- .

: VPN
SUnet

: , . 21110, :
: . ,,

. 15.07.2006 .

1. VPN.
1.1. (VPN)
1.2. VPN
1.3. VPN
1.4. , VPN
1.5. , VPN
1.6. VPN
1.7. VPN
2. IPSec.
2.1. , IPSec.
2.2. Encapsulating Security Payload (ESP)
2.3. Authentication Header (AH)
2.4. Internet Key Exchange (IKE)
3. Openswan VPN .
3.1. ipsec.conf.
Openswan
3.2. K ipsec.secrets.
4. SUNet
ADSL . .
4.1. Openswan
4.2. Openswan vpn.uni-sofia.bg
4.3. L2TP PPP vpn.uni-sofia.bg
4.4. Openswan
4.5. Windows XP Openswan
l2tp/ipsec

. (Virtual Private Network VPN)

.
VPN
, , ,
, ..,
,
,
.
,
VPN ,
, ,
.
, .
,
VPN - ,
. IPSec
. Openswan,
VPN
. VPN
SUNet, penswan ,
.

1. VPN: SSL IPSec.

1.1. (VPN).
VPN (Virtual Private Network - )
( , .
) , .
VPN
,
(Point-to Point).
, ,
.
virtual private networking.
,
() (header ), ,

().
, . ,
, .
, , .
, ,
. 1.1 .

1.1.

VPN ,
,
( ). VPN
4

 .
,
.
VPN
( ),
. VPN
(wide area network - WAN) .
,

,
.

,
.
: , ,

, , .

, .

- , ,
.
VPN

.
1.2. VPN.
.
VPN ,
.

 1.2.

,
VPN .
.

dial-up
.
.
VPN
.

,
Frame Relay, WAN
, .

VPN

:
VPN .
, VPN
VPN .
VPN (Demand-Dial VPN Networking).
dial-up VPN -
, ,
.
6

,
LAN .
,
, LAN .
1.3. VPN.
VPN ,
, (data integrity)
.
.
LAN ,
.
, VPN
:
.
VPN VPN
.
VPN.
. VPN
,
,
dns ,
.
. , ,
VPN .
.
. , VPN
, ,
,

 ,
.
1.4. , VPN.

, .
:
1. . ,
.
( ) ,
.
(plain) (cipher).
, cipher plain
.
:
3DES (Triple DES)
DES (Data Encryption Standard). Triple DES
DES
56- .
BlowFish, TwoFish, Goldfish. BlowFish 64- ,
, 32 448 .
. Goldfish Twofish Blowfish.
AES (Advanced Encryption Standard) - AES - ,
Rijndael, 2000 .
128 , 192 1024 .
2. .

, .
-
,
. -
,
, -
. - :
8

 RSA (Rivest Shamir Adleman) - ,

,
.
DSA (Digital Signature Algorithm)

.
Diffie-Hellman
.

,
. RSA , DSA VPN
, Diffie-Hellman
. - DSA Diffie-Hellman
.

.
:
: 112-
.
: 1024-
2048- .
1.5. , VPN.
1.5.1. .
(,
) ,
(message digests).
,
.

.
9

 ,
- ,
.
:
MD5 (Message Digest) MD2 MD4,
128- .
SHA1 (Secure Hash Algorithm) ,
512 160-
.
MAC (Message Authentication Codes) ,
,

.
HMAC (Hash Message Authentication Codes) ,
.
, -
MD5 SHA.
1.5.2. ,
VPN .
(Pre shared secret).
.
.
,
. ,
(certification authority -CA),
. ,
, , ,
CA. CA ,
. ,
,

10

 .
.
1.6. VPN.
.
,
, ,
.

.
,
, , ,
PFS (Perfect Forward Secrecy). PFS ,

.
Denial of service ( ). DoS ,
, .
:
. - .
,
.
.
PPTP Denial-of-Service (DoS) Windows NT,
OpenBSD , AH/ESP
( IPSec), DoS,
Windows 2000 IKE IPSec.
.
VPN ,
Windows, VPN
. VPN
.

