OE
- •Configuring Policies
- •Full OE or Initiate-Only
- •Generating Correct DNS Records
- •Name Server Updates
- •Verifying Your OE Setup
- •Testing Your OE Setup
- •The trap eroute
- •The pass eroute
- •The hold eroute
- •Manipulating OE Connections Manually
- •Advanced OE Setups
- •Caveats
- •Summary
- •Where to Firewall?
- •Allowing IPsec Traffic
- •NAT and IPsec Passthrough
- •Configuring the Firewall on the Openswan Host
- •Firewalling and KLIPS
- •Firewalling and NETKEY
- •Packet Size
- •Summary
- •Microsoft Windows
- •Layer 2 Tunneling Protocol (L2TP)
- •Assigning an IP for VPN Access
- •L2TP Properties
- •Pure IPsec versus L2TP/IPsec
- •Client and Server Configurations for L2TP/IPsec
- •The L2TP Openswan Server
- •Configuring Openswan for L2TP/IPsec
- •Linux Kernel Runtime Parameters for L2TP/IPsec
- •Protecting the L2TP Daemon with IPsec using iptables
- •Choosing an L2TP Daemon
- •Configuring L2TPD
- •Configuring User Authentication for pppd
- •Microsoft Windows XP L2TP Configuration
- •Microsoft Windows 2000 L2TP Configuration
- •Apple Mac OS X L2TP Configuration
- •Server Configuration for X.509 IPsec without L2TP
- •Openswan Configuration for X.509 without L2TP
- •Client Configuration for X.509 IPsec without L2TP
- •Microsoft's IKE Daemon
- •Microsoft's Certificate Store
- •Clients using Microsoft Native IPsec Implementation
- •The ipsec.exe Wrapper
- •The Linsys IPsec Tool (lsipsectool)
- •Securepoint IPsec Client
- •TauVPN (iVPN)
- •The WaveSEC Client
- •Third-Party Replacement Clients for Windows
- •The GreenBow VPN Client
- •Astaro Secure Client
- •Mac OS X IPSecuritas
- •VPNtracker
- •Manual Racoon Configuration
- •Importing X.509 Certificates into Windows
- •Importing X.509 Certificates on Mac OS X (Tiger)
- •Summary
- •Openswan as a Client to an Appliance
- •Preparing the Interop
- •The Human Factor
- •Terminology
- •Preparation
- •IPsec Passthrough
- •Tunnel Limitations
- •Anticipate Known Problems
- •Update the Firmware
- •GUI Issues
- •Keepalives
- •ISP Filtering
- •Frequently used VPN Gateways
- •Webmin with Openswan
- •Cisco VPN 3000
- •Cisco PIX Concentrator
- •Nortel Contivity
- •Checkpoint
- •WatchGuard Firebox
- •Symantec
- •Frequently used VPN Client Appliances
- •ZyXEL
- •DrayTek Vigor
- •The Vigor Web Interface
- •Windows Logon Issues
- •Other Vigorisms
- •Unresolved Issues
- •NetScreen
- •Known Issues
- •SonicWALL
- •BinTec
- •LANCOM
- •Linksys
- •Lucent Brick
- •NETGEAR
- •KAME/Racoon
- •Aftercare
- •Summary
- •Methods of Encryption
- •Host-to-Host Mesh
- •Host-to-Gateway Setup
- •Single IP Extrusiautomation or L2TP
- •Opportunistic Encryption in the LAN
- •Non-OE-Capable Machines
- •Designing a Solution for Encrypting the LAN
- •Design Goals
- •Separation of WiFi and Crypto
- •Link Layer Protection
- •The Logical Choice: IPsec
- •Hotspot
- •WaveSEC
- •Full WaveSEC
- •Catch 22 Traffic
- •Building a WaveSEC Server
- •DHCP Server Setup
- •DNS Server Setup
- •Openswan Server Setup
- •Catch 22 Traffic Setup
- •Building a WaveSEC Client
- •DH Client Setup
- •Openswan Setup
- •Testing the WaveSEC
- •Starting the WaveSEC Connection
- •Known Issues with WaveSEC
- •WaveSEC for Windows
- •Design Limitations
- •Building a WaveSEC for Windows Server
- •Obtaining the Certificate and Client Software
- •Our Prototype Experiences
- •Openswan Issues
- •Windows Kernel Issues
- •Summary
- •Cipher Performance
- •Handling Thousands of Tunnels
- •Managing Large Configuration Files
- •Standard Naming Convention
- •The also= Parameter
- •The include Parameter
- •Openswan Startup Time
- •Limitations of the Random Device
- •Other Performance-Enhancing Factors
- •Logging to Disk
- •Disable Dead Peer Detection
- •Reducing the Number of Tunnels
- •OSPF Setup
- •BGPv4 Setup
- •High Availability
- •Heartbeat
- •Xen Migration
- •Using Anycast
- •Summary
- •Do Not Lock Yourself Out!
