VPN everywhere: IPsec without L2TP with strongSwan

strong enough swan

If you have ever looked for a VPN that will work on desktops, mobile devices and routers without installing additional software and flashing the router, you probably chose between PPTP and L2TP + IPsec. PPTP has problems with security and passing through firewalls and NAT, so in 2015 it is not worth using, and using L2TP is unnecessary, because L2 VPN, in my opinion, is almost never needed for normal remote access.

It's amazing that it's not so easy to find information on the Internet to configure something other than L2TP + IPsec in transport mode, given that this is an extensive stack of protocols that can be configured literally as you please, so I will try to eliminate such imperfection of the world.
')

A little introduction to the world of IPsec

Generally speaking, it is not entirely correct to call IPsec VPN. IPsec is not designed to build "virtual private networks", but was created to encrypt or protect against the substitution of data transmitted over IP. This is a special layer on top of IP, which, depending on the mode and settings, works differently. Unlike the usual VPN, which creates a new interface in the system to which you, as it most often happens, assign an IP subnet from a range of private addresses (that is, create a new network segment) and through which traffic is encrypted in the encrypted form IPsec simply encrypts traffic magically between the “external” server and client interfaces.

Modern IPsec uses:

• Authentication Header (AH) is a protocol that provides sender authentication and data integrity. Signs not only the packet data, but also all headers, except for changeable fields (ToS, TTL, cheksumma).
• Encapsulating Security Payload (ESP) - protocol that provides authentication, integrity, and confidentiality
• Security Association (SA) - parameter with channel encryption settings
• Internet Key Exchange (IKE and IKEv2) - protocol for the exchange of parameters, settings and negotiation SA

AH and ESP are transport protocols encapsulated directly into IP, having their own values ​​for the Protocol field in the IP header. In today's world, where NAT is behind NAT in NAT with NAT, something more familiar should be used, so encapsulation of ESP packets in UDP is now widely used. AH does not support work through NAT.

IPsec itself supports two modes of operation:

• Transport mode Signs headers and data (if AH) or signs and encrypts data (if ESP) of the packet. Do not hide the recipient IP address of the packet if it is routed. This mode is used for the L2TP + IPsec bundle.
• Tunnel mode Signs (if AH) and still encrypts (if ESP) the entire packet .

IKE allows client authentication using X.509 certificates, Pre-Shared Key and Extensible Authentication Protocol (EAP). Two-step authentication is supported.

All modern desktop operating systems (Windows Vista / 7/8 / 8.1, OS X, Linux), mobile devices (Android, iOS, Windows Phone, Blackberry) and some routers support VPN using IPsec ESP in tunnel mode and its configuration via the Internet protocol Key Exchange (IKE) version 1 or 2, which means that we will configure IPsec in this way.

By the way, write IPsec correctly, but Cisco IP S ec.

Linux IPsec

IPsec itself (AH / ESP, SA) runs in the kernel, so we need an IKE daemon to transfer settings to connecting clients. There are quite a few of them, but there are only two full-fledged and active ones at the moment: strongSwan and libreswan . I didn’t use the second one, I can’t say anything about it, but the first one is wonderful and amazing, besides, it is the only demon that has its own userspace-implementation of IPsec, so it can be used in OpenVZ containers with the old dinosaur core 2.6.32 with broken support for IPsec routing.
We will need strongSwan version minimum 5.0.0. I recommend using version not lower than 5.2.0, since It is in this version that the “swanctl” utility appeared, which is much more convenient than the old “ipsec”. The utility will be required, by and large, only to display some information or statistics, it is not necessary for configuration and only ipsec can be dispensed with, but only it will be used in the article.

We may need some modules that may not be in the standard package:

• xauth-noauth - fake authenticator, allows you to enter any username and password. Needed for iPhone and iPad with key authentication only, since there is no possibility to disable authentication by login and password.
• vici - interface for swanctl.
• libipsec - for userspace IPsec (for OpenVZ and, possibly, other containers).

If you are not confused by the need to enter a username and password on the iPhone, you do not need swanctl and you are not going to run it all in an OpenVZ container, then you do not need to recompile anything.
Unfortunately, the strongSwan maintainers in Debian have not packed any of this (as of February 2015), so I made a patch that you can use.

Go to setting

We will configure the connection via IKEv2 (Windows, Linux, Blackberry), IKEv1 + XAUTH (iOS, OS X, Android) and IKEv2 + EAP-TLS (Windows Phone). Use keys, no PSK!
The developers of strongSwan suggest that we use the “ipsec pki” command to generate keys, but it is just as inconvenient as the usual openssl, so I adapted Easy-RSA v3 from OpenVPN to generate both OpenVPN and IPsec-compatible keys. With it, you can use one keychain for two protocols!
github.com/ValdikSS/easy-rsa-ipsec
Easy-RSA is extremely simple, it is a pleasure to maintain a PKI infrastructure with it!

So, we initialize PKI and create CA, server and client keys. It is important that the name of the server key matches the FQDN (domain, in other words) of your server!

$ git clone https://github.com/ValdikSS/easy-rsa-ipsec.git
$ cd easy-rsa-ipsec/easyrsa3
$ ./easyrsa init-pki

init-pki complete; you may now create a CA or requests.

$ ./easyrsa build-ca nopass
Generating a 2048 bit RSA private key
…
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:IPsec CA
…

$ ./easyrsa build-server-full uk1.pvpn.pw nopass
Generating a 2048 bit RSA private key
…
Write out database with 1 new entries
Data Base Updated

$ ./easyrsa build-client-full client1 nopass    
Generating a 2048 bit RSA private key
…
Write out database with 1 new entries
Data Base Updated

$ ./easyrsa export-p12 client1 nopass
Successful export of p12 file. Your exported file is at the following
location…

. nopass , ( ).