11

Man in the middle .

spoof- (
,
). Diffie-Hellman .

( HMAC ).
Replay .
, .
1.7. VPN.
VPN
2 3 Open
System Interconnection (OSI) 1.3. ,
2, L2TP PPTP. VPN, 3, IP
. 3 IPSec, L2TP
3.

7
6
5
4
3
2
1

OSI

TCP/IP

TCP,UDP
IP , ICMP

1.3.

1.7.1. PPTP VPN .

Point-to-Point Tunneling Protocol (PPTP) , Cisco Windows,
. Point-to-Point Protocol
(PPP), o . PPP
12

 Generic Routing Encapsulation (GRE) ,

RFC 1701 1702. IP ,
. PPP
IP, IPX NetBEUI .

IP
Header

GRE
Header

PPP
Header

PPP Payload
1.4.

PPTP :
MSCHAP-v2 EAP-TLS,
. Microsoft MSCHAP-v2 PPP
e MSCHAP-v1 Challenge
Handshake Authentication Protocol (CHAP). MSCHAP
.
PPTP Microsoft Point-to-Point Encryption
(MPPE). MPPE PPP RSA RC4 ,
40, 56 128-.
PPTP.
PPTP ,
Microsoft Windows Windows 95.
, MacOS PDA
. VPN

EAP-TLS, .
NAT (Network Address Translation).
VPN , , ,
,
,
, replay .

13

1.7.2. L2TP VPN .

Layer 2 Tunneling Protocol (L2TP) (datalink)
OSI
( ). -
PPP L2TP , PPTP.
. L2TP IP
UDP L2TP- . L2TP UDP,
L2TP- PPP .
/ ,
Microsoft L2TP .

IP
Header

UDP
Header

L2TP
Header

PPP
Header

PPP Payload

1.4.

L2TP
- IPSec, ,
. L2TP/IPSec
RFC3193.
L2TP PPTP, : L2TP
;
, ;
, IP,
ATM Frame Relay .
L2TP/IPSec ,
. Windows Server
2003, Windows XP, Windows 2000 L2TP , Microsoft
L2TP/IPsec VPN Client.
1.7.3. IPSec VPN.
IPSec (Internet Protocol security)
IP, , Internet Protocol
.

14

IPSec , IP,
:
;
;
.
, IPSec:
(Authentication Header) - IP .
ESP

(Encapsulating

Security

Payload)

IP .
IKE (Internet Key Exchange) - ,
.
IPSec e , (
), (
),
.
IPSec ,
,
VPN
2.
1.7.4. VPN , - .
, 3 OSI .
, SSL, SSH TLS, 4-7
OSI.
OpenVPN,
.
OpenVPN VPN, Secure Socket
Layer/Transport Socket Layer (SSL/ TSL) , . : ,
(site-to-site),
, ,
(failover)
15

. , (firewall),
VPN-.
Universal/ Tap Device Driver.
Tun ,
, Tap Ethernet .
OpenVPN.
SSL
.
.
OpenVPN RSA/DHE.
OpenVPN OSI 2 3
,
.
, ,
VPN.
OpenVPN :
1. - (pre-shared
key), .
.
2. , -, X.509
.
3. OpenVPN
(Pluggable Authentification
Module, PAM).
, .
OpenVPN :
(SSL/ TLS), RSA
X509 PKI;
;
;
IP NAT;
;
16

 - Linux, Solaris, OpenBSD,

FreeBSD, NetBSD, Mac OS X, and Windows 2000/XP;
;
- GNU License .

IPSec, IKE, PPTP L2TP.

