StrongSwan Linux 客户端拒绝连接到 StrongSwan 服务器

StrongSwan Linux 客户端拒绝连接到 StrongSwan 服务器

我在 Ubuntu 18.04 服务器上设置了一个 StrongSwan VPN 服务器,它运行良好。我能够从 Windows 10 和 macOS 连接到此 VPN,一切运行良好。问题是我无法让 Linux 使用 StrongSwan 客户端连接到同一 VPN 服务器。

Linux 客户端只是一个公路战士场景,我使用 charon-cmd 来建立按需 VPN 连接,如下所示:

root@ubuntu:~# charon-cmd --cert DigiCertCA.crt --host vpn.example.com --identity <myuser>

00[LIB] created TUN device: ipsec0
00[LIB] dropped capabilities, running as uid 0, gid 0
00[DMN] Starting charon-cmd IKE client (strongSwan 5.3.5, Linux 4.4.0-142-generic, x86_64)
00[LIB] loaded plugins: charon-cmd aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm kernel-libipsec kernel-netlink resolve socket-default eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic
00[JOB] spawning 16 worker threads
15[IKE] initiating IKE_SA cmd[1] to XX.YYY.199.103
15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
15[NET] sending packet: from 192.168.1.29[60971] to XX.YYY.199.103[4500] (1256 bytes)
16[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[60971] (38 bytes)
16[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
16[IKE] peer didn't accept DH group MODP_2048, it requested MODP_3072
16[IKE] initiating IKE_SA cmd[1] to XX.YYY.199.103
16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
16[NET] sending packet: from 192.168.1.29[60971] to XX.YYY.199.103[4500] (1384 bytes)
05[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[60971] (584 bytes)
05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
05[IKE] local host is behind NAT, sending keep alives
05[IKE] remote host is behind NAT
05[IKE] establishing CHILD_SA cmd
05[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
05[NET] sending packet: from 192.168.1.29[50969] to XX.YYY.199.103[4500] (304 bytes)
04[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[50969] (3408 bytes)
04[ENC] parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID N(AUTH_FOLLOWS) ]
04[IKE] received end entity cert "C=US, ST=Massachusetts, L=Needham Heights, O=Example Corporation, CN=*.example.com"
04[IKE] received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1"
04[IKE] no trusted RSA public key found for '10.1.1.4'
04[ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
04[NET] sending packet: from 192.168.1.29[50969] to XX.YYY.199.103[4500] (80 bytes)

请注意,上述日志末尾附近的错误是“未找到 10.1.1.4 的可信 RSA 公钥”。该 IP 地址是 StrongSwan 服务器计算机的 NAT 化“内部”IP 地址。同一台计算机的面向公众的 IP 地址是 XX.YY.199.103。

在 charon-cmd 命令行上,我指定 --cert DigiCertCA.crt,因为这是来自为该服务器颁发主要证书的 CA 的中间证书。

我已经在 Google 上搜索了错误“未找到 (IP-addr) 的受信任 RSA 公钥”,并找到了一些讨论,但到目前为止,这些建议都对我没用。有人能帮我解决这个问题吗?我已经重新颁发了证书,其 SAN 名称与客户端用于连接的名称完全匹配,因为我知道 StrongSwan 通常不喜欢通配符证书。但添加 SAN 名称并没有帮助。

这是 StrongSwan 的服务器端配置。请记住,从 Windows 10 和 macOS 连接时,所有这些服务器配置都可以正常工作。

服务器端文件:/etc/ipsec.conf

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn ikev2-vpn
    auto=add
    ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=@*.example.com
    leftcert=example_com.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.10.1.0/16
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never
    eap_identity=%identity

服务器证书(真实域名在本讨论中更改为 example.com,但其他一切都完全相同)。请注意,这是一个通配符证书,其中“CN”名称带有星号。但是,还请注意,有一个 SAN(主题备用名称),其名称与我从客户端到达服务器时使用的完全相同,在本例中为 vpn.example.com。

