Freebsd ipsec mini-howto
BY JOSH TIEFENBACH
Introduction
The Latest Version of this Tutorial Can Always Be Found AT:
http://asherah.dyndns.org/~josh/ipsec-howto.txt http://www.x-itec.de/projects/tuts/ipsec-howto.txt
This document is intendeded to be a primsd Up and Running, Interoperating Both with another freebsd (or netbsd or any) machine, and a windows 2000 machine.
IPsec is a means to secondwe.. And can secure Both IPv4 and ipv6 traffic. Only ipsec over ipv4 will be discussed here.
IPsec can be used to build tunnels between subnets (tunnel mode) or secure communication between two machines directly (transport mode) with the guarantee that the packets are encrypted, authenticated and anti-replay protected (by sequence-numbers) with limited traffic flow confidentiality . by design, IPsec communication is encrypted by symmetric algorithms (Blowfish, DES, 3DES). This is known as ESP (Encapsulating Security payload) mode, in which the payload of a packet is encrypted. The headers of the packet are left untouched. If you do not want to encrypt the traffic, you can use IPsec in what's known as AH (Authenticaed header) mode. in this mode, the payload of the packet is not encrypted, but the header fields are hashed using a secure hashing function, And an additional header containing this has added to the packet to allow the information in the packet to be authenticated.
THIS Document Will Not Describe The Overall ArchitechTure Of IPsec, And Its Component Protocols. We will show Only Some Basics Here.
IF We Take a Technical Look at The TCP Packet, We Have The Following Structure NOW (See RFC 2406). The Drawings Are from this RFC for Education ESP
----------------------------
IPv4 | Orig IP HDR | | | |
| (Any Options) | TCP | DATA |
----------------------------
After Applying ESP
-------------------------------------------------
IPv4 | Orig IP HDR | ESP | | | ESP | ESP |
| (Any Options) | HDR | TCP | DATA | Trailer | Auth |
-------------------------------------------------
| <----- Encrypted ----> |
| <------ Authenticated -----> |
IF WE Would Have IPv6, The Design Would Look Like this:
Before Applying ESP
---------------------------------------
IPv6 | | EXT HDRS |
| Orig IP HDR | IF Present | TCP | Data |
---------------------------------------
After Applying ESP
-------------------------------------------------- -------
IPv6 | Orig | Hop-by-hop, dest *, | | DEST | | | ESP | ESP |
IP HDR | Routing, Fragment. | ESP | OPT * | TCP | DATA | Trailer | Auth |
-------------------------------------------------- -------
| <---- Encrypted ----> |
| <---- Authenticated ----> |
* = if present, Could Befor ESP, After ESP, or Both
It is important to know what we are doing here to understand the mechanism how ESP works so we know what we are doing and WHY we are NOT using a SSH tunnel or similar. This is a structure of the ESP header, some of the words you May Have Read Somewhere, and this graphic may help you to understand Something More About ESP.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- - - - - - - - - - - - - - - - ---- | Security Parameters Index (SPI) | ^ Auth.
- - - - - - - - - - - - - - - - | COV-
| SEQUENCE NUMBER | | ERAGE
- - - - - - - - - - - - - - - - | ----
Payload Data * (Variable) | | ^
~ ~ | |
| | | CONF.
- - - - - - - - - - - | COV-
| | Padding (0-255 BYTES) | | ERAGE *
- - - - - - - - - - | | |
| | Pad Length | Next Header | V V
- - - - - - - - - - - - - - - ----
| Authentication Data (variable) | ~ ~ ~
| | |
- - - - - - - - - - - - - - - -
* If incruded in the payload field, Cryptographic
Synchronization Data, E.G., An Initialization Vector
If you hear somewhere Words Like "Padding", "Sequence Numbers", or "Payload Data"; if you are ready the docs of racoon.conf (5) or setkey (8) Now you know That Sests of Information Are A Part Of The ESP Header or It Has Something To Do Do IPsec.
