Linux

StrongSwan Linux 客戶端拒絕連接到 StrongSwan 伺服器

  • May 4, 2021

我在 Ubuntu 18.04 伺服器上設置了 StrongSwan VPN 伺服器,並且執行良好。我能夠從 Windows 10 和 macOS 連接到這個 VPN,並且一切正常。問題是我無法讓 Linux 使用 StrongSwan 客戶端連接到同一台 VPN 伺服器。

Linux 客戶端只是一個公路戰士場景,我使用 charon-cmd 進行按需 VPN 連接,如下所示:

root@ubuntu:~# charon-cmd --cert DigiCertCA.crt --host vpn.example.com --identity <myuser>

00[LIB] created TUN device: ipsec0
00[LIB] dropped capabilities, running as uid 0, gid 0
00[DMN] Starting charon-cmd IKE client (strongSwan 5.3.5, Linux 4.4.0-142-generic, x86_64)
00[LIB] loaded plugins: charon-cmd aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm kernel-libipsec kernel-netlink resolve socket-default eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic
00[JOB] spawning 16 worker threads
15[IKE] initiating IKE_SA cmd[1] to XX.YYY.199.103
15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
15[NET] sending packet: from 192.168.1.29[60971] to XX.YYY.199.103[4500] (1256 bytes)
16[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[60971] (38 bytes)
16[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
16[IKE] peer didn't accept DH group MODP_2048, it requested MODP_3072
16[IKE] initiating IKE_SA cmd[1] to XX.YYY.199.103
16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
16[NET] sending packet: from 192.168.1.29[60971] to XX.YYY.199.103[4500] (1384 bytes)
05[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[60971] (584 bytes)
05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
05[IKE] local host is behind NAT, sending keep alives
05[IKE] remote host is behind NAT
05[IKE] establishing CHILD_SA cmd
05[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
05[NET] sending packet: from 192.168.1.29[50969] to XX.YYY.199.103[4500] (304 bytes)
04[NET] received packet: from XX.YYY.199.103[4500] to 192.168.1.29[50969] (3408 bytes)
04[ENC] parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID N(AUTH_FOLLOWS) ]
04[IKE] received end entity cert "C=US, ST=Massachusetts, L=Needham Heights, O=Example Corporation, CN=*.example.com"
04[IKE] received issuer cert "C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1"
04[IKE] no trusted RSA public key found for '10.1.1.4'
04[ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
04[NET] sending packet: from 192.168.1.29[50969] to XX.YYY.199.103[4500] (80 bytes)

請注意,上述日誌末尾附近的錯誤是***“notrusted RSA public key found for 10.1.1.4”***。該 IP 地址是 StrongSwan 伺服器機器的經過 NAT 處理的“內部”IP 地址。同一台機器的面向公眾的 IP 地址是 XX.YY.199.103。

在 charon-cmd 命令行中,我指定 –cert DigiCertCA.crt 因為這是 CA 的中間證書,它為我們的伺服器頒發了主證書。

我用Google搜尋了錯誤“沒有為(IP-addr)找到受信任的RSA公鑰”並找到了一些討論,但到目前為止沒有任何建議對我有幫助。有人可以幫忙解決這個問題嗎?我重新頒發了一個 SAN 名稱與客戶端用於連​​接的名稱完全匹配的證書,因為我知道 StrongSwan 通常不喜歡萬用字元證書。但是添加 SAN 名稱並沒有幫助。

這是 StrongSwan 的伺服器端配置。請記住,從 Windows 10 和 macOS 連接時,所有這些伺服器配置都可以正常工作。

伺服器端文件:/etc/ipsec.conf

config setup
   charondebug="ike 1, knl 1, cfg 0"
   uniqueids=no

conn ikev2-vpn
   auto=add
   ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024
   compress=no
   type=tunnel
   keyexchange=ikev2
   fragmentation=yes
   forceencaps=yes
   dpdaction=clear
   dpddelay=300s
   rekey=no
   left=%any
   leftid=@*.example.com
   leftcert=example_com.crt
   leftsendcert=always
   leftsubnet=0.0.0.0/0
   right=%any
   rightid=%any
   rightauth=eap-mschapv2
   rightsourceip=10.10.1.0/16
   rightdns=8.8.8.8,8.8.4.4
   rightsendcert=never
   eap_identity=%identity