2. IPSec.
2.1. , IPSec.
IPSec
IPv4 IPv6 . ,
(integrity)
, ,
(replays), ( )
.
IP.
, IPSec
(firewall).
-
, IPSec .
IPSec (security
gateway - SG) IPSec .
. , a IPSec,
, (Security
Policy Database - SPD) /
. IP (PROTECT) IPSec
, (DISCARD) IPSec (BYPASS).
IPsec
(Security Association - SA). ,
IPSec VPN - AH ( ,
, IP ) ESP ( IP ),
SA. Internet Key Exchange (IKE).
17

 ,
, , ,
.
SA ,
, , AH ESP (: DES , 3DES, AES
MD5 SHA-1 ).
, , AH ESP, ,
SA. oo IPSec ,
SA ( ). IKE
SA. IPSec VPN SA:
ISAKMP (Internet Security Association Key Management Protocol),
IKE. IKE SA
, -
.
IPSec SAs. IPSec SA
.
IPSec SAs .
IPSec SA :
1. Security parameter index (SPI) 32- ,
SA.
2. IP .
3. , SA AH
ESP.
SA Security Association Database (SAD).
.
IPSec RFC 4301.
. , IPSec ,
.
IPSec
. Authentication Header (RFC 4302) IP
, Encapsulating Security Payload (RFC 4303) - ,
IP , .. - .
18

 .
/ .
, AH ESP,
.
- . IPSec IP .
IP , IPsec
.
.
VPN .
,
.
. IPSec
, . IP
,
.
TCP/IP ,
.
, IPSec IP
. IPSec
.

: .
, ,
.
,
.
,
VPN.
. VPN VPN ,
,
.

19

 ,
. VPN

. , VPN
, .
SA SA
.
.
- VPN IPSec
.

. VPN
.
, ,
.
, ,
,
.
,
IP . ,
IP .
:

.
IP ,
, .
IP , ,
VPN.
IPSec
.
.
VPN .
20

2.2. Encapsulating Security Payload (ESP).

RFC 4303. ESP
- , , ,
(anti-replay) .
.
IP , .
IP ,
.
Security Association (SA) .

IP

IP
Header

TCP
Header

Data

Transport Mode

IP
Header

ESP
Header

TCP
Header

Data

ESP
Trailer

ESP
Authent

Tunnel
Mode

ESP
Header

IP Header

TCP
Header

Data

ESP
Trailer

ESP
Authent

NEW IP
Header

2.1. ESP .

ESP
. ESP
SA. ESP
,
(: DES, 3DES, AES).
,
.
, , .
,
ESP, .
. ESP
, AH
.

21

 ESP .
ESP IP
VPN. IP 50,
ESP 50
(IANA).
2.2. ESP
SA.

Security Parameters Index (SPI)

Sequence Number Field
Payload Data (Variable)
Optional Padding (0-255)
Pad Len.
Next Header
Authentication Data (Variable)

2.2. ESP

SPI 32- . 1 255

, ISAKMP SA.
Sequence Number Field ( )
(replay) .
,
SA.
, SA SA.
Payload data ,
, - .
.
(initialization vector-IV),
.
Padding ,
, .

, . Padding ,
pad 4- .
22

 Pad Length ,
padding, .
Padding , . Pad Length
, pad.
Next Header 8- , ,
Payload data. ,
.
Authentication Data , Integrity
Check Value (ICV), ESP Authentication Data.
. Authentication Data
, SA
.
ESP
. :
.
.
,
ESP. ,
.
1. Payload.
,
IP .
2. padding. Pad Length Next
Header.
3. , , pad, pad length next
header. (IV),
.
4. ESP . .
, .
5. ,
ESP (SPI Sequence number) Payload,

23

 , padding Next Header.

.
.
,
ESP .
:
1. SPI ESP IP
SA SA. ,
.
2. ,
.
3. SA, ,
ESP.
4. - IP
SA.
5. SPD ,
SA.
6.
IP .
ESP replay .
IPSec ,
- .

. , ,
, .
RFC (RFC2406)
,
. ESP
,
. authentication
payload.
24


,
. ESP ,
RFC. ESP
, .
2.3. Authentication Header (AH).
, () - Authentication
Header (AH), RFC 4302. ,

. .
.
, .
ESP, .
IP
, IPSec .
, IP
. IP
, .

