KAME IPsec Tools (racoon)

From NTA-Wiki

Revision as of 17:58, 5 March 2007 by Royhills (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Platform Notes

IPsec-Tools is a port of KAME's IPsec utilities. It supports Linux 2.6, NetBSD and FreeBSD. The IKE daemon is called racoon. The original KAME IPsec implementation supported FreeBSD, OpenBSD and NetBSD.

racoon is used as the IKE daemon for the Gnat Box Firewall.

Version History

racoon was originally part of the KAME project. It was forked by the IPsec Tools project, which added several new features.

Backoff Pattern

racoon has the default six-packet backoff pattern:

0, 10, 10, 10, 10, 10

Here is an example of racoon 0.6.6 running on Debian Etch.

$ ike-scan -M --showbackoff 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=343bf3cbe1c4669d)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

IKE Backoff Patterns:

IP Address      No.     Recv time               Delta Time
172.16.3.18     1       1173104878.710748       0.000000
172.16.3.18     2       1173104888.685466       9.974718
172.16.3.18     3       1173104898.717171       10.031705
172.16.3.18     4       1173104908.732238       10.015067
172.16.3.18     5       1173104918.726308       9.994070
172.16.3.18     6       1173104928.717940       9.991632
172.16.3.18     Implementation guess: Cisco IOS 12.1, 12.2 or 12.3 / Watchguard Firebox / Gnat Box

It is possible for the user to configure the backoff pattern, so the actual pattern may differ from the default. For example, the following configuration stanza would result in a seven-packet pattern (the initial response plus six retries) with an interval of three seconds between each packet:

timer {
   counter 6;
   interval 3 seconds;
}

Vendor IDs

racoon version 0.6.6 returns the following Vendor ID:

  • Dead Peer Detection v1.0 (afcad71368a1f1c96b8696fc77570100)

This Vendor ID is only returned in Main Mode, not Aggressive Mode.

Authentication Methods

racoon 0.6.6 supports the following authentication methods:

  • Pre-Shared Key
  • RSA signature
  • Kerberos (GSS API)
  • Hybrid Server
  • Hybrid Client

The authentication method to use is defined by the authentication_method configuration command, which can take the values pre_shared_key, rsasig, gssapi_krb, hybrid_rsa_server, or hybrid_rsa_client. Examples of responses for each of these authentication methods are shown below.

Pre-Shared Key

$ ike-scan -M --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=390e5b9336e58148)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

RSA Signature

$ ike-scan -M --trans=5,2,3,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=8d7be9a6b80763ed)
        SA=(Enc=3DES Hash=SHA1 Auth=RSA_Sig Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Kerberos with GSS

We do not need to specify and GSSID (c.f. Microsoft Windows). The GSS Identity Name that is returned is the unicode-encoded string host/vmware-debian-etch.

$ ike-scan -M --trans=5,2,65001,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=2795df20f42ffbfb)
        SA=(LifeType=Seconds LifeDuration=28800 Enc=3DES Auth=XAUTH Hash=SHA1 Group=2:modp1024
            GSSIdentityName(46)=0x68006f00730074002f0076006d0077006100720065002d00640065006200690061006e002d006500740063006800)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Hybrid server

$ ike-scan -M --trans=5,2,64221,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=a7971663d1d35bdf)
        SA=(Enc=3DES Hash=SHA1 Auth=Hybrid Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Hybrid client

$ ike-scan -M --trans=5,2,64221,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=726e56649211a378)
        SA=(Enc=3DES Hash=SHA1 Auth=Hybrid Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

ISAKMP SA Lifetime

racoon supports both a lifetime in seconds and lifetime in kilobytes or neither or both. If the lifetime is present, any value between one and the maximum value that can be represented in four bytes is accepted.

Zero is not acceptable, and nor is a variable length attribute whose value length is more than four bytes (even if it encodes a value that could be represented in four bytes). racoon will not respond to a lifetime of zero or greater than four bytes in length.

The examples in the sections below illustrate this behaviour on racoon 0.6.6.

