I am developing my own IKE2-Server. Keyexchange and everything is working fine already (Using Windows and StronSwan as client). But in the AUTH phase I am experiencing a problem:
I am sending an EAP-Request to the Client, but I receive a NAK:
I send: (After finishing SA_INIT)
Frame 48: 1450 bytes on wire (11600 bits), 1450 bytes captured (11600 bits)
Ethernet II, Src: de:bf:af:00:00:0d (de:bf:af:00:00:0d), Dst: de:bf:af:00:00:01 (de:bf:af:00:00:01)
Internet Protocol Version 4, Src: X.X.X.X, Dst: X.X.X.X
User Datagram Protocol, Src Port: 4500, Dst Port: 4500
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
Initiator SPI: 88fc620a492f0e45
Responder SPI: 460c32454a2c133e
Next payload: Encrypted and Authenticated (46)
Version: 2.0
Exchange type: IKE_AUTH (35)
Flags: 0x20 (Responder, No higher version, Response)
Message ID: 0x00000001
Length: 1404
Payload: Encrypted and Authenticated (46)
Next payload: Extensible Authentication (48)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 1376
Initialization Vector: b60f3622cf10c3dd (8 bytes)
Encrypted Data (1352 bytes) <3DES [RFC2451]>
Decrypted Data (1352 bytes)
Contained Data (1350 bytes)
Payload: Extensible Authentication (48)
Next payload: Identification - Responder (36)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 48
Extensible Authentication Protocol
Code: Request (1)
Id: 242
Length: 44
Type: MS-Authentication EAP (EAP-MS-AUTH) (26)
EAP-MS-CHAP-v2 OpCode: Challenge (1)
EAP-MS-CHAP-v2 Id: 242
EAP-MS-CHAP-v2 Length: 39
EAP-MS-CHAP-v2 Value-Size: 16
EAP-MS-CHAP-v2 Challenge: 998253fdc763ece9fbc19d873b9c03e6
EAP-MS-CHAP-v2 Name: gixvpn.internic.at
Payload: Identification - Responder (36)
Next payload: Certificate (37)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 26
ID type: FQDN (2)
Reserved: 000000
Identification Data:gixvpn.internic.at
ID_FQDN: gixvpn.internic.at
Payload: Certificate (37)
Next payload: NONE / No Next Payload (0)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 1276
Certificate Encoding: X.509 Certificate - Signature (4)
Certificate Data (id-at-commonName=gixvpn.internic.at)
signedCertificate
version: v3 (2)
serialNumber: XXXXXXXXXXXXX
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
validity
notBefore: utcTime (0)
utcTime: 2024-06-12 18:04:56 (UTC)
notAfter: utcTime (0)
utcTime: 2024-09-10 18:04:55 (UTC)
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=blablabla)
subjectPublicKeyInfo
algorithm (rsaEncryption)
Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
subjectPublicKey [truncated]: 3082010a0282010100e05f337d82c8165a7512a271b0f75dd889a416922122b1aa0c8ce350843bdef784195b34b9eb930dbc9cf4c02ec11da3f88cb9339de7c89730fb31e4e3e4246afb5aca58d1a9d23b741565bab24bceb510beb94314245879bca234b80c2c429
modulus: 0x00e05f337d82c8165a7512a271b0f75dd889a416922122b1aa0c8ce350843bdef784195b…
publicExponent: 65537
extensions: 9 items
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 5
KeyUsage: a0
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..1. .... = keyEncipherment: True
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 2 items
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth)
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax [0 length]
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: iuhserfhweirhwer
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
accessLocation: 6
uniformResourceIdentifier: http://r11.o.lencr.org