IP

Transport Mode

Tunnel
Mode

NEW IP
Header

IP
Header
AH
Header

IP
Header
AH
Header

TCP
Header

Data

AH Authentification
Data

AH Authentification
Data

IP Header

TCP
Data
Header
TCP
Header

Data

2.3.

25

 2.4. ,
:

Next Header

Payload Len
Reserved
Security Parameter Index (SPI)
Sequence Number Field
Authentication Data

2.4. AH Header.

IP 8- 51,
51 IANA.
ESP Next Header ,
. 8- ,
Authentification Header.
Payload Length 8- ,
32- 2.
Reserved 16- ,
. .
SPI 32- ,
ESP.
Authentication Data ,
.
. -
32 , padding.
, .
ESP :
.
:
1. SA
.
2. ,
IP SPI.
3. .
26

4. ,

.
,
, , ESP.
:

IP , .

, .
, .
,
.
.
.
IP :
-

version
IP header length
total length
identification
protocol (51 )
source address
destination address.

:
-

type of service
all flags
fragment offset
time to live (TTL)
header checksum.

27

 .
ESP, ,
IPSec .
, :
1. SPI IP
SA SA. ,
.
2. ,
.
3. SA, ,
.
4. IP
.
2.4. Internet Key Exchange (IKE).
IKE Oakley SKEME
, Internet Security Association and Key Management Protocol
(ISAKMP). ISAKMP ,
. Oakley SKEME ,
,
. IKE
(rekeying), .
IKE SA, IKE SA
IPSec SA. IKE SA ,
,
IKE, .. IKE SA
, IPSec SA .
Oakley , ISAKMP .
IKE , ,
.
1 ISAKMP ,
. . . ISAKMP Security Association. ,

28

 1, Main Mode Aggressive Mode

.
2 Quick Mode New Group Mode.
Quick Mode SA
. New Group Mode 2, , ,
1.
2 SA IPsec ,
/ . Quick Mode
2 .
New Group Mode 1 ,
.
ISAKMP SA . ,
Quick Mode, Informational New Group Mode . ISAKMP SA
,
.
1
SA. Main Mode , Aggressive Mode - .
2.4.1. ISAKMP .
1 2 ISAKMP ,
payload ( ). ISAKMP
ISAKMP ,
.
13 payload-,
ISAKMP .
, SA.
. 2.5. ISAKMP 28-
.
8-
, , SA.
.
(denial-of-service),

29

 ,
, .

Initiator Cookie
Responder Cookie
Next Pay

MJ Ver.

MN Ver.

Flags

Message ID
Length
2.5. ISAKMP .

Next Payload ISAKMP Generic

Payload. 8- ,
255 , 13 ISAKMP/ IKE.
Major Minor ISAKMP, .
xchange type .
, ISAKMP:
NONE
0
Base
1
Identity Protection
2
Authentication Only
3
Aggressive
4
Informational
5
ISAKMP Future Use 631
DOI Specific Use 32239
Private Use
240255
Flag .
Message ID ,
2.
Length payloads ISAKMP
.
2.4.2. Payload-, IKE.
Generic Payload . payload-
. IKE
. payload generic .
30

Next payload

Reserved

Payload Length

2.6. Generic Payload.

Next Payload Length ISAKMP .

ISAKMP .
Security Association Payload
, SA.

Next Pay

Reserved

Payload Length
DOI
Situation

2.7. Security Association Payload.

Proposal Payload , SA.

, ,
. Proposal payload transform payload, SA.

Next Pay

Reserved

Proposal#

Protocol ID

Payload Length
SPI Size

# of Trsfms

SPI

2.8. Proposal Payload.

Proposal payload:
Proposal number (Proposal #)
.
.
Protocol ID ,
, ESP H.
SPI size , IPSec.

31

Transform Payload . Transform # ,

transform payload. , ESP
DES MD5 , transform
payload-. Transform ID , . SA
Attributes payload - Information Attributes.

