IPSec
IPSec (Internet Protocol Security) is a protocol suite used to provide secure communication over IP networks. It is used to protect data transmitted between two endpoints and can be used to provide confidentiality, authentication, and data integrity. IPSec has two modes of operation: * Transport mode: In transport mode, only the payload (the data being transmitted) is encrypted and the header of the original IP packet is left intact. This mode is typically used for end-to-end communication between hosts. * Tunnel mode: In tunnel mode, the entire original IP packet is encapsulated within a new IP packet with a new header. The original packet’s header is encrypted along with the payload. This mode is typically used for site-to-site communication between networks.
IPSec can be used in combination with other protocols, such as IKE (Internet Key Exchange) which is used to establish the IPSec tunnel, and ESP (Encapsulating Security Payload) which provides confidentiality, integrity, and authentication for the data being transmitted.
AH Mode
AH stands for Authentication Header, which is a protocol used in IPsec to provide data authentication and integrity protection. In AH mode, the entire IP packet is authenticated and protected, including the IP header and data payload. The authentication process is achieved by generating a hash of the packet contents and appending it to the packet. This hash is calculated using a shared secret key, which is negotiated during the IPsec phase 1 and 2 negotiations. AH mode does not provide encryption of the packet contents, so it is typically used in combination with ESP (Encapsulating Security Payload) mode to provide both authentication and encryption. AH mode is commonly used in scenarios where data integrity is a critical requirement, such as in financial transactions.
ESP Mode
ESP stands for Encapsulating Security Payload. It is a protocol used in IPsec to provide confidentiality, data origin authentication, and integrity for IP packets. ESP provides confidentiality by encrypting the payload of IP packets, which means that the data being sent cannot be read by unauthorized parties. It also provides data origin authentication and integrity by adding a message authentication code (MAC) to the packet, which ensures that the packet has not been tampered with during transmission.
ESP is used in conjunction with the Authentication Header (AH) protocol in IPsec to provide end-to-end security for IP packets. ESP and AH can be used together or separately, depending on the security requirements of the network. ESP is commonly used in VPNs (Virtual Private Networks) to provide secure communication over the Internet.
Note
Currently, Only ESP or AH could be used and a combination of both is not possible in SoodarOS
IPSec Phases
IPsec uses a two-phase approach to establish a secure connection between two devices:
Phase 1: In the first phase, the devices negotiate and establish a secure channel to protect the subsequent negotiation of the cryptographic keys. The main goals of Phase 1 are:
Authentication of the communicating devices
Negotiation of a secure method for exchanging encryption keys
Establishment of a secure channel for Phase 2 negotiations
Phase 2: Once the secure channel has been established in Phase 1, the devices can negotiate the specific parameters and methods to be used to secure the actual data being transmitted. The main goals of Phase 2 are:
Establishment of IPsec Security Associations (SAs) for each direction of communication
Negotiation of the specific encryption, authentication, and other security protocols to be used
Setting up the keys and other parameters for the selected security protocols
Both of these phases are done automatically with IKEv2.
IKEv2 is a protocol used to establish and manage IPsec VPN tunnels. IKEv2 has three main phases:
IKE_SA_INIT
: In this phase, the two endpoints negotiate a security association (SA) for protecting the IKEv2 traffic itself. This involves exchanging proposals for encryption, authentication, and other parameters, and selecting a set of proposals that both sides support. If successful, this phase ends with the establishment of an IKE SA that will be used to protect subsequent IKEv2 traffic.IKE_AUTH
: In this phase, the two endpoints authenticate each other and negotiate a set of IPsec parameters to be used for protecting the user traffic. The authentication process involves exchanging identity information (such as IP addresses or digital certificates) and verifying it using pre-shared keys, certificates, or other mechanisms.CHILD_SA
: In this phase, the two endpoints use the IKE SA to negotiate a set of parameters for the IPsec traffic that will be sent through the tunnel. This involves exchanging proposals for encryption, authentication, and other parameters, and selecting a set of proposals that both sides support. If successful, this phase ends with the establishment of a Child SA that will be used to protect user traffic.
The first and second phases of IKEv2 are for IPSec Phase 1 and the subsequent phase corresponds to the second phase of IPSec.