伺服器證書(本次討論的真實域名更改為 example.com,但其他一切都是準確的)。請注意,這是一個萬用字元證書,其中“CN”名稱帶有星號。但是,還請注意,有一個 SAN(主題備用名稱),其名稱與我從客戶端用於訪問伺服器的確切名稱相同,在本例中為 vpn.example.com。

root@base:/etc/ipsec.d/certs# openssl x509 -in example_com.crt -text
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           09:11:4c:4d:84:9b:3a:c4:16:31:d8:4b:12:52:1b:0f
       Signature Algorithm: sha256WithRSAEncryption
       Issuer: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
       Validity
           Not Before: Apr 22 00:00:00 2021 GMT
           Not After : May 23 23:59:59 2022 GMT
       Subject: C = US, ST = Massachusetts, L = Needham Heights, O = Example Corporation, CN = *.example.com
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               RSA Public-Key: (2048 bit)
               Modulus:
                   00:af:76:1f:f6:9a:e4:a5:2f:12:f1:e3:80:de:46:
                   4e:61:39:17:87:9d:d0:d5:13:9a:2e:8d:aa:cb:2a:
                   1c:28:8e:27:27:54:df:bb:c9:2a:fb:74:a1:b0:96:
                   1c:21:3d:26:8f:63:03:1b:45:36:6b:a3:46:07:dd:
                   44:6e:a6:db:e5:db:e5:4d:5f:e2:5a:21:5e:d4:a2:
                   d6:02:11:71:4b:89:8e:93:dd:d2:ef:13:b2:55:74:
                   d4:eb:e1:ad:ec:70:76:b3:8b:a8:f0:ae:60:39:f2:
                   1e:5b:f6:a7:a6:e3:ad:b5:8c:6b:a5:25:fa:fc:ac:
                   05:03:16:ab:77:37:d4:14:8c:28:46:9e:37:f7:d9:
                   3c:63:4e:a5:ea:e7:14:0c:46:e9:43:4b:45:f9:f6:
                   8f:6c:db:6d:da:9b:1d:98:d5:e3:dd:be:a2:8f:2a:
                   d2:66:e6:92:38:49:aa:e4:4b:52:8b:c2:28:79:f6:
                   32:94:99:56:78:5a:b3:c3:98:cd:f8:fd:2b:37:e8:
                   25:ae:5b:31:43:82:42:d2:35:95:c3:53:d0:31:09:
                   da:61:23:4c:08:42:68:08:50:d2:ef:26:60:5d:01:
                   9f:6f:ed:25:40:02:98:29:e9:19:bf:7f:98:b5:45:
                   4c:c8:5d:1d:8f:31:da:bc:de:42:45:ed:51:2e:da:
                   7f:5d
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Authority Key Identifier:
               keyid:B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
           X509v3 Subject Key Identifier:
               E2:30:0F:0F:D7:96:0B:BE:4A:19:55:54:2B:D4:1A:2F:E9:11:40:A3
           X509v3 Subject Alternative Name:
               DNS:*.example.com, DNS:example.com, DNS:vpn.example.com
           X509v3 Key Usage: critical
               Digital Signature, Key Encipherment
           X509v3 Extended Key Usage:
               TLS Web Server Authentication, TLS Web Client Authentication
           X509v3 CRL Distribution Points:
               Full Name:
                 URI:http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
               Full Name:
                 URI:http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl
           X509v3 Certificate Policies:
               Policy: 2.23.140.1.2.2
                 CPS: http://www.digicert.com/CPS
           Authority Information Access:
               OCSP - URI:http://ocsp.digicert.com
               CA Issuers - URI:http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt
           X509v3 Basic Constraints: critical
               CA:FALSE
           CT Precertificate SCTs:
               Signed Certificate Timestamp:
                   Version   : v1 (0x0)
                   Log ID    : 46:A5:55:EB:75:FA:91:20:30:B5:A2:89:69:F4:F3:7D:                                11:2C:41:74:BE:FD:49:B8:85:AB:F2:FC:70:FE:6D:47
                   Timestamp : Apr 22 20:58:13.047 2021 GMT
                   Extensions: none
                   Signature : ecdsa-with-SHA256
                               30:44:02:20:55:BC:68:21:95:C6:A7:AF:82:B9:BC:C3:
                               2B:82:49:E5:F9:88:EA:90:96:8B:27:17:4A:5D:E1:B3:
                               F2:D3:03:92:02:20:0D:24:0B:20:5D:17:F6:5A:F9:67:
                               5B:A4:67:A2:64:8F:F4:9C:F7:95:A2:30:BE:AC:69:57:
                               EB:3F:2D:EC:70:7E
               Signed Certificate Timestamp:
                   Version   : v1 (0x0)
                   Log ID    : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:                                E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
                   Timestamp : Apr 22 20:58:12.955 2021 GMT
                   Extensions: none
                   Signature : ecdsa-with-SHA256
                               30:45:02:21:00:AC:04:98:CB:33:16:0A:5E:A6:83:AA:
                               20:BB:B2:15:00:73:6B:BA:B6:DD:AB:8C:BF:4E:09:42:
                               43:AF:BF:CA:7F:02:20:23:29:7D:F7:3E:6F:C5:70:CE:
                               8F:E1:40:B7:F9:84:39:29:D0:06:12:7B:58:4A:11:D9:
                               8A:14:60:D1:CF:51:3A
               Signed Certificate Timestamp:
                   Version   : v1 (0x0)
                   Log ID    : 41:C8:CA:B1:DF:22:46:4A:10:C6:A1:3A:09:42:87:5E:                                4E:31:8B:1B:03:EB:EB:4B:C7:68:F0:90:62:96:06:F6
                   Timestamp : Apr 22 20:58:12.964 2021 GMT
                   Extensions: none
                   Signature : ecdsa-with-SHA256
                               30:45:02:20:15:E7:1D:C7:A4:61:33:A8:41:91:42:FD:
                               53:31:98:AB:ED:20:07:12:2A:FA:D7:AA:86:67:44:88:
                               29:41:7A:6B:02:21:00:EE:1A:9C:7E:80:30:1E:26:D3:
                               6E:2A:BF:32:C9:46:AB:C3:F1:9D:85:F8:71:B9:75:D9:
                               1F:DE:86:58:84:C1:32
   Signature Algorithm: sha256WithRSAEncryption
        46:80:80:28:cf:e2:95:e4:1e:ef:40:12:fb:c8:d9:5b:57:1e:
        cd:b1:8c:94:11:87:ec:09:b7:43:57:27:79:f6:61:38:86:ba:
        3b:f7:b9:16:79:b4:c9:86:d5:cf:d8:49:9e:ec:a1:a1:d5:1d:
        e0:6c:9d:38:71:6c:f6:f2:90:3a:88:18:cc:6d:d1:c0:90:2d:
        bb:e4:96:be:e6:b3:cb:04:af:09:6c:e5:b9:17:e7:6d:45:1e:
        42:c5:eb:ef:e2:3f:91:55:76:39:1b:2c:75:12:d9:a1:bd:2e:
        bc:18:f8:e8:ed:f4:be:75:5b:c6:0d:6a:ec:6a:3d:15:d9:7c:
        35:5d:98:46:bf:10:d7:56:7b:a2:55:23:29:21:3c:2e:3e:6f:
        39:0f:0d:a0:a6:3e:3d:9c:70:b9:0c:ce:92:2b:7b:ca:bb:67:
        97:1e:1a:a8:08:c7:54:b4:96:79:00:32:9b:50:b5:1f:09:d9:
        ab:be:aa:42:1d:68:a1:87:a1:26:36:a4:f4:c7:56:27:20:72:
        c6:f5:f6:47:ee:ac:9e:b3:03:9e:95:0e:f0:61:cb:a6:75:71:
        11:c6:ee:fb:44:08:e1:25:3c:77:9a:99:97:2a:62:56:54:99:
        8e:3d:a7:4b:cc:20:38:23:d5:c5:b5:9f:67:0f:c8:6c:5f:f2:
        f2:6d:e4:32