root@base:/etc/ipsec.d/certs# openssl x509 -in example_com.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:11:4c:4d:84:9b:3a:c4:16:31:d8:4b:12:52:1b:0f
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
        Validity
            Not Before: Apr 22 00:00:00 2021 GMT
            Not After : May 23 23:59:59 2022 GMT
        Subject: C = US, ST = Massachusetts, L = Needham Heights, O = Example Corporation, CN = *.example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:1f:f6:9a:e4:a5:2f:12:f1:e3:80:de:46:
                    4e:61:39:17:87:9d:d0:d5:13:9a:2e:8d:aa:cb:2a:
                    1c:28:8e:27:27:54:df:bb:c9:2a:fb:74:a1:b0:96:
                    1c:21:3d:26:8f:63:03:1b:45:36:6b:a3:46:07:dd:
                    44:6e:a6:db:e5:db:e5:4d:5f:e2:5a:21:5e:d4:a2:
                    d6:02:11:71:4b:89:8e:93:dd:d2:ef:13:b2:55:74:
                    d4:eb:e1:ad:ec:70:76:b3:8b:a8:f0:ae:60:39:f2:
                    1e:5b:f6:a7:a6:e3:ad:b5:8c:6b:a5:25:fa:fc:ac:
                    05:03:16:ab:77:37:d4:14:8c:28:46:9e:37:f7:d9:
                    3c:63:4e:a5:ea:e7:14:0c:46:e9:43:4b:45:f9:f6:
                    8f:6c:db:6d:da:9b:1d:98:d5:e3:dd:be:a2:8f:2a:
                    d2:66:e6:92:38:49:aa:e4:4b:52:8b:c2:28:79:f6:
                    32:94:99:56:78:5a:b3:c3:98:cd:f8:fd:2b:37:e8:
                    25:ae:5b:31:43:82:42:d2:35:95:c3:53:d0:31:09:
                    da:61:23:4c:08:42:68:08:50:d2:ef:26:60:5d:01:
                    9f:6f:ed:25:40:02:98:29:e9:19:bf:7f:98:b5:45:
                    4c:c8:5d:1d:8f:31:da:bc:de:42:45:ed:51:2e:da:
                    7f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
            X509v3 Subject Key Identifier:
                E2:30:0F:0F:D7:96:0B:BE:4A:19:55:54:2B:D4:1A:2F:E9:11:40:A3
            X509v3 Subject Alternative Name:
                DNS:*.example.com, DNS:example.com, DNS:vpn.example.com
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.2.2
                  CPS: http://www.digicert.com/CPS
            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
            CT Precertificate SCTs:
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:                                11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
                    Timestamp : Apr 22 20:58:13.047 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:55:BC:68:21:95:C6:A7:AF:82:B9:BC:C3:
                                2B:82:49:E5:F9:88:EA:90:96:8B:27:17:4A:5D:E1:B3:
                                F2:D3:03:92:02:20:0D:24:0B:20:5D:17:F6:5A:F9:67:
                                5B:A4:67:A2:64:8F:F4:9C:F7:95:A2:30:BE:AC:69:57:
                                EB:3F:2D:EC:70:7E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:                                E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
                    Timestamp : Apr 22 20:58:12.955 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:AC:04:98:CB:33:16:0A:5E:A6:83:AA:
                                20:BB:B2:15:00:73:6B:BA:B6:DD:AB:8C:BF:4E:09:42:
                                43:AF:BF:CA:7F:02:20:23:29:7D:F7:3E:6F:C5:70:CE:
                                8F:E1:40:B7:F9:84:39:29:D0:06:12:7B:58:4A:11:D9:
                                8A:14:60:D1:CF:51:3A
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                    Timestamp : Apr 22 20:58:12.964 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:15:E7:1D:C7:A4:61:33:A8:41:91:42:FD:
                                53:31:98:AB:ED:20:07:12:2A:FA:D7:AA:86:67:44:88:
                                29:41:7A:6B:02:21:00:EE:1A:9C:7E:80:30:1E:26:D3:
                                6E:2A:BF:32:C9:46:AB:C3:F1:9D:85:F8:71:B9:75:D9:
                                1F:DE:86:58:84:C1:32
    Signature Algorithm: sha256WithRSAEncryption
         46:80:80:28:cf:e2:95:e4:1e:ef:40:12:fb:c8:d9:5b:57:1e:
         cd:b1:8c:94:11:87:ec:09:b7:43:57:27:79:f6:61:38:86:ba:
         3b:f7:b9:16:79:b4:c9:86:d5:cf:d8:49:9e:ec:a1:a1:d5:1d:
         e0:6c:9d:38:71:6c:f6:f2:90:3a:88:18:cc:6d:d1:c0:90:2d:
         bb:e4:96:be:e6:b3:cb:04:af:09:6c:e5:b9:17:e7:6d:45:1e:
         42:c5:eb:ef:e2:3f:91:55:76:39:1b:2c:75:12:d9:a1:bd:2e:
         bc:18:f8:e8:ed:f4:be:75:5b:c6:0d:6a:ec:6a:3d:15:d9:7c:
         35:5d:98:46:bf:10:d7:56:7b:a2:55:23:29:21:3c:2e:3e:6f:
         39:0f:0d:a0:a6:3e:3d:9c:70:b9:0c:ce:92:2b:7b:ca:bb:67:
         97:1e:1a:a8:08:c7:54:b4:96:79:00:32:9b:50:b5:1f:09:d9:
         ab:be:aa:42:1d:68:a1:87:a1:26:36:a4:f4:c7:56:27:20:72:
         c6:f5:f6:47:ee:ac:9e:b3:03:9e:95:0e:f0:61:cb:a6:75:71:
         11:c6:ee:fb:44:08:e1:25:3c:77:9a:99:97:2a:62:56:54:99:
         8e:3d:a7:4b:cc:20:38:23:d5:c5:b5:9f:67:0f:c8:6c:5f:f2:
         f2:6d:e4:32