Lifetime in Seconds

$ ike-scan -M --lifetime=none --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=ffec79d483ddc835)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=0 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.435 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --lifetime=1 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=b3a3e81b6d5e4cb3)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00000001)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=0xffffffff --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=b35d2ca981a2f91a)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0xffffffff)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=0x0000000000000001 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.439 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Lifetime in Kilobytes

$ ike-scan -M --lifetime=none --lifesize=0 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --lifetime=none --lifesize=1 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=4925b5e518dac827)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Kilobytes LifeDuration(4)=0x00000001)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=none --lifesize=0xffffffff --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=a897380d89e04f3a)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Kilobytes LifeDuration(4)=0xffffffff)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --lifetime=none --lifesize=0x0000000000000001 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.442 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify
$ ike-scan -M --lifetime=0xffffffff --lifesize=0xffffffff --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=07e2086b40e1aace)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0xffffffff LifeType=Kilobytes LifeDuration(4)=0xffffffff)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Transform ordering and rewriting

racoon generally returns the transform attributes in the order that they are supplied by the initiator.

In the example below, we specify the four mandatory transform attributes in order Enc, Hash, Auth, Group and then in reverse order Group, Auth, Hash, Enc, and observe that in both cases the target returns the attributes in the same order as the initiator specified them.

$ ike-scan -M --trans="(1=5,2=2,3=1,4=2)" 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=41731fd05256f24d)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --trans="(4=2,3=1,2=2,1=5)" 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=a8af002a005a14f3)
        SA=(Group=2:modp1024 Auth=PSK Hash=SHA1 Enc=3DES)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Here is another example with a lifetime in seconds and a lifetime in kilobytes added. Again, the attributes are returned in the order that they were sent.

$ ike-scan -M --trans="(11=2,12=123,11=1,12=456,4=2,3=1,2=2,1=5)" 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=66e4cdf1f31b5c40)
        SA=(LifeType=Kilobytes LifeDuration=123 LifeType=Seconds LifeDuration=456 Group=2:modp1024 Auth=PSK Hash=SHA1 Enc=3DES)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Aggressive Mode

racoon supports IKE aggressive mode if aggressive is listed in the exchange_type configuration entry in racoon.conf. When using aggressive mode, racoon will only respond if it has an authentication method for the specified ID (or the host's IP address if no ID was specified).

Here is an example of an aggressive mode response from racoon 0.6.6 running on Debian Etch. We specify the ID foo@kame.net, which is present in the default psk.txt file.

$ ike-scan -M -A --id=foo@kame.net 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Aggressive Mode Handshake returned
        HDR=(CKY-R=9f80f7f0ca505409)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        KeyExchange(128 bytes)
        Nonce(16 bytes)
        ID(Type=ID_IPV4_ADDR, Value=172.16.3.18)
        Hash(20 bytes)

Response to non-compliant and malformed packets

No acceptable transforms

$ ike-scan -M --trans=5,2,1,1 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Bad IKE version

racoon accepts any IKE version in the ISAKMP header, and returns the version that was sent in its reply.

$ ike-scan -M --headerver=0x30 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=244f0dd7c75938cd, version=0x30)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
$ ike-scan -M --headerver=0x11 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=d760039ee8946f6b, version=0x11)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Invalid DOI

$ ike-scan -M --doi=2 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.438 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Situation

$ ike-scan -M --situation=2 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.436 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Initiator Cookie

$ ike-scan -M --cookie=0000000000000000 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.437 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Flags

$ ike-scan -M --hdrflags=255 --trans=5,2,1,2 172.16.3.18         Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.439 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid Protocol

$ ike-scan -M --protocol=2 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)

Ending ike-scan 1.9: 1 hosts scanned in 2.436 seconds (0.41 hosts/sec).  0 returned handshake; 0 returned notify

Invalid SPI

racoon returns the same size SPI with a value of zero in its response SA payload.

$ ike-scan -M --spisize=32 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=5a17d501686fbea6)
        SA=(SPI=0000000000000000000000000000000000000000000000000000000000000000
        Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Non-Zero Reserved Fields

racoon doesn't care about non-zero reserved fields.

$ ike-scan -M --mbz=255 --trans=5,2,1,2 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=977fac32dac1b43e)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

Nat Traversal

racoon 0.6.6 supports NAT Traversal, but it needs to be enabled with the following configuration entry in the remote section of racoon.conf:

nat_traversal on;

Here is an example of a response from racoon 0.6.6 with NAT Traversal enabled:

$ ike-scan -M --nat-t 172.16.3.18
Starting ike-scan 1.9 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/)
172.16.3.18     Main Mode Handshake returned
        HDR=(CKY-R=0a83fe2908ba67f8)
        SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080)
        VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)

IKEv2

racoon does not support IKEv2 as of version 0.6.6. However there is a racoon2 which does support IKEv2.

Remote Access VPN Client

Other Interesting Behaviour

Default Configuration

Discovered Vulnerabilities

Personal tools