Next Pay

Reserved

Payload Length

Transforml#

Transform ID

Reserved

SA Attributes

2.9. Transform payload.

Identification Payload.
Payload
.

Next Pay

Reserved

Payload Length

ID Type

Protocol ID

Port

Identification Data

2.10.

ID_Type , IP
v4 , FQDN, IP v4 , IPv6 , IPv6 .
Certificate Payload.
Payload ,
.

Next Pay
Cert encode

Reserved

Payload Length
Cerificate
Data

2.11. Certificate Payload.

certificate encoding
, :

32

PKCS #7 wrapped X.509 certificate

1
PGP Certificate
2
DNS Signed Key
3
X.509 Certificate - Signature
4
X.509 Certificate - Key Exchange
5
Kerberos Tokens
6
Certificate Revocation List (CRL)
7
Authority Revocation List (ARL)
8
SPKI Certificate
9
X.509 Certificate - Attribute
10
RESERVED
11255
certificate encoding ,
.
Certificate Request Payload
.
, .
VPN
, .
Notification Payload
. ,
payload- (), .
,
, SA .
Delete Payload SA
, e SA
SPD SAD (SA Database).
1 2 ISAKMP payload-
. payload-, Transform payload,
attribute payload,
payload.

AF Attribute Type

Attr.Length/Attr.Value

AF=0 Attribute Value AF=1 Not used

2.12. .

33

ttribute payload : AF, Attribute Type

, Attribute Length , Attribute Value
.
AF 0,
. AF 1,
,
payload- 4 .
1.
IKE a 1
IKE, 2,
IPSec SA. IKE IKE
.
IKE RFC, IPSec DOI ISAKMP RFC. IKE
:
Encryption Algorithm
Hash Algorithm
Authentication Method
Group Description
Group Type
Group Prime/Irreducible Polynomial
Group Generator One
Group Generator Two
Group Curve A
Group Curve B
Life Type
Life Duration
PRF
Key Length
Field Size
Group Order

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

1, , IKE
.
1 2 IKE, .
:
DES-CBC
IDEA-CBC
Blowfish-CBC
RC5-R16-B64-CBC

1
2
3
4
34

3DES-CBC
CAST-CBC
AES-CBC
Camelia-CBC

5
6
7
8

2, , ,
IKE .
:
MD5
SHA
Tiger
SHA2-256
SHA2-384
SHA2-512

1
2
3
4
5
6

3, ,
, IKE. ,
:
Pre-shared key
DSS signatures
RSA signatures
Encryption with RSA
Revised encryption with RSA

1
2
3
4
5

4 10 DiffieHellman.
11, life , , 12,
11.
13, - , . IPSec ISAKMP
- HMAC
.
Key length
, .
, .
Diffie-Hellman.
2.
2 IKE, Quick Mode ,
IPSec SA
IKE. 2 SA payload-,
35

 proposals and transform payload- IPSec SA.

, 1 IKE, IKE SA.
Proposal ()
transform payloads. proposal payload- IPSec
, transform payload- transform . IPSec
VPN ESP DES MD5
ID , IPSEC-ESP, transform ID ESP-DES
payload, SA, HMAC MD5
.
2 IPSec SA
:
SA Life Type
SA Life Duration
Group Description
Encapsulation Mode
Authentication Algorithm
Key Length
Key Rounds
Compress Dictionary Size
Compress Private Algorithm

1
2
3
4
5
6
7
8
9

Life Type
1. SA.
Group description 2
Diffie-Hellman .
Encapsulation mode
.
Tunnel
Transport

1
2

Authentification Algorithm :
HMAC-MD5
HMAC-SHA
DES-MAC
KPDK

1
2
3
4

6, 7 8,
IPSec 0.