The Basic Procedure for Implementing IPsec IS:
Configure Kernel Set Security Policy Configure Key Exchange
Getting start
In order to use IPsec on a FreeBSD machine, it is highly recommended that you be running FreeBSD 4.1 or later. While the KAME IPsec code exists in versions prior to this (notably FreeBSD 3.x), it is not sufficient to be able to Use the Racoon Ike (Internet Key Exchange) Daemon to Perform Automatic Keying.
To add ipsec support to your kernel, add the fold lines to your kernel config file
Options IPsec #ip Security
Options IPsec_esp #ip security (Crypto; Define W / IPSec)
Options ipsec_debug #debug for ip security
Additional, if you want to use ipsec in tunnel mode, you may will alsowant to add the follow line to the kernel config:
Device GIF 4
Recompile and install the new kernel.
Install the Racoon Daemon from ports:
cd / usr / ports / security / racoon; make all install cleanCurrently the latest version of the port is racoon-20001111a While it is possible to have 2 FreeBSD machines communicate via IPsec using only manual keying (that is, manually specifying the encryption keys. ), NOT ONLY IT Not INTERESTINGOR PRACTIAL, But it's Won't work when you try to interact with a win2k machine.
Setting Security Policy
An integral part of IPsec, is letting the kernel know which packets it should be encrypting and how it should be encrypting them, whether to use AH (authentication header) mode or ESP (encapsulating security payload) mode, and what encryption and hashing algorithms to USE.
THESE DECISIONS ARE REFERRED TO AS 'Policy', Andre Stored IN A Table in The Kernel Known As The Security Policy Database (SPD). You can use the setkey (8) Program to manipulate the SPD.
There is also a table in the kernel which stores the various encryption keys needed to secure communications between hosts. This table is known as the Security Association Database (SAD). If you are configuring IPsec using manual keying then the setkey (8) program is Also used to configure the manual keys in the sad. if you are using ike.....................
IF you have 2 Freebsd Machines, Node a with an ip address of 1.2.3.4, and Node B with an address of 5.6.7.8, then the Following Commands Will Add Policy To The SPD to Enable IPsec Between The 2 Nodes:
#! / bin / sh
# THESE COMMANDS NEED TO BE RUN Node a
# The Next 2 Lines Delete All Existing Entries from the SPD AND SAD
SetKey-FP
SetKey -f
# | Add the policy
SetKey -C << EOF
SPDADD 1.2.3.4/32 5.6.7.8/32 Any -P OUT IPSECESP / TRANSPORT / 1.2.3.4-5.6.7.8 / Require
SPDADD 5.6.7.8/32 1.2.3.4/32 Any -P in ipsec
ESP / Transport / 5.6.7.8-1.2.3.4 / Require;
EOF
The first spdadd command sets the policy that all outgoing packets from 1.2.3.4/32 to 5.6.7.8/32 will be required to be encrypted using ESP. The second spdadd command sets the same policy, but for incoming packets from 5.6.7.8/ 32 TO 1.2.3.4/32
#! / bin / sh
# THESE COMMANDS NEED TO BE RUN NODE B
# The Next 2 Lines Delete All Existing Entries from the SPD AND SAD
SetKey-FP
SetKey -f
# | Add the policy
SetKey -C << EOF
SPDADD 5.6.7.8/32 1.2.3.4/32 Any -P OUT IPSec
ESP / Transport / 5.6.7.8-1.2.3.4 / Require;
SPDADD 1.2.3.4/32 5.6.7.8/32 Any -P in ipsec
ESP / TRANSPORT / 1.2.3.4-5.6.7.8 / Require;
EOF
Examples On How To Set Set ENTRIES Using SetKey (8) Are Given In The IPsec Section of The FreeBSD Handbook.
AH VS ESP. Tunnel vs Transport
Given even a casual reading of the available IPsec documentation, one can get rather confused as to what mode they should be running in. Unless you are wanting to set up a VPN, then the mode that you probably want is ESP / transport.
In ESP / transport mode, each packet that is destined for a host for which IPsec is requested has its payload encrypted. In tunnel mode, the entire packet (including the encrypted payload) is encapsulated within another packet before being sent off to the remote host .