Transform set
In IPSec, a transform set is a combination of security protocols, and algorithms used to define the security properties of a VPN tunnel. It specifies how the data is encrypted, and authenticated before transmission.
A transform set consists of one or more individual security protocols, which are defined using the following parameters:
Authentication algorithm: used to authenticate the packet data, ensuring that it has not been tampered with during transmission.
Encryption algorithm: used to encrypt the packet data, providing confidentiality and preventing unauthorized access.
- crypto ipsec transform-set IPSECTS ah hmac HMAC_ALG
The command is used to define an IPsec transform set that uses AH protocol for authentication of IP packets. This command also specifies the hash algorithm used for integrity check of the packet, by specifying the HMAC algorithm.
The options available for the HMAC algorithm are:
sha-96
: Uses the SHA-1 algorithm with a 96-bit truncation.sha-256
: Uses the SHA-256 algorithm with a 256-bit truncation.sha-384
: Uses the SHA-384 algorithm with a 384-bit truncation.sha-512
: Uses the SHA-512 algorithm with a 512-bit truncation.
Note
Note that the authentication algorithm specified in the transform set must match on both the local and remote devices in order for the IPsec tunnel to be established.
- crypto ipsec transfor-set IPSECTS esp {hmac HMAC_ALG |cipher CIPHER_ALG}
The command is used to define an IPsec transform set that uses ESP protocol for authentication and encryption of IP packets. This command also specifies the hash algorithm used for integrity check of the packet, by specifying the HMAC algorithm and, the encryption algorithm by specifying the Cipher algorithm.
The options available for the HMAC algorithm are:
sha-96
: Uses the SHA-1 algorithm with a 96-bit truncation.sha-256
: Uses the SHA-256 algorithm with a 256-bit truncation.sha-384
: Uses the SHA-384 algorithm with a 384-bit truncation.sha-512
: Uses the SHA-512 algorithm with a 512-bit truncation.
The options available for the cipher algorithm are:
aes-{128|192|256}
: Specifies the AES CBC encryption algorithm with key lengths of 128, 192, or 256 bits.aes-ctr-{128|192|256}
: Specifies the AES CTR encryption algorithm with key lengths of 128, 192, or 256 bits.aes-gcm-{128|192|256}
: Specifies the AES GCM encryption algorithm with key lengths of 128, 192, or 256 bits.
Note
HMAC algorithm is not needed/ignored when using GCM cipher algorithms.
- mode transport
Specifies that the IPsec transport mode should be used.
- mode tunnel
Specifies that the IPsec tunnel mode should be used.
Example :
soodar(config)# crypto ipsec transform-set ipsec-tunnel-TS esp hmac sha-96 cipher aes-192 soodar(cfg-crypto-trans)# mode transport
The result of these commands is to create an IPsec transform set named ipsec-tunnel-TS that uses ESP protocol with HMAC-SHA-96 integrity and AES-192 encryption algorithms in transport mode.
Profile
- crypto ipsec profile IPSECPROFILE
Create a new profile IPSECPROFILE.
- set transform-set IPSECTS
The command is used in an IPsec profile configuration to specify the transform set that will be used for IPsec encryption and authentication.
IPSECTS
: The name of the transform set to be used for IPsec encryption and authentication. The transform set should be pre-configured using the crypto ipsec transform-set command.
Note
An IPSec profile without Transform set is useless.
- set pfs GROUP
The command is used in the context of configuring IPSec (Internet Protocol Security) on network devices, such as routers and firewalls. It specifies a particular group for Perfect Forward Secrecy. GROUP` specifies the Diffie-Hellman (DH) group to be used for key exchange in the rekey. Available groups are:
14
: Specifies the use of Diffie-Hellman group 14, which uses a 2048-bit prime modulus.19
: Specifies the use of Diffie-Hellman group 19, which uses a 256-bit elliptic curve.20
: Specifies the use of Diffie-Hellman group 20, which uses a 384-bit elliptic curve.21
: Specifies the use of Diffie-Hellman group 21, which uses a 521-bit elliptic curve.28
: Specifies the use of Diffie-Hellman group 28, which uses a 256-bit Brainpool ECP group.29
: Specifies the use of Diffie-Hellman group 29, which uses a 384-bit Brainpool ECP group.30
: Specifies the use of Diffie-Hellman group 30, which uses a 512-bit Brainpool ECP group.31
: Specifies the use of Diffie-Hellman group 31, which uses Curve 25519.32
: Specifies the use of Diffie-Hellman group 32, which uses Curve 448.
