Authentication

Strongswan eap-identity 無可信證書

  • May 21, 2019

這是情況:

  • GW 在 CentOS7 上安裝了 Strongswan 5.7.2 並載入了這些外掛:

charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 隨機 nonce x509 撤銷約束 acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters

  • 同一個 CA 機構簽署了所有證書(對於 GW 和客戶端的身份)
  • 客戶端處於 Roadwarrior 模式,在 Windows 10 上
  • ipsec.conf:
# VPN connections
conn %default
       mobike=yes
       esp=aes256gcm128-sha512-modp4096,aes256-sha1-modp1024!
       ike=aes256gcm128-sha512-modp4096,aes256-sha384-modp1024!
       eap_identity=%any
       keyexchange=ikev2
       forceencaps=yes
       auto=add

conn IKEv2-eap
       leftauth=pubkey
       leftfirewall=yes
       leftcert=gwCert.pem
       leftsubnet=0.0.0.0/0
       right=%any
       rightsourceip=10.3.0.0/24
       rightsendcert=never
       rightdns=134.158.128.2,134.158.128.6
       rightauth=eap-tls
       eap_identity=%identity
  • ipsec.secrets:
# ipsec.secrets - strongSwan IPsec secrets file
: RSA gwKey.pem
  • GW證書:
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 62767 (0xf52f)
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=FR, O=Organization, CN=IntermediateAuthority
       Validity
           Not Before: May 20 13:26:11 2019 GMT
           Not After : May 19 13:26:11 2021 GMT
       Subject: C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld/emailAddress=contact@domain.tld
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (2048 bit)
               Modulus:
                   ...
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Basic Constraints: critical
               CA:FALSE
           Netscape Cert Type:
               SSL Client, SSL Server
           X509v3 Key Usage: critical
               Digital Signature, Non Repudiation, Key Encipherment
           X509v3 Extended Key Usage:
               TLS Web Server Authentication, TLS Web Client Authentication
           Netscape Comment:
               Certificat serveur IntermediateAuthority
           X509v3 Subject Key Identifier:
               ...
           X509v3 Authority Key Identifier:
               keyid:...
               DirName:/C=FR/O=Organization/CN=RootAuthority
               serial:03

           X509v3 Subject Alternative Name:
               email:contact@domain.tld
           X509v3 CRL Distribution Points:

               Full Name:
                 URI:http://crls.domain.tld/IntermediateAuthority/getder.crl

   Signature Algorithm: sha1WithRSAEncryption
        ...
  • 客戶證書:
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number: 62711 (0xf4f7)
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=FR, O=Organization, CN=IntermediateAuthority
       Validity
           Not Before: May 15 08:58:59 2019 GMT
           Not After : May 14 08:58:59 2021 GMT
       Subject: C=FR, O=Organization, OU=OUnit, CN=My Name/emailAddress=contact@domain.tld
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (2048 bit)
               Modulus:
                   ...
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Basic Constraints: critical
               CA:FALSE
           Netscape Cert Type:
               SSL Client, S/MIME, Object Signing
           X509v3 Key Usage: critical
               Digital Signature, Non Repudiation, Key Encipherment
           Netscape Comment:
               Certificat IntermediateAuthority.
           X509v3 Subject Key Identifier:
               ...
           X509v3 Authority Key Identifier:
               keyid:...
               DirName:/C=FR/O=Organization/CN=RootAuthority
               serial:03

           X509v3 Subject Alternative Name:
               email:contact@domain.tld
           X509v3 CRL Distribution Points:

               Full Name:
                 URI:http://crls.domain.tld/IntermediateAuthority/getder.crl