来自 DigiCert 的 CA 证书。我在客户端有此证书的副本,并在“charon-cmd”的 --cert 参数中指定此文件。

root@base:/etc/ipsec.d/cacerts# openssl x509 -in DigiCertCA.crt -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:35:08:d5:5c:29:2b:01:7d:f8:ad:65:c0:0f:f7:e4
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
        Validity
            Not Before: Sep 24 00:00:00 2020 GMT
            Not After : Sep 23 23:59:59 2030 GMT
        Subject: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4b:b3:65:47:70:bc:dd:4f:58:db:ec:9c:ed:
                    c3:66:e5:1f:31:13:54:ad:4a:66:46:1f:2c:0a:ec:
                    64:07:e5:2e:dc:dc:b9:0a:20:ed:df:e3:c4:d0:9e:
                    9a:a9:7a:1d:82:88:e5:11:56:db:1e:9f:58:c2:51:
                    e7:2c:34:0d:2e:d2:92:e1:56:cb:f1:79:5f:b3:bb:
                    87:ca:25:03:7b:9a:52:41:66:10:60:4f:57:13:49:
                    f0:e8:37:67:83:df:e7:d3:4b:67:4c:22:51:a6:df:
                    0e:99:10:ed:57:51:74:26:e2:7d:c7:ca:62:2e:13:
                    1b:7f:23:88:25:53:6f:c1:34:58:00:8b:84:ff:f8:
                    be:a7:58:49:22:7b:96:ad:a2:88:9b:15:bc:a0:7c:
                    df:e9:51:a8:d5:b0:ed:37:e2:36:b4:82:4b:62:b5:
                    49:9a:ec:c7:67:d6:e3:3e:f5:e3:d6:12:5e:44:f1:
                    bf:71:42:7d:58:84:03:80:b1:81:01:fa:f9:ca:32:
                    bb:b4:8e:27:87:27:c5:2b:74:d4:a8:d6:97:de:c3:
                    64:f9:ca:ce:53:a2:56:bc:78:17:8e:49:03:29:ae:
                    fb:49:4f:a4:15:b9:ce:f2:5c:19:57:6d:6b:79:a7:
                    2b:a2:27:20:13:b5:d0:3d:40:d3:21:30:07:93:ea:
                    99:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
            X509v3 Authority Key Identifier:
                keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalRootCA.crt
            X509v3 CRL Distribution Points:
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertGlobalRootCA.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertGlobalRootCA.crl
            X509v3 Certificate Policies:
                Policy: 2.23.140.1.1
                Policy: 2.23.140.1.2.1
                Policy: 2.23.140.1.2.2
                Policy: 2.23.140.1.2.3
    Signature Algorithm: sha256WithRSAEncryption
         77:ab:b7:7a:27:3d:ae:bb:f6:7f:e0:5a:56:c9:84:aa:ca:5b:
         71:17:dd:22:47:fc:4e:9f:ee:d0:c1:a4:04:e1:a3:eb:c5:49:
         c1:fd:d1:c9:df:8c:af:94:45:2c:46:2a:a3:63:39:20:f9:9e:
         4a:24:94:41:c8:a9:d9:e2:9c:54:05:06:cb:5c:1c:be:00:1b:
         0f:a8:5a:ff:19:bb:65:c7:16:af:21:56:dd:61:05:c9:e9:8f:
         98:76:df:6b:1b:d0:72:0c:50:b9:30:29:7a:bf:60:59:10:66:
         13:3a:2d:ac:15:11:6c:2d:23:0c:02:3e:05:3b:fe:e5:a1:9c:
         e2:8a:db:87:d7:4a:e8:5e:e7:48:06:eb:ab:12:9a:f2:af:84:
         c3:5b:83:4a:99:81:83:ab:00:a1:ca:0a:3c:4c:a2:25:89:2a:
         22:a7:a4:f3:33:4c:5b:8c:2e:1a:02:97:0f:9d:8f:6d:2d:95:
         08:fb:4f:da:f1:91:38:25:e1:9c:6e:61:18:87:6a:ce:b1:bb:
         00:30:6a:9b:b7:af:da:f1:c5:97:fe:8a:78:24:aa:ea:93:80:
         ba:33:65:7a:bc:a1:77:e9:7f:69:14:0b:00:3f:77:92:b1:4d:
         5b:73:87:0a:13:d0:9c:c8:f2:4b:39:4f:52:84:49:a6:4c:90:
         4e:1f:f7:b4

答案1

那么对于将来遇到此问题的人来说,解决方案是修改 /etc/ipsec.conf 文件如下:

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=no

conn ikev2-vpn
    auto=add
    ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=vpn.example.com
    leftcert=example_com.crt
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-mschapv2
    rightsourceip=10.10.1.0/16
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never
    eap_identity=%identity

我猜 StrongSwan 对“leftid”参数非常挑剔——它必须与证书的 SAN 名称中的内容完全匹配,并且必须与 charon-cmd 的 --host 参数中的内容完全匹配。

如果 StrongSwan 有一条日志消息告诉你就好了为什么“未找到 10.1.1.4 的可信 RSA 公钥”。相反,它需要数小时的反复试验和在黑暗中摸索,随机尝试这做那。

相关内容