适用于原生 Android IKEv2 IPsec 的 Strongswan swanctl 配置文件

适用于原生 Android IKEv2 IPsec 的 Strongswan swanctl 配置文件

Android 11 现在似乎支持 IKEv2/IPsec,所以我正在尝试为其构建 roadwarrior swanctl 配置文件。到目前为止,我已经建立了 SA,但随后立即删除了。有什么建议吗?

Android VPN 配置文件具有:

  • 类型:IKEv2/IPsec PSK
  • 服务器:moon.isuldor.com
  • IPsec 标识符:strongswan at isuldor.com
  • IPsec PSK: hunter2

我的 VPN 网关有:

$ swanctl --version
strongSwan swanctl 5.9.0

$ cat /etc/swanctl/conf.d/android11.conf
connections {
    rw-isuldor {
        local_addrs = moon.isuldor.com
        pools = android11_pool4, android11_pool6
        fragmentation = yes
        send_cert = always
        rekey_time = 0s
        dpd_delay = 30s
        local {
            auth = pubkey
            certs = moon.pem
            id = moon.isuldor.com
        }
        remote {
            auth = psk
            id = strongswan at isuldor.com
        }
        children {
            moon {
                local_ts  = 0.0.0.0/0,::/0
                rekey_time = 0s
                dpd_action = clear
            }
        }
    }
}
secrets {
    ike-isuldor {
        id_isuldor = strongswan at isuldor.com
        secret = hunter2
    }
}
pools {
    android11_pool4 {
        addrs = 192.168.2.0/24
        dns = 1.1.1.1,1.0.0.1
    }
    android11_pool6 {
        addrs = 2607:9cf3:0:ae::6:1300/120
        dns = 2606:4700:4700::1111,2606:4700:4700::1001
    }
}

来自 charon-systemd 的相关日志:

X.X.X.X is initiating an IKE_SA
IKE_SA (unnamed)[11] state change: CREATED => CONNECTING
selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/MODP_3072
remote host is behind NAT
...
looking for peer configs matching Y.Y.Y.Y[moon.isuldor.com]...X.X.X.X[strongswan at isuldor.com]
selected peer config 'rw-isuldor'
authentication of 'strongswan at isuldor.com' with pre-shared key successful
...
peer requested virtual IP %any
assigning new lease to 'strongswan at isuldor.com'
assigning virtual IP 192.168.2.1 to peer 'strongswan at isuldor.com'
peer requested virtual IP %any6
assigning virtual IP <redacted> to peer 'strongswan at isuldor.com'
...
CHILD_SA moon{4} established with SPIs cba17603_i 0f8dcc81_o and TS 0.0.0.0/0 ::/0 === 192.168.2.1/32
CHILD_SA moon{4} state change: INSTALLING => INSTALLED
generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr ]
splitting IKE message (2416 bytes) into 3 fragments
generating IKE_AUTH response 1 [ EF(1/3) ]
generating IKE_AUTH response 1 [ EF(2/3) ]
generating IKE_AUTH response 1 [ EF(3/3) ]
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733] (1236 bytes)
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733] (1236 bytes)
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733]
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733] (84 bytes)
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733]
checkin IKE_SA rw-isuldor[7]
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733]
checkin of IKE_SA successful
received packet: from X.X.X.X[38733] to Y.Y.Y.Y[4500]
waiting for data on sockets
checkout IKEv2 SA by message with SPIs ce7fea937528e3ca_i 115e7e1303dd7bc4_r
IKE_SA rw-isuldor[7] successfully checked out
received packet: from X.X.X.X[38733] to Y.Y.Y.Y[4500] (80 bytes)
parsed INFORMATIONAL request 2 [ D ]
received DELETE for IKE_SA rw-isuldor[7]
deleting IKE_SA rw-isuldor[7] between Y.Y.Y.Y[moon.isuldor.com]...X.X.X.X[strongswan at isuldor.com]
IKE_SA rw-isuldor[7] state change: ESTABLISHED => DELETING
IKE_SA deleted
generating INFORMATIONAL response 2 [ ]
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733] (80 bytes)
checkin and destroy IKE_SA rw-isuldor[7]
sending packet: from Y.Y.Y.Y[4500] to X.X.X.X[38733]
IKE_SA rw-isuldor[7] state change: DELETING => DESTROYING
CHILD_SA moon{4} state change: INSTALLED => DESTROYING
deleting policy 0.0.0.0/0 === 192.168.2.1/32 out
deleting policy 192.168.2.1/32 === 0.0.0.0/0 in
deleting policy 192.168.2.1/32 === 0.0.0.0/0 fwd
deleting SAD entry with SPI cba17603
deleted SAD entry with SPI cba17603
deleting SAD entry with SPI 0f8dcc81
deleted SAD entry with SPI 0f8dcc81
lease 192.168.2.1 by 'strongswan at isuldor.com' went offline
checkin and destroy of IKE_SA successful

更新:我检索 Android 日志后,问题立即显现出来。基本上,我过去常常adb shell访问设备,然后logcat使用适当的过滤器。可能有一些终端应用程序也可以做到这一点。不需要 root。

130|sargo:/ $ whoami
shell
130|sargo:/ $ logcat *:S IkeV2VpnRunner:V
--------- beginning of system
--------- beginning of main
[..] IkeV2VpnRunner: com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException: Expected the remote/server to use PSK-based authentication but they used: 14

结论:swanctl 配置文件应该auth=psklocal部分下,并添加一行用于为服务器分配预共享密钥,例如:id_moon = moon.isuldor.com在下secrets.ike-isuldor。这仅适用于 strongswan swanctl 5.9.0,但到目前为止,我无法使用早期版本重现成功5.7.2。我怀疑语法可能在某种程度上发生了变化。但最终的问题是服务器身份验证不正确。

答案1

正如客户端日志所确认的,它期望服务器也使用 PSK 而不是证书进行身份验证。因此,local.auth=pubkey您必须配置local.auth=psk

请注意,虽然 IKEv2 协议支持在服务器上使用证书并在客户端上使用 PSK,并且它确实可以防止其他主机知道 PSK 冒充服务器(每个客户端都必须知道并且可以这样做),但它具有与 IKEv2 的 PSK 身份验证通常相同的问题:客户端在验证服务器的身份验证之前发送 AUTH 有效负载。主动攻击者可以利用这一点通过字典或暴力攻击确定弱 PSK。更安全的方法是对服务器使用证书身份验证,对客户端使用基于用户名/密码的 EAP 方法(例如 EAP-MD5 或 EAP-MSCHAPv2),因为这样客户端仅在验证服务器证书后发送其散列密码。

相关内容