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://r11.i.lencr.org/
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 1 item
GeneralName: dNSName (2)
dNSName: ksfhsdkfhsdfs
Extension (id-ce-certificatePolicies)
Extension Id: 2.5.29.32 (id-ce-certificatePolicies)
CertificatePoliciesSyntax: 1 item
PolicyInformation
policyIdentifier: 2.23.140.1.2.1 (joint-iso-itu-t.23.140.1.2.1)
Extension (SignedCertificateTimestampList)
Extension Id: 1.3.6.1.4.1.11129.2.4.2 (SignedCertificateTimestampList)
Serialized SCT List Length: 239
Signed Certificate Timestamp (DigiCert Yeti2024 Log)
Serialized SCT Length: 118
SCT Version: 0
Log ID: 48b0e36bdaa647340fe56a02fa9d30eb1c5201cb56dd2c81d9bbbfab39d88473
Timestamp: Jun 12, 2024 19:04:57.238000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 71
Signature: 3sdfsdfsdfjsdfd2e8fa96e6c69b43fff34e4259ec41f3022100c921ee87dce83dc2fdd622d85afcf5f4af8290a07c9db61b627480676587e5c0
Signed Certificate Timestamp (Sectigo 'Sabre2024h2')
Serialized SCT Length: 117
SCT Version: 0
Log ID: 1998107109f0d6522e3080d29e3f64bb836e28ccf90f528eeedfce4a3f16b4ca
Timestamp: Jun 12, 2024 19:04:57.263000000 UTC
Extensions length: 0
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Length: 70
Signature: 30440sdfsdfsdfsdfsf892d0fbfe7a0b7ef794b76d43714df2434fb30a7c02201cf6e0a19fed2f07e534b46abf9b4a03e74043b075e43ce1c3fbb47f70d724b9
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted [truncated]: 152c3f1bc797cesdfsdfs1384191207f9f4650f2a36d1af7e77f514b1de05b637b0312b9a6416aabf70a1cfdae510d351127a1c6b534e6a06828443279da02de5760074841796aa1a4885bde5082e0c8fb54bd205ecd5514af64e3bb9
Padding (1 byte)
Pad Length: 1
Integrity Checksum Data: f90338102e613be41aaa435e (12 bytes) <HMAC_SHA1_96 [RFC2404]>[correct]
And I receive:
Frame 49: 114 bytes on wire (912 bits), 114 bytes captured (912 bits)
Ethernet II, Src: de:bf:af:00:00:01 (de:bf:af:00:00:01), Dst: de:bf:af:00:00:0d (de:bf:af:00:00:0d)
Internet Protocol Version 4, Src: X.X.X.X, Dst: Y.Y.Y.Y
User Datagram Protocol, Src Port: 4500, Dst Port: 4500
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
Initiator SPI: 88fc620a492f0e45
Responder SPI: 460c32454a2c133e
Next payload: Encrypted and Authenticated (46)
Version: 2.0
Exchange type: IKE_AUTH (35)
Flags: 0x08 (Initiator, No higher version, Request)
Message ID: 0x00000002
Length: 68
Payload: Encrypted and Authenticated (46)
Next payload: Extensible Authentication (48)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 40
Initialization Vector: d474231abbcd76eb (8 bytes)
Encrypted Data (16 bytes) <3DES [RFC2451]>
Decrypted Data (16 bytes)
Contained Data (10 bytes)
Payload: Extensible Authentication (48)
Next payload: NONE / No Next Payload (0)
0... .... = Critical Bit: Not critical
.000 0000 = Reserved: 0x00
Payload length: 10
Extensible Authentication Protocol
Code: Response (2)
Id: 242
Length: 6
Type: Legacy Nak (Response Only) (3)
Desired Auth Type: Unknown (0)
Padding (5 bytes)
Pad Length: 5
Integrity Checksum Data: beea09bfbb82060f9dde4e56 (12 bytes) <HMAC_SHA1_96 [RFC2404]>[correct]
Why?
My ipsec.conf looks like this (maybe I have an error here):
conn andy1
ah=sha1
esp=3des
ike=3des-sha256-modp3072
right=X.X.X.X
rightid=%servername.myserver.com
rightsubnet=0.0.0.0/0
rightauth=pubkey
leftsourceip=%config
leftauth=eap-mschapv2
eap_identity=andy
auto=add
Maybe some strongswan experts here around?
PS: Please no answers like ‘Why don’t you use a ready made software instead of writing it by yourself’ 🙂