   Signature Algorithm: sha1WithRSAEncryption
        ...
  • charon.log:
May 21 10:27:04 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 3.10.0-957.12.2.el7.x86_64, x86_64)
May 21 10:27:04 00[CFG] PKCS11 module '<name>' lacks library path
May 21 10:27:04 00[LIB] openssl FIPS mode(2) - enabled
May 21 10:27:04 00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
May 21 10:27:04 00[CFG]   loaded ca certificate "C=FR, O=Organization, CN=IntermediateAuthority" from '/etc/strongswan/ipsec.d/cacerts/ca-std.pem'
May 21 10:27:04 00[CFG]   loaded ca certificate "C=FR, O=Organization, CN=RootAuthority" from '/etc/strongswan/ipsec.d/cacerts/ca.pem'
May 21 10:27:04 00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
May 21 10:27:04 00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
May 21 10:27:04 00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
May 21 10:27:04 00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
May 21 10:27:04 00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
May 21 10:27:04 00[CFG]   loaded RSA private key from '/etc/strongswan/ipsec.d/private/gwKey.pem'
May 21 10:27:04 00[CFG]   loaded EAP secret for user
May 21 10:27:04 00[CFG]   loaded EAP secret for My Name
May 21 10:27:04 00[CFG] opening triplet file /etc/strongswan/ipsec.d/triplets.dat failed: No such file or directory
May 21 10:27:04 00[CFG] loaded 0 RADIUS server configurations
May 21 10:27:04 00[CFG] HA config misses local/remote address
May 21 10:27:04 00[CFG] no script for ext-auth script defined, disabled
May 21 10:27:04 00[LIB] loaded plugins: charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters
May 21 10:27:04 00[JOB] spawning 16 worker threads
May 21 10:27:04 05[CFG] received stroke: add connection 'IKEv2-eap'
May 21 10:27:04 05[CFG] adding virtual IP address pool 10.3.0.0/24
May 21 10:27:04 05[CFG]   loaded certificate "C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld, E=contact@domain.tld" from 'gwCert.pem'
May 21 10:27:04 05[CFG]   id '%any' not confirmed by certificate, defaulting to 'C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld, E=contact@domain.tld'
May 21 10:27:04 05[CFG] added configuration 'IKEv2-eap'
May 21 10:27:11 12[NET] <1> received packet: from 172.10.128.210[500] to 172.10.130.248[500] (624 bytes)
May 21 10:27:11 12[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
May 21 10:27:11 12[IKE] <1> received MS NT5 ISAKMPOAKLEY v9 vendor ID
May 21 10:27:11 12[IKE] <1> received MS-Negotiation Discovery Capable vendor ID
May 21 10:27:11 12[IKE] <1> received Vid-Initial-Contact vendor ID
May 21 10:27:11 12[ENC] <1> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
May 21 10:27:11 12[IKE] <1> 172.10.128.210 is initiating an IKE_SA
May 21 10:27:11 12[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
May 21 10:27:11 12[IKE] <1> faking NAT situation to enforce UDP encapsulation
May 21 10:27:11 12[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
May 21 10:27:11 12[NET] <1> sending packet: from 172.10.130.248[500] to 172.10.128.210[500] (320 bytes)
May 21 10:27:11 15[NET] <1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 15[ENC] <1> parsed IKE_AUTH request 1 [ EF(1/3) ]
May 21 10:27:11 15[ENC] <1> received fragment #1 of 3, waiting for complete IKE message
May 21 10:27:11 15[NET] <1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 15[ENC] <1> parsed IKE_AUTH request 1 [ EF(2/3) ]
May 21 10:27:11 15[ENC] <1> received fragment #2 of 3, waiting for complete IKE message
May 21 10:27:11 16[NET] <1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (332 bytes)
May 21 10:27:11 16[ENC] <1> parsed IKE_AUTH request 1 [ EF(3/3) ]
May 21 10:27:11 16[ENC] <1> received fragment #3 of 3, reassembled fragmented IKE message (1320 bytes)
May 21 10:27:11 16[ENC] <1> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
May 21 10:27:11 16[IKE] <1> received cert request for "C=FR, O=Organization, CN=IntermediateAuthority"
May 21 10:27:11 16[IKE] <1> received cert request for "C=FR, O=Organization, CN=RootAuthority"
May 21 10:27:11 16[IKE] <1> received 47 cert requests for an unknown ca
May 21 10:27:11 16[CFG] <1> looking for peer configs matching 172.10.130.248[%any]...172.10.128.210[172.10.128.210]
May 21 10:27:11 16[CFG] <IKEv2-eap|1> selected peer config 'IKEv2-eap'
May 21 10:27:11 16[IKE] <IKEv2-eap|1> initiating EAP_IDENTITY method (id 0x00)
May 21 10:27:11 16[IKE] <IKEv2-eap|1> peer supports MOBIKE
May 21 10:27:11 16[IKE] <IKEv2-eap|1> authentication of 'C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld, E=contact@domain.tld' (myself) with RSA signature successful
May 21 10:27:11 16[IKE] <IKEv2-eap|1> sending end entity cert "C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld, E=contact@domain.tld"
May 21 10:27:11 16[ENC] <IKEv2-eap|1> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
May 21 10:27:11 16[ENC] <IKEv2-eap|1> splitting IKE message (1656 bytes) into 2 fragments
May 21 10:27:11 16[ENC] <IKEv2-eap|1> generating IKE_AUTH response 1 [ EF(1/2) ]
May 21 10:27:11 16[ENC] <IKEv2-eap|1> generating IKE_AUTH response 1 [ EF(2/2) ]
May 21 10:27:11 16[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (1244 bytes)