However, if your goal is to set up a VPN, that is, link 2 widely-separated networks together over the Internet, then you'll probably want to use ESP / tunnel mode. The configuration of the SPD for tunnel mode is very similar That of transport mode. The Major Change That Is Done is The Use of the Gif (4) Device to Implement The IP-IP Tunneling.Returning to Our Hypothetical Nodes A and B, PRESUME The Following Network Topology:
Internal Net A <-> Node a <----> Internet <------> Node B <-> Internal Net B
WHERE
Node a's internal address is 10.10.10.1/24
External Address IS 1.2.3.4
Node B 'Sternal Address IS 10.20.20.1/24
External Address IS 5.6.7.8
Then to Configure Policy on Node A:
#! / bin / sh
# THESE COMMANDS NEED TO BE RUN Node a
# Set up The tunnel device. This presumes you have gif (4) Support
# GIF0 Connects 1.2.3.4 to 5.6.7.8
GIFCONFIG GIF0 1.2.3.4 5.6.7.8
# The 'Internal' Side of the Tunnel Connects 10.10.10.1 to 10.20.20.1
Ifconfig gif0 inet 10.10.10.1 10.20.20.1 Netmask 255.255.255.0
# The Next 2 Lines Delete All Existing Entries from the SPD AND SAD
SetKey-FP
SetKey -f
# | Add the policy
SetKey -C << EOF
SPDADD 10.10.10.0/24 10.20.20.0/24 Any -P OUT IPSec
ESP / TRANSPORT / 1.2.3.4-5.6.7.8 / Require;
SPDADD 10.20.20.0/24 10.10.10.0/24 Any -P in ipsec
ESP / Transport / 5.6.7.8-1.2.3.4 / Require;
EOF
Note The Difference In The SPDADD Command. We are setting policy to have traffic from the network 10.20.20 / 24 to the network 10.20.20 / 24 be encrypted (VIA ESP), And Routed from 1.2.3.4 to 5.6.7.8, and Vice Versa.
And On Node B:
#! / bin / sh
# THESE COMMANDS NEED TO BE RUN NODE B
# Set up The tunnel device. This presumes you have gif (4) Support
# GIF0 Connects 5.6.7.8 to 1.2.3.4gifconfig GIF0 5.6.7.8 1.2.3.4
# The 'Internal' Side of the Tunnel Connects 10.20.20.1 To 10.10.10.1
Ifconfig gif0 inet 10.20.20.1 10.10.10.1 Netmask 255.255.255.0
# The Next 2 Lines Delete All Existing Entries from the SPD AND SAD
SetKey-FP
SetKey -f
# | Add the policy
SetKey -C << EOF
SPDADD 10.20.20.0/24 10.10.10.0/24 Any -P OUT IPSec
ESP / Transport / 5.6.7.8-1.2.3.4 / Require;
SPDADD 10.10.10.0/24 10.20.20.0/24 Any -P in ipsec
ESP / TRANSPORT / 1.2.3.4-5.6.7.8 / Require;
EOF
Automatic Key Exchange Using Racoon
Configuring racoon to the point where you can successfully exchange keys is reasonably easy. The default racoon.conf file is sufficient for a basic setup. However, we would recommend that the following items be changed.
The Default Log Level of "Debug4" is Very Chatty. While ITS Handy When Setting Things Up Normal, ITS A Bit Excessive for Normal Usage. To Reduce Logging, Change The Line
Log "debug4";
TO
Log "info";
In a thread on the freebsd-net mailing list, it was pointed out that the default values for the lifetime of the keys negotiated by racoon is far too short for WAN links, especially over PPPoE links. Thus, you may want to give thought to CHANGING The 'Lifetime Time' and 'Lifetime Byte' Parameters in The 'Sainfo Anonymous' Stanza To 3600 Seconds and 50000 KB Respectively.
Part of the key-exchange process requires that the 2 nodes agree on some predetermined secret. This can be accomplished either by presenting X.509 certificates, or (simpler) via some pre-shared text key. To configure a pre-shared key, You Must Edit The /us/local/tc/racoon/psk.txt File on Both Nodes.