- •Narrowing Down the Problem
- •Host Issues
- •Configuration Problems
- •Connection Names
- •Interoperability
- •Hunting Ghosts
- •Rekey Problems (After an Hour)
- •Openswan Error Messages
- •IKE: Unknown VendorIDs
- •Network Issues
- •Firewalls
- •MTU and Fragmentation Issues
- •Debugging IPsec on Apple Mac OS X
- •Debugging IPsec on Microsoft Windows
- •Oakley Debugging
- •Debugging ipsec.exe
- •Microsoft L2TP Errors
- •You Suddenly Cannot Log in Anymore over the VPN
- •Software Bugs
- •Userland Issues: Assertion Failed or Segmentation Faults
- •Kernel Issues: Crashes and Oopses
- •Memory Issues
- •Common IKE Error Messages
- •Common Kernel-Related Error Messages
- •Common Errors when Upgrading
- •Using tcpdump to Debug IPsec
- •Situation A: No Communication on Port 500
- •Situation B: Failure at Third Exchange
- •Situation C: QUICK Mode Initiates, but Never Completes
- •Situation D: All IKE Messages Occur, but no Traffic Flows
- •A Final tcpdump Example
- •User Mode Linux Testing
- •Preparing the Openswan for the UML Build Process
- •Running the UMLs
- •Writing a UML Test Case
- •Debugging the Kernel with GDB
- •Asking the Openswan Community for Help
- •Internet Relay Chat (IRC)
- •The Openswan Mailing Lists
- •Posting to the Lists
- •Research First, Ask Later
- •Free, as in Beer
- •Do not Anonymize
- •Summary
- •Linux Kernel Developments
- •Kernel API Changes between 2.6.12 and 2.6.14
- •Red Hat Kernel Developments
- •Fedora Kernel Source/Headers Packaging Change
- •MD5 Insecurities
- •Discontinuation of Openswan 1 by the End of 2005
- •Update on UML Testing Suite Installation
- •Openswan GIT Repositories
- •Openswan on Windows and Mac OS X Updates
- •Known Outstanding Bugs
- •Vulnerability Fixes in Openswan 2.4.4
- •The OSI Model and the IP Model
- •No Layers, Just Packets
- •The Protocol
- •IP Network Overview
- •IP Address Management
- •The Old IP Classes
- •Classless IP Networks
- •The Definition of a Subnet
- •Calculating with Subnets: The Subnet Mask
- •The Rest of the Network
- •Linux Networking Commands
- •Routing
- •Routing Decisions
- •Peering
- •Network Address Translation
- •Port Forwarding
- •Openswan Links
- •Community Documentation
- •Generic Linux Distributions Containing Openswan
- •Specialized Linux Distributions Containing Openswan
- •Overview RFCs
- •Basic Protocols
- •Key Management
- •Procedural and Operational RFCs
- •Detailed RFCs on Specific Cryptographic Algorithms and Ciphers
- •Dead Peer Detection RFCs
- •NAT-Traversal and UDP Encapsulation RFCs
- •RFCs for Secure DNS Service, which IPSEC May Use
- •RFCs Related to L2TP, Often Used in Combination with IPsec
- •RFCs on IPsec in Relation to Other Protocols
- •RFCs Not in Use or Implemented across Multiple Vendors
- •Index
B
Networking 101
The Internet has become a big place, with many different kinds of individual computers as well as LANs connected to it. Sometimes a group of LANs have special interconnections, making a Wide Area Network (WAN). Though these networks used to operate using a variety of network protocols, these have all more or less died out in favor of one, the Internet Protocol, or IP. Protocols that did not make it to the Internet include IPX, DecNet, NetBEUI, LAT, and X.25. This book focuses only on the IP protocol. Many of these obsolete protocols can be encapsulated in IP packets if they really need to travel over the Internet. Sometimes the entire Internet Protocol is called TCP/IP, although technically speaking this is a very bad name.