/etc/ipsec.d/, strongSwan :

# cp pki/ca.crt /etc/ipsec.d/cacerts/
# cp pki/issued/uk1.pvpn.pw.crt /etc/ipsec.d/certs/
# cp pki/private/uk1.pvpn.pw.key /etc/ipsec.d/private/

strongSwan!
, /etc/ipsec.secrets

# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.

# this file is managed with debconf and will contain the automatically created private key
include /var/lib/strongswan/ipsec.secrets.inc

: RSA uk1.pvpn.pw.key

/etc/ipsec.conf

# ipsec.conf - strongSwan IPsec configuration file

# basic configuration

config setup
	# strictcrlpolicy=yes
	# uniqueids = no

include /var/lib/strongswan/ipsec.conf.inc

conn %default
	dpdaction=clear
	dpddelay=35s
	dpdtimeout=300s

	fragmentation=yes
	rekey=no

	ike=aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!

	esp=aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp1024,aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,aes128-aes256-sha1-sha256,aes128-sha1,3des-sha1!

	# left - local (server) side
	left=%any
	leftauth=pubkey
	leftcert=uk1.pvpn.pw.crt
	leftsendcert=always
	leftsubnet=0.0.0.0/0,::/0

	# right - remote (client) side
	right=%any
	rightauth=pubkey
	rightsourceip=192.168.103.0/24,2002:25f7:7489:3::/112
	rightdns=8.8.8.8,2001:4860:4860::8888

conn ikev2-pubkey
	keyexchange=ikev2
	auto=add

conn ikev2-pubkey-osx
	also="ikev2-pubkey"
	leftid=uk1.pvpn.pw

conn ikev1-fakexauth
	keyexchange=ikev1
	rightauth2=xauth-noauth
	auto=add

conn ikev2-eap-tls
	also="ikev2-pubkey"
	rightauth=eap-tls
	eap_identity=%identity

, . config setup : strictcrlpolicy = yes , uniqueids = no .
. %default , . :

• dpdaction=clear Dead Peer Detection (DPD) , ,
• dpddelay=35s — DPD
• dpdtimeout=300s — DPD
• fragmentation=yes — . IPsec , IP- (, !)
• rekey=no — . Windows .
• ike — ciphersuites IKE (.. , SA)
• esp — ciphersuites
• left right —
• leftid — FQDN. IKEv2 OS X El Capitan
• leftauth/rightauth=pubkey —
• leftsubnet — , ( IPv4 IPv6-). IPv6, .
• rightsourceip — IP-, . IPv6, .
• rightdns — IP- DNS-

ciphersuites ike esp. , - , - , , . AEAD-, .. , , - Perfect Forward Secrecy (PFS). , IPsec. AEAD-, ike . AES-CBC -. , PFS, .

xauth-noauth ikev1-fakexauth, xauth /etc/ipsec.secrets, , client1:

client1 : XAUTH "client1"

: ikev2-pubkey IKEv2, ikev1-fakexauth IKEv1 ikev2-eap-tls — IKEv2+EAP-TLS Windows Phone. strongSwan.

, swanctl -L

$ swanctl -L
ikev2-pubkey: IKEv2
  local:  %any
  remote: %any
  local public key authentication:
    id: CN=uk1.pvpn.pw
    certs: CN=uk1.pvpn.pw
  remote public key authentication:
  ikev2-pubkey: TUNNEL
    local:  0.0.0.0/0 2000::/3
    remote: dynamic
ikev1-fakexauth: IKEv1
  local:  %any
  remote: %any
  local public key authentication:
    id: CN=uk1.pvpn.pw
    certs: CN=uk1.pvpn.pw
  remote public key authentication:
  remote XAuth authentication:
  ikev1-fakexauth: TUNNEL
    local:  0.0.0.0/0 2000::/3
    remote: dynamic
ikev2-eap-tls: IKEv2
  local:  %any
  remote: %any
  local public key authentication:
    id: CN=uk1.pvpn.pw
    certs: CN=uk1.pvpn.pw
  remote EAP authentication:
  ikev2-eap-tls: TUNNEL
    local:  0.0.0.0/0 2000::/3
    remote: dynamic

MTU

- IPsec-, MTU , Android MTU 1500, - . , TCP MSS TCP- . 1360 IPv4 1340 IPv6, 1400 :

# iptables -t mangle -I FORWARD -p tcp -m policy --pol ipsec --dir in --syn -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
# iptables -t mangle -I FORWARD -p tcp -m policy --pol ipsec --dir out --syn -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
# ip6tables -t mangle -I FORWARD -p tcp -m policy --pol ipsec --dir in --syn -m tcpmss --mss 1341:1536 -j TCPMSS --set-mss 1340
# ip6tables -t mangle -I FORWARD -p tcp -m policy --pol ipsec --dir out --syn -m tcpmss --mss 1341:1536 -j TCPMSS --set-mss 1340

. NAT, !

*.p12, IPsec PKI, IPsec XAUTH RSA IKEv2 ( ), .
! , . IP-, , !

Windows

Windows 7, 8, 8.1 (IKEv2)




Windows Vista (IKE)
IKE Windows Vista

OS X iOS

iOS OS X

Android

IPsec- Android IKE, strongSwan IKEv2. strongSwan .

, « SD-» «». VPN, «IPSec Xauth RSA», « » , , , « IPSec» « IPSec» «client1». , .

IPsec, , OpenVPN, . VPN- L2TP+IPsec , .. strongSwan ( Radius, ). strongSwan .
IPsec, , , , SIM- IPSECKEY- , DNSSEC.
IPsec - NSA, , , Don’t stop using IPsec just yet, .