In The Psk.txt File, Add The Following Line: Peer_ip_address Sharedkey
IF you were configuring ipsec to talk to a peer with an ip of 5.6.7.8 and a shared key of 'thisisatest' Then You'd add the line
5.6.7.8 THISATEST
To the psk.txt file on what machine.
Make Sure That The Psk.txt File Is Mode 600 And Owned by root, Else Racoon Will Refuse To Read IT.
At this Point, you can Launch Racoon On Both Boxes Via the Following Command:
/ usr / local / sbin / racoon -f /usr/local/etc/racoon/racoon.conf
If you've done everything right, then pinging either host should work. There will be a brief delay while racoon exchanges keys, but then you'll see packets flow. The default location of racoon's log file is / var / log / racoon. Log. by tailing the log you can see the keys being exchancted.
Interoperateing with win2k
It is possible to have a FreeBSD box use IPsec to communicate with a Win2k machine. As you can not setup manual keying when interoperating with a Win2k machine, you must use racoon to automatically exchange keys. Also you should know that there are some limitations on a Win2k Machine and IT IS NOT AS Secure As An Encrypted FreeBSD Network (Fewer Algorithms, Fewer Bits for Encryption).
The very first thing you have to to if you want to create an encrypted session between your FreeBSD machine and your Win2k server is to download the latest service pack available and also the "high encryption pack for win2k". This encryption pack is neccessary for several countries to enable 128 bit 3DES encryption on your win2k box. If you do not download the pack, you will nOT be able to connect to the FreeBSD server and everything you get is a TIMEOUT. The service packs and the high encryption pack is freely available From Microsoft.Set Up The FreeBSD Machine As Detailed Above, Recompiling The Kernel To include ipsec, adding the entries to the sad using setkey (8), configuring and running racoon.
You Have First To setup The Basics with setkey and then you would set the baspace You Have The Basic Configuration Described Above In this Tutorial (The SetKey-Script).
At this point we will show you how to configure Racoon Specially for Win2k Requirements.
.
WE Really CANNOT Stress ENOUGH The Importance In Using The Latest Version ON Racoon Proceeds Fairly Rapidly, with number bugs and interoperability issues fixed Between Releases.
A word about the option "log debug4". The first goal of this tutorial is to get the encrypted communication up and running. If it works we can go on optimizing the configuration and its options and again change the logging as noted above.
Path pre_shared_key "/usr/local/etc/psk.txt";
Log debug4;
# "padding" defines Some parameter of padding. Padding {Maximum_length 20; # maximum padding length.
Randomize OFF; # enable randomize length.
Strict_check off; # enable strict check.
Exclusive_tail OFF; # extract last one oud.
}
# Specification of default various timer {
# The Value Can Be Changed Per Remote Node.
Counter 5; # maximum trying count to send.
Interval 20 sec; # maximum interval to resend.
Persend 1; # The number of packets per a send.
# Timer for Waiting to Complete Each Phase.
PHASE1 30 SEC;
PHASE2 15 SEC;
}
Remote anonymous {
#exchange_mode main, aggressive;
Exchange_Mode Aggressive, Main;
DOI IPSec_doi;
Situation Identity_Only;
#we not need new an identifier, it is set automaticly
#my_identifier address;
#my_identifier address "192.168.0.99";
## Peers_Identifier Address "192.168.0.1";
#certificate_type x509 "Mycert" "MyPriv";
NONCE_SIZE 16;
Lifetime Time 1 min; # sec, min, hour
Lifetime Byte 5 MB; # b, kb, gb
Initial_Contact ON;
Support_mip6 on;
Proposal_check obey; # Obey, Strict OR Claim
#very important. WE NEED 3DES for Encryption and MD5 As Checksum
Proposal {
Encryption_algorithm 3des;
Hash_algorithm md5;
Authentication_method pre_shared_key;
DH_GROUP 2;
}
}
Sainfo anonymous {
PFS_GROUP 1;
Lifetime Time 36000 Sec;
Lifetime Byte 50000 KB;
Encryption_Algorithm 3des, des, cast128, blowfish
Authentication_algorithm HMAC_SHA1, HMAC_MD5;
Compression_algorithm deflate;
}
A word about the lifetime settings. The shorter the lifetime, the better the security of your session. This is because the session keys for the symmetric encryption algorithm are changed more often. As a result, less of your communication is vulnerable to one of the session keys being cracked. But there are some limitations on the Win2k machine. you can not set up a very short lifetime with it. On the other hand, the shorter the lifetime is, the more overhead you have, as additional bandwidth and processing power is dedicated to key exchange.As described above in this tutorial, do not forget to create a "secret file" with your pre-shared "key" (password). One of the advantages of racoon is that you do not have to make some calculations about the password-length (bits divided by 8 must fit to the password length), and you do not have to use two passwords (one for authentication, one for encryption). With Windows 2000, you can not use two passwords. you have ONLY One Shared Secret for you R communication and it is not dividation and encryption.