May 21 10:27:11 16[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (492 bytes)
May 21 10:27:11 15[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (104 bytes)
May 21 10:27:11 15[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
May 21 10:27:11 15[IKE] <IKEv2-eap|1> received EAP identity 'My Name'
May 21 10:27:11 15[IKE] <IKEv2-eap|1> initiating EAP_TLS method (id 0xC9)
May 21 10:27:11 15[ENC] <IKEv2-eap|1> generating IKE_AUTH response 2 [ EAP/REQ/TLS ]
May 21 10:27:11 15[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (88 bytes)
May 21 10:27:11 07[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (248 bytes)
May 21 10:27:11 07[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 3 [ EAP/RES/TLS ]
May 21 10:27:11 07[TLS] <IKEv2-eap|1> negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
May 21 10:27:11 07[TLS] <IKEv2-eap|1> sending TLS server certificate 'C=FR, O=Organization, OU=OUnit, CN=vpn.domain.tld, E=contact@domain.tld'
May 21 10:27:11 07[TLS] <IKEv2-eap|1> sending TLS intermediate certificate 'C=FR, O=Organization, CN=IntermediateAuthority'
May 21 10:27:11 07[TLS] <IKEv2-eap|1> sending TLS cert request for 'C=FR, O=Organization, CN=IntermediateAuthority'
May 21 10:27:11 07[TLS] <IKEv2-eap|1> sending TLS cert request for 'C=FR, O=Organization, CN=RootAuthority'
May 21 10:27:11 07[ENC] <IKEv2-eap|1> generating IKE_AUTH response 3 [ EAP/REQ/TLS ]
May 21 10:27:11 07[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (1112 bytes)
May 21 10:27:11 05[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (88 bytes)
May 21 10:27:11 05[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 4 [ EAP/RES/TLS ]
May 21 10:27:11 05[ENC] <IKEv2-eap|1> generating IKE_AUTH response 4 [ EAP/REQ/TLS ]
May 21 10:27:11 05[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (1112 bytes)
May 21 10:27:11 08[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (88 bytes)
May 21 10:27:11 08[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 5 [ EAP/RES/TLS ]
May 21 10:27:11 08[ENC] <IKEv2-eap|1> generating IKE_AUTH response 5 [ EAP/REQ/TLS ]
May 21 10:27:11 08[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (744 bytes)
May 21 10:27:11 09[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 09[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 6 [ EF(1/3) ]
May 21 10:27:11 09[ENC] <IKEv2-eap|1> received fragment #1 of 3, waiting for complete IKE message
May 21 10:27:11 09[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 09[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 6 [ EF(2/3) ]
May 21 10:27:11 09[ENC] <IKEv2-eap|1> received fragment #2 of 3, waiting for complete IKE message
May 21 10:27:11 09[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (492 bytes)
May 21 10:27:11 09[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 6 [ EF(3/3) ]
May 21 10:27:11 09[ENC] <IKEv2-eap|1> received fragment #3 of 3, reassembled fragmented IKE message (1480 bytes)
May 21 10:27:11 09[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 6 [ EAP/RES/TLS ]
May 21 10:27:11 09[ENC] <IKEv2-eap|1> generating IKE_AUTH response 6 [ EAP/REQ/TLS ]
May 21 10:27:11 09[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (88 bytes)
May 21 10:27:11 13[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 13[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 7 [ EF(1/3) ]
May 21 10:27:11 13[ENC] <IKEv2-eap|1> received fragment #1 of 3, waiting for complete IKE message
May 21 10:27:11 13[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (588 bytes)
May 21 10:27:11 13[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 7 [ EF(2/3) ]
May 21 10:27:11 13[ENC] <IKEv2-eap|1> received fragment #2 of 3, waiting for complete IKE message
May 21 10:27:11 13[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (316 bytes)
May 21 10:27:11 13[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 7 [ EF(3/3) ]
May 21 10:27:11 13[ENC] <IKEv2-eap|1> received fragment #3 of 3, reassembled fragmented IKE message (1304 bytes)
May 21 10:27:11 13[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 7 [ EAP/RES/TLS ]
May 21 10:27:11 13[TLS] <IKEv2-eap|1> received TLS peer certificate 'C=FR, O=Organization, OU=OUnit, CN=My Name, E=contact@domain.tld'
May 21 10:27:11 13[TLS] <IKEv2-eap|1> received TLS intermediate certificate 'C=FR, O=Organization, CN=IntermediateAuthority'
May 21 10:27:11 13[TLS] <IKEv2-eap|1> no trusted certificate found for 'My Name' to verify TLS peer
May 21 10:27:11 13[TLS] <IKEv2-eap|1> sending fatal TLS alert 'certificate unknown'
May 21 10:27:11 13[ENC] <IKEv2-eap|1> generating IKE_AUTH response 7 [ EAP/REQ/TLS ]
May 21 10:27:11 13[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (104 bytes)
May 21 10:27:11 06[NET] <IKEv2-eap|1> received packet: from 172.10.128.210[4500] to 172.10.130.248[4500] (88 bytes)
May 21 10:27:11 06[ENC] <IKEv2-eap|1> parsed IKE_AUTH request 8 [ EAP/RES/TLS ]
May 21 10:27:11 06[IKE] <IKEv2-eap|1> EAP method EAP_TLS failed for peer 172.10.128.210
May 21 10:27:11 06[ENC] <IKEv2-eap|1> generating IKE_AUTH response 8 [ EAP/FAIL ]
May 21 10:27:11 06[NET] <IKEv2-eap|1> sending packet: from 172.10.130.248[4500] to 172.10.128.210[4500] (88 bytes)
  • 主機名 GW:vpn.domain.tld