The OSI Model and the IP Model
The Internet Protocol defies the old OSI network model from the ISO committee. For those of you who still try to believe in this model, think about it for a bit. You might be able to match some things, such as 802.3 to layer 2, IP to layer 3, TCP to layer 4, TLS to layer 5, HTTP to layer 6, and HTML to layer 7. But ICMP is also layer 3, IPsec ESP is layer 2, 3, and 4, since ESP can live on top of layer 3 (therefore it must be 4 also), and it can have layer 4 in it (so it must be layer 3), and it can have a layer 3 in it (so it must be layer 2). We will try and prevent using anything from this old model, and we encourage you to rip your OSI model poster off the wall and focus on the properties of IP. Welcome to the real world...
No Layers, Just Packets
The IP protocol has no concept of layers. It consists simply of packets. When people talk about layers (often layer 2 or layer 3) they are actually talking about how to stuff IP packets into some transport medium such as coax cables, fiber, WiFi, or Ethernet. We will hardly have to worry about those layers, since IPsec deals with IP packets, and not the physical medium of sending those packets.
If you connect from one machine to the other, you are sending and receiving packets. A connection is nothing more than two machines remembering the state of the packets sent and received. An IP packet consists of an IP header, and the IP body. The header contains information that ensures the packets are passed along until they reach their destination. The header also describes what kind of data is inside the packet. The body is the actual data, or the payload.
Networking 101
Each IP packet's header contains the source address, the IP address of the machine that created the packet (and later on perhaps expects an answer). It contains the destination IP address, the place where this packet is intended to go, and a protocol number. Most protocols also require a port number. The IP header has further space for a bunch of other options or flags that can be set.
The Protocol
Without going into too much detail about all the different kinds of protocols and options, Internet communication today mostly consists of two protocols, TCP and UDP. Note that technically we should be talking about sub-protocols of the IP protocol, but the fact that to do so would actually make things more confusing is only proof that the OSI model is dead.
These two IP protocols, TCP and UDP, have ports, which are simply a way of sub-addressing an IP address. Ports go from 1 to 65535. TCP and UDP connections are therefore characterized by four properties: source address, source port, destination address, and destination port. You can either listen or send on a certain address and port, but you can not use them for both sending and receiving at the same time.
These ports are separate 'entries' into the host. For instance, email is sent using the SMTP protocol, which consists of a TCP connection to the IP address of a mail server on port 25. A DNS server listens on UDP port 53 for questions about translating a hostname to an IP address.
Another well known IP protocol is ICMP. This protocol is used to send error or informational messages. The ping command uses an ICMP packet. The ICMP protocol has no ports. Actually, this protocol is a bit special, as it is a control function of the IP protocol, and not a sub-protocol of the IP protocol.
IP Network Overview
Most people are familiar with IP address notation and netmasks, but in our support work and on the mailing lists we often see people using impossible configurations. Usually, this is because they have not fully understood the meaning of netmasks, the CIDR notation, or the concept of the gateway. We will give a quick explanation of these concepts for IPv4. If you are familiar with these, you can skip this part, but be aware that if you do not fully understand netmasks and gateways, you will run into problems later.
If you connect a computer to the Internet, you have to ensure that its address is unique, or else you cannot distinguish it. This is done by assigning the computer (which becomes a host on the network) an Internet Protocol address, or IP address.
An IPv4 address is a unique 32 bit number. Because humans are not fluent in binary notation, we write them in a special way, four bytes separated by dots. For example, 193.110.157.77 is the IP address of the mailing list server of the Openswan project.
IP Address Management
These addresses are handed out in chunks by a few central organizations. This registration started with Jon Postel, who started the IANA, the Internet Assigned Number Authority. After the Internet hype and commercial and government interests in the Internet increased, this technical
312
Appendix B
process became a political process. Currently, the authority for these numbers formerly resides at ICANN, though in practice the three Regional Internet Registrars (RIRs) control and hand out the address space. ARIN hands out IP addresses in North and South America, RIPE hands them out in Europe and bits of Africa and the Middle East, and APNIC gives out addresses to the Asian and Pacific regions.
The Old IP Classes
In the early days, these chunks of addresses were split up in classes. The smallest class was the Class C, which would have 256 IP addresses. For example, 193.111.228.*, where * can be any number between 0 and 255. Bigger organizations such as universities would receive a Class B, for example 131.174.*.*. They could then split that class B into smaller class C networks for internal use. Some organizations were lucky enough to receive a huge pool, a class A. Stanford University used to have 36.*.*.*.
