At the moment, I have a problem with my roadwarrior IPSec VPN setup, using strongswan. It looks like it is certificate related, but I cannot figure out how exactly.
I have setup a "local" CA and issued certificates, all created using openssl on a linux machine.
The CA certificate has the following properties:
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
basicConstraints = critical, CA:TRUE
extendedKeyUsage = serverAuth
Valid for 10 years (3650 days)
I have imported this certificate on my iPhone and on my Windows 10 laptop (local machine trusted root ca) and it is also on my OpenWRT router in /etc/ipsec.d/cacerts.
Strongswan (on my OpenWRT device) has the following certificate properties
CN = vpn-fqdn.someddns.com
basicConstraints = CA:FALSE
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth, 1.3.6.1.5.5.8.2.2
subjectAltName = vpn-fqdn.someddns.com
Valid for 1 year
Certificate is in /etc/ipsec.d/certs and private key in /etc/ipsec.d/private
My VPN clients authenticate via MSCHAPv2. ipsec.conf:
conn %default
auto=add
dpdaction=clear
dpddelay=300s
rekey=no
left=%defaultroute
leftid=vpn-fqdn.someddns.com
leftsubnet=0.0.0.0/0,::/0
leftfirewall=yes
lefthostaccess=yes
rightsourceip=%dhcp
rightdns=192.168.196.100
ike=aes256-sha256-modp2048,aes256-sha512-modp4096!
esp=aes256-sha256,aes256-sha1!
conn ikev2-all
keyexchange=ikev2
leftauth=pubkey
leftcert=router.cer
leftsendcert=always
right=%any
rightauth=eap-mschapv2
rightsendcert=never
And Windows also has the dreaded "NegotiateDH2048_AES256" registry key enabled.
Now, my iPhone connects to my vpn without any problems. On Windows, I get "IKE authentication credentials are unacceptable" (error 13801), which could/should be anyone of the following:
- The machine certificate on the RAS server has expired (this is not the case)
- The trusted root certificate to validate the RAS server certificate is absent on the client (this is not the case)
- VPN server name as given on the client doesn’t match the subject name of the server certificate (this is not the case)
- The machine certificate used for IKEv2 validation on RAS Server does not have “Server Authentication” as the EKU (Enhanced Key Usage). (this is also not the case)
So, which is it then? I am left in the dark...
Log for strongswan (yes I know I tested this on the LAN side, but this should also work, iPhone has no problems at all):
daemon.info : 15[NET] received packet: from 192.168.196.20[500] to 94.208.117.89[500] (632 bytes)
daemon.info : 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
daemon.info : 15[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
daemon.info : 15[IKE] received MS-Negotiation Discovery Capable vendor ID
daemon.info : 15[IKE] received Vid-Initial-Contact vendor ID
daemon.info : 15[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
daemon.info : 15[IKE] 192.168.196.20 is initiating an IKE_SA
authpriv.info : 15[IKE] 192.168.196.20 is initiating an IKE_SA
daemon.info : 15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
daemon.info : 11[MGR] ignoring request with ID 0, already processing
daemon.info : 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
daemon.info : 15[NET] sending packet: from 94.208.117.89[500] to 192.168.196.20[500] (456 bytes)
daemon.info : 14[NET] received packet: from 192.168.196.20[4500] to 94.208.117.89[4500] (580 bytes)
daemon.info : 14[ENC] parsed IKE_AUTH request 1 [ EF(1/3) ]
daemon.info : 14[ENC] received fragment #1 of 3, waiting for complete IKE message
daemon.info : 07[NET] received packet: from 192.168.196.20[4500] to 94.208.117.89[4500] (580 bytes)
daemon.info : 07[ENC] parsed IKE_AUTH request 1 [ EF(2/3) ]
daemon.info : 07[ENC] received fragment #2 of 3, waiting for complete IKE message
daemon.info : 07[NET] received packet: from 192.168.196.20[4500] to 94.208.117.89[4500] (548 bytes)
daemon.info : 07[ENC] parsed IKE_AUTH request 1 [ EF(3/3) ]
daemon.info : 07[ENC] received fragment #3 of 3, reassembled fragmented IKE message (1536 bytes)
daemon.info : 07[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
daemon.info : 07[IKE] received cert request for "C=NL, O=Home, CN=HomeCA"
daemon.info : 07[IKE] received 61 cert requests for an unknown ca**
daemon.info : 07[CFG] looking for peer configs matching 94.208.117.89[%any]...192.168.196.20[192.168.196.20]
daemon.info : 07[CFG] selected peer config 'ikev2-all'
daemon.info : 07[IKE] initiating EAP_MSCHAPV2 method (id 0xB3)
daemon.info : 07[IKE] peer supports MOBIKE
daemon.info : 07[IKE] authentication of 'vpn-fqdn.someddns.com' (myself) with RSA signature successful
daemon.info : 07[IKE] sending end entity cert "C=NL, O=Home, CN=vpn-fqdn.someddns.com"
daemon.info : 07[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
daemon.info : 07[ENC] splitting IKE message (2128 bytes) into 2 fragments
daemon.info : 07[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
daemon.info : 07[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
daemon.info : 07[NET] sending packet: from 94.208.117.89[4500] to 192.168.196.20[4500] (1236 bytes)
daemon.info : 07[NET] sending packet: from 94.208.117.89[4500] to 192.168.196.20[4500] (964 bytes)
daemon.info : 06[JOB] deleting half open IKE_SA with 192.168.196.20 after timeout
I am a bit worried about these lines:
daemon.info : 07[IKE] received cert request for "C=NL, O=Home, CN=HomeCA"
daemon.info : 07[IKE] received 61 cert requests for an unknown ca**
Is windows sending all known CA certificates because it cannot find a matching one? Or is my CA cert missing some property?