來自 DigiCert 的 CA 證書。我在客戶端有這個證書的副本,並且在“charon-cmd”的 –cert 參數中指定了這個文件。

root@base:/etc/ipsec.d/cacerts# openssl x509 -in DigiCertCA.crt -text
Certificate:
   Data:
       Version: 3 (0x2)
       Serial Number:
           0a:35:08:d5:5c:29:2b:01:7d:f8:ad:65:c0:0f:f7:e4
       Signature Algorithm: sha256WithRSAEncryption
       Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
       Validity
           Not Before: Sep 24 00:00:00 2020 GMT
           Not After : Sep 23 23:59:59 2030 GMT
       Subject: C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1        Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               RSA Public-Key: (2048 bit)
               Modulus:
                   00:c1:4b:b3:65:47:70:bc:dd:4f:58:db:ec:9c:ed:
                   c3:66:e5:1f:31:13:54:ad:4a:66:46:1f:2c:0a:ec:
                   64:07:e5:2e:dc:dc:b9:0a:20:ed:df:e3:c4:d0:9e:
                   9a:a9:7a:1d:82:88:e5:11:56:db:1e:9f:58:c2:51:
                   e7:2c:34:0d:2e:d2:92:e1:56:cb:f1:79:5f:b3:bb:
                   87:ca:25:03:7b:9a:52:41:66:10:60:4f:57:13:49:
                   f0:e8:37:67:83:df:e7:d3:4b:67:4c:22:51:a6:df:
                   0e:99:10:ed:57:51:74:26:e2:7d:c7:ca:62:2e:13:
                   1b:7f:23:88:25:53:6f:c1:34:58:00:8b:84:ff:f8:
                   be:a7:58:49:22:7b:96:ad:a2:88:9b:15:bc:a0:7c:
                   df:e9:51:a8:d5:b0:ed:37:e2:36:b4:82:4b:62:b5:
                   49:9a:ec:c7:67:d6:e3:3e:f5:e3:d6:12:5e:44:f1:
                   bf:71:42:7d:58:84:03:80:b1:81:01:fa:f9:ca:32:
                   bb:b4:8e:27:87:27:c5:2b:74:d4:a8:d6:97:de:c3:
                   64:f9:ca:ce:53:a2:56:bc:78:17:8e:49:03:29:ae:
                   fb:49:4f:a4:15:b9:ce:f2:5c:19:57:6d:6b:79:a7:
                   2b:a2:27:20:13:b5:d0:3d:40:d3:21:30:07:93:ea:
                   99:f5
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Subject Key Identifier:
               B7:6B:A2:EA:A8:AA:84:8C:79:EA:B4:DA:0F:98:B2:C5:95:76:B9:F4
           X509v3 Authority Key Identifier:
               keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
           X509v3 Key Usage: critical
               Digital Signature, Certificate Sign, CRL Sign
           X509v3 Extended Key Usage:
               TLS Web Server Authentication, TLS Web Client Authentication
           X509v3 Basic Constraints: critical
               CA:TRUE, pathlen:0
           Authority Information Access:
               OCSP - URI:http://ocsp.digicert.com
               CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalRootCA.crt
           X509v3 CRL Distribution Points:
               Full Name:
                 URI:http://crl3.digicert.com/DigiCertGlobalRootCA.crl
               Full Name:
                 URI:http://crl4.digicert.com/DigiCertGlobalRootCA.crl
           X509v3 Certificate Policies:
               Policy: 2.23.140.1.1
               Policy: 2.23.140.1.2.1
               Policy: 2.23.140.1.2.2
               Policy: 2.23.140.1.2.3
   Signature Algorithm: sha256WithRSAEncryption
        77:ab:b7:7a:27:3d:ae:bb:f6:7f:e0:5a:56:c9:84:aa:ca:5b:
        71:17:dd:22:47:fc:4e:9f:ee:d0:c1:a4:04:e1:a3:eb:c5:49:
        c1:fd:d1:c9:df:8c:af:94:45:2c:46:2a:a3:63:39:20:f9:9e:
        4a:24:94:41:c8:a9:d9:e2:9c:54:05:06:cb:5c:1c:be:00:1b:
        0f:a8:5a:ff:19:bb:65:c7:16:af:21:56:dd:61:05:c9:e9:8f:
        98:76:df:6b:1b:d0:72:0c:50:b9:30:29:7a:bf:60:59:10:66:
        13:3a:2d:ac:15:11:6c:2d:23:0c:02:3e:05:3b:fe:e5:a1:9c:
        e2:8a:db:87:d7:4a:e8:5e:e7:48:06:eb:ab:12:9a:f2:af:84:
        c3:5b:83:4a:99:81:83:ab:00:a1:ca:0a:3c:4c:a2:25:89:2a:
        22:a7:a4:f3:33:4c:5b:8c:2e:1a:02:97:0f:9d:8f:6d:2d:95:
        08:fb:4f:da:f1:91:38:25:e1:9c:6e:61:18:87:6a:ce:b1:bb:
        00:30:6a:9b:b7:af:da:f1:c5:97:fe:8a:78:24:aa:ea:93:80:
        ba:33:65:7a:bc:a1:77:e9:7f:69:14:0b:00:3f:77:92:b1:4d:
        5b:73:87:0a:13:d0:9c:c8:f2:4b:39:4f:52:84:49:a6:4c:90:
        4e:1f:f7:b4

好吧,對於將來偶然發現此問題的任何人,解決方案是修改 /etc/ipsec.conf 文件,如下所示:

config setup
   charondebug="ike 1, knl 1, cfg 0"
   uniqueids=no

conn ikev2-vpn
   auto=add
   ike=aes256-aes128-sha256-sha1-modp3072-modp2048-modp1024
   compress=no
   type=tunnel
   keyexchange=ikev2
   fragmentation=yes
   forceencaps=yes
   dpdaction=clear
   dpddelay=300s
   rekey=no
   left=%any
   leftid=vpn.example.com
   leftcert=example_com.crt
   leftsendcert=always
   leftsubnet=0.0.0.0/0
   right=%any
   rightid=%any
   rightauth=eap-mschapv2
   rightsourceip=10.10.1.0/16
   rightdns=8.8.8.8,8.8.4.4
   rightsendcert=never
   eap_identity=%identity

我猜 StrongSwan 對“leftid”參數非常挑剔——它必須與證書的 SAN 名稱中的內容完全匹配,並且必須與 charon-cmd 的 –host 參數中的內容完全匹配。

如果 StrongSwan 有一條日誌消息告訴您為什麼“沒有為 10.1.1.4 找到受信任的 RSA 公鑰”,那就太好了。相反,這是數小時的反複試驗和在黑暗中摸索,隨意嘗試這個和那個。

引用自:https://serverfault.com/questions/1061334