36

Compress private algorithm ,

.
2.4.3. 1.
SA, ISAKMP,
1. 1 SA ISAKMP , IPSec SA. 1
,
. 1
Diffie-Hellman,

1 2. 1
.
1 Main Mode, Aggressive Mode Base Mode. Main Mode Aggressive Mode. ,
IKE ISAKMP RFC, Base Mode
.
SA. Main Mode , Aggressive Mode ,
Base Mode .
2.4.3.1. Main Mode.
SA Main Mode .
SA, Diffie-Hellman
nonce ( )
.

2.13. 2.14.

37

ISAKMP Header &

SA Proposal and Sets

ISAKMP Header,
KE & Nonce

ISAKMP Header,
ID_i & HASH

ISAKMP
Header, KE &
Nonce



ISAKMP Header &

Accepted SA Proposal
and Set



4
5



2
3

ISAKMP Header,
ID_r & HASH

2.13. Main mode .

ISAKMP Header &

SA Proposal and
Transformsets

ISAKMP Header, KE,

Nonce, & optional
Certificate Request

ISAKMP Header,
ID_i, Signature, &
optional Certificate

ISAKMP Header &

Accepted SA Proposal and
Transformset (only one)





2
3

ISAKMP
Header, KE &
NonceISAKMP Header, KE,
Nonce, & optional
Certificate Request



ISAKMP Header,
ID_i, Signature, &
optional Certificate

2.14. Main mode .

, IP
.
.
,
ISAKMP SA . SA
proposal transform payload-,
. .
. ISAKMP SA
, proposal transform payload ,
. .
38

 ,
- ,
,
IKE.
Diffie-Hellman,
.
.

Diffie-Hellman nonce. Nonce
, ,
- .
Diffie-Hellman
. :
1. SKEYID, , .
PFS (perfect forward secrecy- ) ,
, 1 2.
2. SKEYID_d SA
2 (.. IPSec).
3. SKEYID_a , .
4. SKEYID_e , IKE .
,

, , SKEYID. ,
SKEYID, .
- (prf)
, . Prf
, ,
, .
:
Digest = prf (key/seed, data1 | data2 | data3)

, SKEYID :
SKEYID = prf (pre-shared key, Nonce_i | Nonce_r)
39


:
/ ()
1
2 ()
3

(ESP-DES ESP MD5-HMAC).

, :
SKEYID = prf (Nonce_i | Nonce_r, DH_key), Nonce_i Nonce_r
, DH_key , Diffie-Hellman
Diffie-Hellman.
,
, .
SKEYID_d = prf (SKEYID, DH_key | Cookie_i | Cookie_r | 0)
SKEYID_a = prf (SKEYID, SKEYID_d | DH_key | Cookie_i | Cookie_r | 1)
SKEYID_e = prf (SKEYID, SKEYID_a | DH_key | Cookie_i | Cookie_r | 2)
, SKEYID,
,
.

, . ,
, ,
IP . Identification
Payload , IP
, fully qualified domain name (FQDN). ID payload-
, , IP
.
Main Mode 1 ,
, IP .
Main Mode
. , IP ,
, IP
, . , IP
40

 .
, .
Aggressive Mode, ID payload-
.
.
ISAKMP , ID payload HASH payload
. SKEYID_e.
HASH ,
, - ID payload.
:
HASH = prf (SKEYID, Ya | Yb | Cookie_i | Cookie_r | SA offer | ID_i)
HASH
a .
2.4.3.2. Aggressive Mode.
Aggressive Mode , Main Mode ,
- Main Mode.
Aggressive Mode - ,
. ,
payload- ,
. ,
Diffie-Hellman , SA payload.
Aggressive Mode ,
Main Mode ID payload-. Aggressive Mode
ID payload- .
Aggressive Mode ,
. , - ,
- - .
Aggressive Mode
IKE SA , ID payload.
, ID payload .
41

 ,
, IP (..
). , IP ,
,
. Aggressive Mod
, Main Mode.
ID payload- .
ID payload-
ID_USER_FQDN, ,
ID_KEY_ID. ID_KEY_ID, IP Security Domain of
Interpretation (RFC 2407), ,
,
.

, VPN.
,
, .