PFS is a security property in IPSec that ensures that even if an attacker manages to compromise the long-term encryption keys, they will not be able to decrypt past or future communications that were or will be protected with those keys. PFS addresses the vulnerability associated with long-term keys by ensuring that a different, temporary key is used for each session or communication. It is acheived by using key exchange algorithms like Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH).
- set ikev2 profile IKEPROFILE
The command is used in an IPSec profile configuration to specify an IKEv2 profile for the IPSec tunnel.
IKEPROFILE
: Specifies the name of the IKEv2 profile that has been previously configured.
The IKEv2 profile is used in the first phase of the IPSec tunnel establishment to negotiate the security parameters and create the IKEv2 security association (SA). The IPSec profile specifies the transform set that will be used in the second phase of the tunnel establishment.
Note
An IKEv2 profile should be exclusive to one profile. And a profile using an IKEv2 profile should be bound to a tunnel and can’t be used on two tunnels. So for each tunnel, we need an IKEv2 profile and an IPSec profile.
- set security-association lifetime second (120-28800)
The command is used in an IPSec profile to set the lifetime for the security association (SA) for the IPSec tunnel. The lifetime is the time for which an SA will be active before it expires and a new one must be established.
(120-28800)
: The lifetime value in seconds. Valid values are between 120 and 28800 seconds.
Note
Default value is 3600 seconds.
Note
IPSec SAs are installed when the IPSec profile protects a tunnel.
Example: Setup an IPSec profile using IKEv2 and PSK
soodar1(config)# crypto ikev2 proposal PROPOSAL
soodar1(config-ikev2-proposal)# integrity sha-96
soodar1(config-ikev2-proposal)# encryption des
soodar1(config-ikev2-proposal)# group 28
soodar1(config-ikev2-proposal)# crypto ikev2 keyring KEY-1
soodar1(config-ikev2-keyring)# peer PC-1
soodar1(config-ikev2-keyring-peer)# idnetity email pc1@local.net
soodar1(config-ikev2-keyring-peer)# pre-shared-key PSKPASS
soodar1(config-ikev2-keyring-peer)# crypto ikev2 profile profile-ike
soodar1(config-ikev2-profile)# identity local address 9.9.9.9
soodar1(config-ikev2-profile)# match identity remote email pc1@local.net
soodar1(config-ikev2-profile)# keyring local KEY-1
soodar1(config-ikev2-profile)# proposal PROPOSAL
soodar(config)# crypto ipsec transform-set ipsec-tunnel-TS esp hmac sha-96 cipher aes-192
soodar1(config)# crypto ipsec profile ipsec-transport-profile
soodar1(ipsec-profile)# set transform-set ipsec-tunnel-TS
soodar1(ipsec-profile)# set ikev2 profile profile-ike
These commands configure an IKEv2 VPN between soodar1 and PC-1. The configuration includes:
* Creation of an IKEv2 proposal called PROPOSAL with integrity algorithm SHA-96, encryption algorithm DES, and Diffie-Hellman group 28.
* Configuration of an IKEv2 keyring called KEY-1, with PC-1 as a peer. PC-1 is identified by its email identity pc1@local.net. A pre-shared key PSKPASS is configured for authentication.
* Creation of an IKEv2 profile called profile-ike with local identity address 9.9.9.9 and remote identity email pc1@local.net. The profile uses the keyring KEY-1 and the proposal PROPOSAL.
