Difference between revisions of "OpenBSD isakmpd"

From royhills
Jump to: navigation, search
m (removed unwanted extra </pre>)
 
(No difference)

Latest revision as of 22:30, 23 July 2009

Platform Notes

isakmpd is the OpenBSD IKE daemon. It runs on other systems as well, including FreeBSD, NetBSD and Linux. It was originally written by Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems AB.

isakmpd is available under the BSD license. The source location is in the OpenBSD main source tree under src/sbin/isakmpd.

On OpenBSD, isakmpd does not start by default. You need to enable isakmpd in /etc/rc.conf by changing NO to "", and create the configuration files isakmpd.conf and policy file isakmpd.policy.

Version History

isakmpd versions are generally referred to by date, for example 20041012 for 12th October 2004.

Backoff Pattern

isakmpd has the four-packet default backoff pattern:

0, 7, 9, 11

Here is an example from OpenBSD 3.9:

$ ike-scan -M --showbackoff 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=62c6b3b6ad0047bc)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

IKE Backoff Patterns:

IP Address      No.     Recv time               Delta Time
172.16.3.29     1       1173090825.797097       0.000000
172.16.3.29     2       1173090832.815713       7.018616
172.16.3.29     3       1173090841.857950       9.042237
172.16.3.29     4       1173090852.848407       10.990457
172.16.3.29     Implementation guess: FreeBSD/OpenBSD-isakmpd

isakmpd is one of the few implementations that allows the number of retransmissions to be configured by the user. For example, the following section in isakmpd.conf sets the number of retransmissions to five, which results in a total of six packets being returned (the first response plus five re-transmissions):

[general]
Retransmits=5

The formula used to calculate the delay for each packet is:

5 + 2*<retrans#>

The code that implements this is in the file transport.c around line 360:

expiry = msg->xmits * 2 + 5;
expiration.tv_sec += expiry;

Vendor IDs

OpenBSD 3.9 returns the following Vendor IDs:

  • draft-ietf-ipsec-nat-t-ike-02\n (90cb80913ebb696e086381b5ec427b1f)
  • draft-ietf-ipsec-nat-t-ike-03 (7d9419a65310ca6f2c179d9215529d56)
  • RFC 3947 NAT-T (4a131c81070358455c5728f20e95452f)
  • Dead Peer Detection v1.0 (afcad71368a1f1c96b8696fc77570100)

Authentication Methods

isakmpd supports pre-shared key and RSA Signature authentication methods. The default authentication method is pre-shared key. RSA signature is selected by appending -RSA_SIG to the phase-1 transform specification in the configuration file. For example, the following transform specification would use pre-shared key authentication:

Transforms=AES-SHA,3DES-SHA

and these specifications would use RSA signature authentication:

Transforms=AES-SHA-RSA_SIG,3DES-SHA-RSA_SIG

Here is an example of pre-shared key and RSA signature responses from OpenBSD 3.9.

$ ike-scan -M --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=79385adedb7b6ec2)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --trans=5,2,3,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=c407f03e5fdd6e53)
        SA=(Enc=3DES Hash=SHA1 Auth=RSA_Sig Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

ISAKMP SA Lifetime

Lifetime in seconds

By default, isakmpd will accept either no lifetime at all or a lifetime in the range 60 to 86,400 seconds inclusive. It will not respond to values outside that range.

The Phase-1 lifetime can be configured with the Default-phase-1-lifetime configuration command. The configuration excerpt below shows the default configuration.

Default-phase-1-lifetime=3600,60:86400

The examples below illustrate this behaviour.

$ ike-scan -M --lifetime=none --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=f13393957f19ff6c)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=0 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --lifetime=1 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --lifetime=60 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=9cef41f99b349ba1)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x0000003c)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=86400 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=241db30b30af7b11)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00015180)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=86401 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.435 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Lifetime in Kilobytes

isakmpd does not support a lifetime in kilobytes for IKE Phase-1.

$ ike-scan -M --lifetime=none --lifesize=1000 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Transform ordering and rewriting

isakmpd generally returns the transform attributes in the order that they are supplied by the initiator.

In the example below, we specify the four mandatory transform attributes in order Enc, Hash, Auth, Group and then in reverse order Group, Auth, Hash, Enc, and observe that in both cases the target returns the attributes in the same order as the initiator specified them.