ISAKMP Header,
SA Proposal &
Transformsets,
KE, Nonce, and ID
payload

2
3

ISAKMP Header
and HASH_i

ISAKMP Header,
SA Proposal & Transformsets, KE,
Nonce, ID payload, and HASH_r
and Set

2.15. Aggressive Mode - .

ISAKMP Header,
SA Proposal &
Transformsets,
KE, Nonce, and ID
payload

ISAKMP Header,
optional Certificate,
and Signature

ISAKMP Header,
SA Proposal &
Transformsets,KE,
Nonce, ID payload,Signature, and
Optional Certificate

2.16. Aggressive Mode - .

42

 Aggressive Mode Main Mode,

, IP

.
2.4.4. 2.
SA, 1, ISAKMP
2, IPSec SA.
1 ,
- , ,
IKE SA. SA IPSec 2
. SA
ESP AH.
, , VPN
, . IKE ISAKMP
SA, -
. 2 IKE ISAKMP,
IPSec VPN.
2.4.4.1. Quick Mode.
Quick Mode 2 1,
IKE SA. SKEYID_a,
SKEYID,
Quick Mode, SKEYID_e ,
. , 2
.
Quick Mode
1 . ISAKMP
SA payload transformset. 1, Quick
Mode.
2. Quick Mode ,

43

 1,
IPSec.
Quick Mode SA
IPSec. IPSec
3DES SHA ,
DES .
, SA.
Quick Mode SA IPSec .
SA,
SA. ,
SA , nonces,
.
, Quick Mode
, ID ISAKMP
Quick Mode. ID
ISAKMP Quick
Mode,
. , ID Quick Mode IP
1. , Quick Mode
, . IKE
ID payload-,
ID payload-, . ID payload-
, FQDM
1. ID- ,
SPD SAD IPSec.
,
.
ID payload
, SA payload- . SA
,
. a SPD
S ,
44

 . SPD
, , ID payload-
SAD.
SAD SPD , ID
SA
, , ID payload-.
ID payload- ,
PFS.
, Diffie-Hellman
.
. Quick Mode
.2.17. ,
SKEYID_e SKEYID_a.

ISAKMP Header,
HASH(1), SA Proposal
and Transformsets,
Nonce_i, Optional KE,
CID_i, and CID_r

ISAKMP Header &

HASH(3)

ISAKMP Header,
HASH(2), SA Proposal
and Transformsets,
Nonce_r, Optional KE,
CID_i, and CID_r

2.17.

, HASH payload-.
,
(HASH) .
(HASH)
PFS KE. ,
SA, SA payload. SA
payload IPSec SA, ,
SA payload- Quick Mode.

45

 HASH payload- (
( )). HASH(1)prf ( SKEYID_a, M-ID | SA offer | Nonce_I | (KE) | (CID_I) |
(CID_r)).
HASH(1) , .
HASH(1) .
HASH(2)prf ( SKEYID_a, M-ID | Nonce_I | SA offer | Nonce_r | (KE) | (CID_I) |
(CID_r)).
HASH(1), HASH(2) ,
nonce .
HASH(3)prf ( SKEYID_a, 0 | M-ID | Nonce_I | Nonce_r).
HASH nonces ID . ,
IPSec
. ,
, Quick Mode,
(replay atack),
(denial-of-service attack).
M-ID ID ISAKMP ,
Quick ode SA. 1, KE
Diffie-Hellman,
IPSec. CID_I CID_r ID payload-
. SKEYID_a HASH
.
IPSec.
SKEYID_d 1,
2, IKE. IPSec SA
. Quick Mode SA,
SA . SPI,
, SA.
, IPSec,
Quick Mode.
PFS, KE,
Diffie-Hellman
46

 , IPSec,
:
KEY = prf (SKEYID_d, protocol | SPI | Nonce_i | Nonce_r)
PFS.
KEY = prf (SKEYID_d, DH_key(QM) | protocol | SPI | Nonce_i | Nonce_r)
PFS.
PFS ,
Diffie-Hellman Quick Mode.
ISKAMP
transformsets.
. SPI protocol,
SA, .
SPI SA. SA
,
SA.
Quick Mode .
1.
Quick Mode.