* Configuration of an IPsec transform set named ipsec-tunnel-TS that uses ESP protocol with HMAC-SHA-96 integrity and AES-192 encryption algorithms
* Configuration of an IPsec profile called ipsec-transport-profile, which uses the transform-set ipsec-tunnel-TS and the IKEv2 profile profile-ike.
and in the other router:
soodar2(config)# crypto ikev2 proposal PROPOSAL
soodar2(config-ikev2-proposal)# integrity sha-96
soodar2(config-ikev2-proposal)# encryption des
soodar2(config-ikev2-proposal)# group 28
soodar2(config-ikev2-proposal)# crypto ikev2 keyring KEY-1
soodar2(config-ikev2-keyring)# peer PC-2
soodar2(config-ikev2-keyring-peer)# idnetity address 9.9.9.9
soodar2(config-ikev2-keyring-peer)# pre-shared-key PSKPASS
soodar2(config-ikev2-keyring-peer)# crypto ikev2 profile profile-ike
soodar2(config-ikev2-profile)# identity local email pc1@local.net
soodar2(config-ikev2-profile)# match identity remote address 9.9.9.9
soodar2(config-ikev2-profile)# keyring local KEY-1
soodar2(config-ikev2-profile)# proposal PROPOSAL
soodar(config)# crypto ipsec transform-set ipsec-tunnel-TS esp hmac sha-96 cipher aes-192
soodar2(config)# crypto ipsec profile ipsec-transport-profile
soodar2(ipsec-profile)# set transform-set ipsec-tunnel-TS
soodar2(ipsec-profile)# set ikev2 profile profile-ike
Example: Setup an IPSec profile using IKEv2 and RSA-Sig
We have 2 routers, soodar1
and soodar2
. We have a valid CA and a signed certificate for authentication on each of them.
soodar1
’s certificate has n1.local.net
as SAN, `` and ``soodar2
’s certificate has n2.local.net
as SAN
:
soodar1(config)# crypto ikev2 proposal PROPOSAL
soodar1(config-ikev2-proposal)# integrity sha-384
soodar1(config-ikev2-proposal)# encryption aes
soodar1(config-ikev2-proposal)# group 28
soodar1(config)# crypto ikev2 profile profile-ike
soodar1(config-ikev2-profile)# identity local fqdn n1.local.net
soodar1(config-ikev2-profile)# lifetime 2400
soodar1(config-ikev2-profile)# match identity remote fqdn n2.local.net
soodar1(config-ikev2-profile)# authentication local rsa-sig
soodar1(config-ikev2-profile)# authentication remote rsa-sig
soodar1(config-ikev2-profile)# proposal PROPOSAL
soodar1(config)# crypto ipsec profile ipsec-transport-profile
soodar1(ipsec-profile)# set transform-set ipsec-tunnel-TS
soodar1(ipsec-profile)# set ikev2 profile profile-ike
and in the other router:
soodar2(config)# crypto ikev2 proposal PROPOSAL
soodar2(config-ikev2-proposal)# integrity sha-384
soodar2(config-ikev2-proposal)# encryption aes
soodar2(config-ikev2-proposal)# group 28
soodar2(config)# crypto ikev2 profile profile-ike
soodar2(config-ikev2-profile)# identity local fqdn n2.local.net
soodar2(config-ikev2-profile)# lifetime 2400
soodar2(config-ikev2-profile)# match identity remote fqdn n1.local.net
soodar2(config-ikev2-profile)# authentication local rsa-sig
soodar2(config-ikev2-profile)# authentication remote rsa-sig
soodar2(config-ikev2-profile)# proposal PROPOSAL
soodar2(config)# crypto ipsec profile ipsec-transport-profile
soodar2(ipsec-profile)# set transform-set ipsec-tunnel-TS
soodar2(ipsec-profile)# set ikev2 profile profile-ike
Troubleshooting
To track ipsec/ikev2 profiles state and their initiation state, users can view logs( for initiation state/errors) and SA details.
Logging
Debugging logs can be set in case of need.
- debug ipsec event
log data plane installation processes and results
- debug ipsec vici json
log all incoming VICI messages as json
- debug ipsec vici detail
log all incoming VICI messages as json and raw
To view IPSec detailed logs, use show log ipsec command to view StrongSwan logs.