$ ike-scan -M --trans="(1=5,2=2,3=1,4=2)" 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=35cb73924619e6cb)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --trans="(4=2,3=1,2=2,1=5)" 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=368c15ab0c774bde)
        SA=(Group=2:modp1024 Auth=PSK Hash=SHA1 Enc=3DES)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Here is another example, this time including a lifetime in seconds and using the variable keylength AES encryption algorithm with a keylength of 128 bits. Again, the attributes are returned in the same order that the initiator sent them.

$ ike-scan -M --trans="(14=128,11=1,12=123,4=2,3=1,2=2,1=7)" 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=bd718e1a5a6e8847)
        SA=(KeyLength=128 LifeType=Seconds LifeDuration=123 Group=2:modp1024 Auth=PSK Hash=SHA1 Enc=AES)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Aggressive Mode

isakmpd supports aggressive mode. Aggressive mode is selected by the following configuration option:

EXCHANGE_TYPE=AGGRESSIVE

Here is an example of isakmpd responding to aggressive mode:

$ ike-scan -M -A --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Aggressive Mode Handshake returned
        HDR=(CKY-R=3e3b8d9c974d3f60)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
        KeyExchange(128 bytes)
        Nonce(20 bytes)
        ID(Type=ID_IPV4_ADDR, Value=172.16.3.29)
        Hash(20 bytes)

Response to non-compliant and malformed packets

The responses below are from OpenBSD 3.9 unless indicated otherwise.

isakmpd never sends a notify response. It doesn't respond at all to packets that it considers to be invalid.

No acceptable transforms

No response from OpenBSD 3.9.

$ ike-scan -M --trans=1,1,1,1 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Bad IKE version

No response from OpenBSD 3.9.

$ ike-scan -M --headerver=0x30 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.440 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --headerver=0x11 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid DOI

$ ike-scan -M --doi=2 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Situation

$ ike-scan -M --situation=2 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.435 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Initiator Cookie

$ ike-scan -M --cookie=0000000000000000 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=0500a3ddcc5f73ea)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Invalid Flags

$ ike-scan -M --hdrflags=255 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Protocol

$ ike-scan -M --protocol=2 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.439 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid SPI

$ ike-scan -M --spisize=32 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.29     Main Mode Handshake returned
        HDR=(CKY-R=66b7ad127a8df1a0)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=90cb80913ebb696e086381b5ec427b1f (draft-ietf-ipsec-nat-t-ike-02\n)
        VID=7d9419a65310ca6f2c179d9215529d56 (draft-ietf-ipsec-nat-t-ike-03)
        VID=4a131c81070358455c5728f20e95452f (RFC 3947 NAT-T)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Non-Zero Reserved Fields

$ ike-scan -M --mbz=255 --trans=5,2,1,2 172.16.3.29
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Nat Traversal

isakmpd supports NAT Traversal. However, it does not respond to ike-scan with the --nat-t option because it uses source port 500 for the response packet rather than using the actual source port. Here is a tcpdump trace which shows this behaviour.

12:40:51.440283 192.168.124.7.4500 > 172.16.3.29.4500: udpencap: isakmp v1.0 exchange ID_PROT
        cookie: 8f145f939575517b->0000000000000000 msgid: 00000000 len: 356 (DF)
12:40:51.444030 172.16.3.29.500 > 192.168.124.7.4500:  isakmp v1.0 exchange ID_PROT
        cookie: 8f145f939575517b->a09326b83442f935 msgid: 00000000 len: 164

IKEv2

isakmpd does not support IKEv2 as of OpenBSD 3.9.

Remote Access VPN Client

Other Interesting Behaviour

Default Configuration

OpenBSD 3.9 has a default configuration file /usr/share/ipsec/isakmpd/VPN-default.conf, which can be copied to the live configuration file /etc/isakmpd/isakmpd.conf. The contents of this default template is:

[Phase 1]
Default=                any

[any]
Phase=                  1
Configuration=          Default-main-mode
Authentication=         mekmitasdigoat

[Default-main-mode]
EXCHANGE_TYPE=          ID_PROT
Transforms=             AES-SHA,3DES-SHA

This template allows the following transform attributes. Note that all three keylengths for AES are supported:

Encryption 3DES, AES-128, AES-192 and AES-256
Hash SHA1
Authentication Pre-Shared Key
DH Group 2

The syntax for the Transforms configuration option that defines the acceptable attributes is shown below. This also shows the supported values for the attributes.

{DES,BLF,3DES,CAST,AES}-{MD5,SHA}[-GRP{1,2,5,14}][-RSA_SIG]

Discovered Vulnerabilities