問題是我的 Windows 客戶端安裝隧道,但不接受身份驗證可能是因為 charon.log 中的這些行:

May 21 10:27:11 13[TLS] <IKEv2-eap|1> received TLS peer certificate 'C=FR, O=Organization, OU=OUnit, CN=My Name, E=contact@domain.tld'
May 21 10:27:11 13[TLS] <IKEv2-eap|1> received TLS intermediate certificate 'C=FR, O=Organization, CN=IntermediateAuthority'
May 21 10:27:11 13[TLS] <IKEv2-eap|1> no trusted certificate found for 'My Name' to verify TLS peer
May 21 10:27:11 13[TLS] <IKEv2-eap|1> sending fatal TLS alert 'certificate unknown'

我的配置有什麼問題?

客戶端發送的 EAP 身份(顯然是“我的名字”)與完整的主題專有名稱 (DN) 或任何主題可選名稱 (SAN) 擴展的值和類型都不匹配。由於 strongSwan 不會將身份與 DN 的某些部分進行匹配,例如CN相對專有名稱 (RDN) - 甚至對於 EAP-TLS 也不適用 - 找不到用於確認身份的證書。

兩種可能的解決方案:

  1. 如果客戶端允許,讓它發送一個不同的身份,例如完整的 DN,或電子郵件地址,它作為 SAN 包含在證書中。不過,我認為這對於 Windows 客戶端是不可能的
  2. 如果客戶端總是將CNRDN 的值作為 EAP 身份發送,則需要更改客戶端證書:
  • 更改CN以匹配其中一個 SAN,在這種情況下,您可以將其設置為電子郵件地址(如有必要,該人的姓名可以編碼為S- 對於姓氏 - 和G- 對於給定名稱 - DN 中的 RDN)。
  • 另一種方法是添加一個dNSName SAN,其值為“My Name”,即與該CN值匹配。雖然這在技術上不是一個有效的域名(由於空格),但它應該與 EAP 身份匹配,因為它被 strongSwan解析為類型的身份ID_FQDN(這是它的備份類型)。

引用自:https://serverfault.com/questions/968190