Show commands
To view current state of ipsec SAs or IKEv2 SAs the following commands are provided in the router:
- show crypto ikev2 sa [detailed] [json]
Shows installed IKEv2 SAs details
soodar# show crypto ikev2 sa
Profile ike-n1-n2
Status: ESTABLISHED
Local: 200.1.2.1
Remote: 200.1.2.2/500
Encr: AES_CBC-128
Hash: HMAC_SHA2_384_192
DH Grp: ECP_256_BP
Life/Active Time: 240/190 sec
soodar# show crypto ikev2 sa detailed
Profile ike-n1-n2
Status: ESTABLISHED
Local: 200.1.2.1
Remote: 200.1.2.2/500
Encr: AES_CBC-128
Hash: HMAC_SHA2_384_192
DH Grp: ECP_256_BP
Life/Active Time: 240/195 sec
Local ID: n1.local.net
Remote ID: n2.local.net
Local SPI: 8b545f20ca649813
Remote SPI: 8b545f20ca649813
Configured DPD: 10 sec
Rekey in: 33 sec
soodar# show crypto ikev2 sa json
[
{
"name": "ike-n1-n2",
"id": "3",
"state": "ESTABLISHED",
"dpd": 10,
"lifetime": 240,
"local-host": "200.1.2.1",
"local-port": "500",
"local-id": "n1.local.net",
"remote-host": "200.1.2.2",
"remote-port": "500",
"remote-id": "n2.local.net",
"initiator": false,
"initiator-spi": "39afd77a4c51edc0",
"responder-spi": "39afd77a4c51edc0",
"established": "218",
"rekey-time": "21",
"encr-alg": "AES_CBC-128",
"integ-alg": "HMAC_SHA2_384_192",
"prf-alg": "PRF_HMAC_SHA2_384",
"dh-group": "ECP_256_BP",
"child-sas": [
{
"name": "ipsec-n1-n2",
"id": "13",
"state": "INSTALLED",
"mode": "TUNNEL",
"protocol": "ESP",
"spi-in": "ccb6c76d",
"spi-out": "c6ccd9e1",
"encr-alg": "AES_CBC-128",
"integ-alg": "HMAC_SHA2_256_128",
"bytes-in": "0",
"packets-in": "0",
"bytes-out": "0",
"packets-out": "0",
"rekey-time": "32",
"life-time": "45",
"install-time": "21"
}
]
}
]
- show crypto ipsec sa [detailed] [json]
Shows installed IPSec SAs details
soodar# show crypto ipsec sa
Profile ipsec-n1-n2
Status: INSTALLED
IKEv2 Profile: ike-n1-n2
Mode: TUNNEL
Protocol: ESP
Encr: AES_CBC-128
Hash: HMAC_SHA2_256_128
Life/Active Time: 66/32 sec
soodar# show crypto ipsec sa detailed
Profile ipsec-n1-n2
Status: INSTALLED
IKEv2 Profile: ike-n1-n2
Mode: TUNNEL
Protocol: ESP
Encr: AES_CBC-128
Hash: HMAC_SHA2_256_128
Life/Active Time: 66/32 sec
Bytes Decrypted: 0
Packets Decrypted: 0
Bytes Encrypted: 0
Packets Encrypted: 0
Inbound SPI: c322afbc
Outbound SPI: c9211ed0
Rekey in: 25 sec
soodar# show crypto ipsec sa json
[
{
"name": "ike-n1-n2",
"id": "4",
"state": "ESTABLISHED",
"dpd": 10,
"lifetime": 240,
"local-host": "200.1.2.1",
"local-port": "500",
"local-id": "n1.local.net",
"remote-host": "200.1.2.2",
"remote-port": "500",
"remote-id": "n2.local.net",
"initiator": false,
"initiator-spi": "9fc4c36e3ecc04ca",
"responder-spi": "9fc4c36e3ecc04ca",
"established": "133",
"rekey-time": "85",
"encr-alg": "AES_CBC-128",
"integ-alg": "HMAC_SHA2_384_192",
"prf-alg": "PRF_HMAC_SHA2_384",
"dh-group": "ECP_256_BP",
"child-sas": [
{
"name": "ipsec-n1-n2",
"id": "16",
"state": "INSTALLED",
"mode": "TUNNEL",
"protocol": "ESP",
"spi-in": "c93bfde8",
"spi-out": "caaea224",
"encr-alg": "AES_CBC-128",
"integ-alg": "HMAC_SHA2_256_128",
"bytes-in": "0",
"packets-in": "0",
"bytes-out": "0",
"packets-out": "0",
"rekey-time": "48",
"life-time": "56",
"install-time": "10"
}
]
}
]