For Debugging Purposes, We Start Racoon with The Following Options:
Racoon -f -v -f my-raacoon.conf
................
On The Windows Machine, Perform The Following Steps:
Start a command window, and launch 'mmc'. Go to Console-> Add / Remove Snap in. Add the IP Security Policy Management snap-in. Click on IP Security Policies in the tree listing, and then select Action-> Create IP SECURITY Policy from the menu. Go through the wizard. In particular,
Do not activate the default response rule Edit the properties In the properties, click on the Add button to add a new rule Go through the wizard, and ensure the following settings:... The rule does not specify a tunnel The rule applies to. the LAN Use a string to protect the key exchange. Stick in the same key as you used in the psk.txt file you'll want to create a new IP filter so that only traffic to the BSD box is subjected to the security policy. Select this new filter. Select 'Require security' for the filter action.
Make Sure The Used Configuration for 'Require Security' Is as Following.
There Are Several Rules you might see, Check for a rule with this option
OR CREATE A New Rule BY Yourself:
AH IS DISABED
ESP Integrity IS MD5
Encryption Algo IS 3DES
For Our First Testing Purposes, The 'Session Key Settings' Are Disabled.
You can change and optimize it lat.
Restart the IPsec policy agent, via the Administrative Tools-> Services selection from the Control Panel. You should restart the agent every time if you make any changes to your rulesets to ensure that the rules are promptly and properly accepted. Select the new policy in the window, and click on the toggle switch icon in the menu bar to activate the policy. Start the "ipsecmon" program. With this tool you can monitor the active rules on the machine. Open up a command window, and ping the BSD box ........................ ..
At this Point, All IP Traffic Between The 2 Boxes Has Been Secured.
On the windows machine, you can see the encrypted session with the ipsecmon tool. On the BSD Box you can follow the debug messages to see that everything works well.On the BSD machine we can try to dump the data on the wire to be sure Everything Works as we want. A Command Like
TCPDUMP -I ED0 -X -X-S 14400
Will Show The Packets on The Wire. You Can See Both The Ike KEY Exchange Between Win2k and Racoon, And The Actual Encrypted Packets, Shown As The ESP Packets.
If you are having problems with setting up IPsec, we would urge you to first direct your queries to the appropriate mailing lists; freebsd-net@freebsd.org or freebsd-questions@freebsd.org; before contacting the authors directly.
Useful links
Kame Documentation:
http://www.kame.net/
FreeBSD IPSec Documentation:
http://www.freebsd.org/handbook/ipsec.html
Raccoon Configuration Tips:
http://www.kame.net/newsletter/20001119/
USING CERTIFICATES INSTEAD OF Pre-Shared Keys in Racoon:
http://www.kame.net/newsletter/20001119b/
NetBSD ipsec Documentation:
http://www.netbsd.org/documentation/neetwork/ipsec/
Some RFCS:
RFC2709: Security Model with tunnel-mode ipsec for nat domains rfc2663: IP network address translator (nat) Terminology and considitys RFC2406: ESP RFC2402: AH RFC2409: IKE
Http://www.rfc.net contains a comprehensive collection of the rfcs
MISC
Suggestions, Hints, Advice, Corrections, And Feedback About this docuors.