We will not go into the political discussion of the IP space shortage, but when it was deemed that this was a problem, people wanted to replace this system of network classes with something else. The problem of these classes was that a lot of IP addresses were wasted. If you needed 300 addresses, you could not use a class C, so you would get a class B, which contained 256*256= 65536 addresses, of which 65000 would be wasted. The difference between a class B and a class A is even worse.
Classless IP Networks
The concept of classes was replaced as ISPs needed to hand out smaller chunks of IP addresses to their customers. Instead of giving every customer 256 IP addresses, they would receive much smaller chunks. This could be any power of two between 4 and 256.
The Definition of a Subnet
Every Internet-connected network has two sides, the inside and the outside. Hosts on the inside can be reached directly, without the help of another host. The inside network is often called the LAN, which stands for Local Area Network. Sometimes people distinguish the LAN from a remote network according to who administers the hosts. An organization can have several local networks that fall into the larger corporate network. If you look at the corporate network as a whole versus the Internet, then you can call that corporate network the LAN too. We will be focusing on the technical aspects of networks. When we say local network, we mean this from the technical point of view. Two machines are in the same local network if they can communicate to each other without the help of a third host, even if they are five buildings and six kilometers apart, or end up belonging to a different company department and system administrator. The entire local network of all machines that can talk to each other without a third host is also called a subnet. The term subnet originates from the old days when we still spoke about classes. If you had a class B network, you could subnet this class into C classes and give separate buildings or departments their own subnet. These days we still speak of subnets, but more in a sense that every network on the Internet is a subnet of that Internet.
313
Networking 101
Calculating with Subnets: The Subnet Mask
Because subnets can have different sizes, we need to have a method for hosts to know what they should consider as their subnet. You do not want the host to try and find the host in the local subnet when the host it is trying to talk to is on the other side of the planet. Remember that an IP address is just a 32-bit number. The IP address 193.110.157.77 can be written in bits as 11000001 01101110 10011101 01001101. What do we know about these bits for the subnet that contains all the addresses in 193.110.157.*? Well, we notice that some of the bits, in our case the first 24, are always the same. The last 8 bits change, depending on the number we want that "*" to be, as anything from 0 to 255. This is exactly what the subnet mask (also called the netmask) tells us. It is also a series of 32 bits, but now the bits do not represent a number, but the property of a bit in the IP address.
For each bit in an IP address range that will never change, the corresponding bit in the netmask will be 1. If changing a bit in an IP address would indicate a different host in the same network, the netmask bit corresponding to the address bit would be 0.
Let us visualize this in a table, because it sounds a lot more complex than it really is. Let us write down our IP address, but also the first and last address possible in our subnet. The parts in bold in the table below never change, and are part of the subnet, and thus receive a 1 in the netmask.
IP address |
Binary notation |
|
|
|
|
|
|
|
|
193.110.157.0 |
11000001 |
01101110 |
10011101 |
00000000 |
193.110.157.77 |
11000001 |
01101110 |
10011101 |
01001101 |
193.110.157.255 |
11000001 |
01101110 |
10011101 |
11111111 |
Netmask |
11111111 |
11111111 |
11111111 |
00000000 |
|
|
|
|
|
As expected, the only difference between IP addresses in the 193.110.157.* range are the last 8 bits: the first 24 bits (3 bytes) are always the same. We can also see another property of the netmask. It will always start with 1s and at one (and only one) point, it will switch to zeros. This is because our subnets will always be a continuous set of increasing numbers, e.g. from 0 to 255.
So if we want to describe our IP address and its subnet, we could use the decimal syntax 193.110.157.77/255.255.255.0. This gives us all the information we need. Our host's IP address is 193.110.157.77, and all the IP addresses that fall within 193.110.157.* can be reached directly.
But since sysadmins are inherently lazy, they do not want to write all these netmask numbers every time they need an address. Instead, a shorthand notation is used. For instance, for '255.255.255.0' we count the number of 1s in the netmask, and write that. So, the most common notation for our
machine here would be 193.110.157.77/24. If we want to describe the entire subnet instead of a single host in a subnet, we would use the lowest address in that subnet. Our subnet would be written as
193.110.157.0/24. This is called the CIDR notation, the Classless Internet Domain Routing notation.
314