,
IKE IPSec . IPSec
Quick Mode, IKE SA
. IKE SA
Quick Mode SA.
2.4.4.2. New Group Mode.
New Group Mode e , IKE,
Diffie-Hellman , 1.
, , SA payload.
DiffieHellman, .

47

ISAKMP Header,
HASH(NG1),
and SA Proposal



ISAKMP Header, HASH(NG2),

and SA Proposal

2.18.

2.18. , New Group.

ISAKMP , SA payload, c DiffieHellman . HASH(NG1) HASH(NG2) SKEYID_a,
1 - IKE

HASH(NG1) = prf ( SKEYID_a, Message ID | Entire SA proposal, header and

payload)
HASH(NG2) = prf ( SKEYID_a, Message ID | SA reply)
IPSec.
IPSec IP .
, , -
:
IPse , .
, IPse ,
. IPse
.
IPse (end-to-end).
, - . IPse
IP ,
. IPse
, ,
, .

48

 . - ,
LAN .
IPse .
, - .
,
, .
IPse
- .
man-in-the-middle.
IPse , . IPse
,
ID ,
. IPse
, ,
.
,
, IPse.
IPse (traffic analysis).

. IPse ,

gateway .

49

3. Openswan VPN .
VPN
,
. - SUNet C 62.44.96.0/19.

3.1. - SUNet

,
, ,
NAT ,
() - celk.uni-sofia.bg 62.44.96.183
192.168.0.0/24.
:
VPN
Windows 2000/XP.
VPN ,
. :
IP
- NAT (Network Address Translation - ,
RFC 1631). ,
ADSL .
ADSL ADSL ,
ADSL ISDN
, 10BaseT RJ45 Ethernet.
50

 NAT
(WAN) (LAN) .
:
IP IANA/ RIPE,

/ . ADSL
IP DHCP
(LAN) . IP ,
RFC 1918
- .
192.168.1.x. 253
. 3. NAT ADSL
IPSec VPN ,
NAT-T, a RFC-3942 RFC-3948 2005 .
NAT
IPSec, ESP AH UDP 4500
IPSec NAT .

3.2 ADSL

VPN vpn.uni-sofia.bg.
, .

SUNet VPN --.
- ADSL,

51

 IPSec VPN 3.. VPN

--.

3.3 Openswan ADSL

.

VPN -
, 23
Aleph 62.44.11.2, SUNet.
, 23
Border . VPN ,
,
. - ADSL
,
.
VPN IPSec
. IPSec Windows 2000, Windows XP Windows 2003
Server, Openswan Strongwan -
IPSec Frees/WAN.
VPN
vpn.uni-sofia.bg, Fedora Core 5
,
-SUNet 192.168.24.0/24 .
IPSec .
Openswan. Openswan
IPSec .
,
IPSec. , IP
52

, NAT ,
ADSL. X.509
2.6.,
Frees/WAN Strongwan, 2.4.
, GNU General Public License.
Openswan IPSec :
KLIPS (kernel IPSec) - AH, ESP ,
.
Pluto (IKE daemon) - IKE,
.
.
3.1. ipsec.conf.
Openswan.
, Openswan VPN,
/etc/ipsec.secrets, , /etc/ipsec.conf,
.
ipsec.conf -
config setup, , conn.
CONN.
CONN ,
, IPSec.
.
172.16.0.0/24
10.0.0.0,
Openswan. ,

.
penswan. IP gateway-a.
/etc/ipsec.conf.
conn left-to-right
left=192.0.2.2
leftsubnet=172.16.0.0/24

IP

53

gateway
IP

gateway

leftnexthop=1.1.1.1
right=2.2.2.2
rightsubnet=10.0.0.0/24
rightnexthop=2.2.2.1
auto=add #

Openswan 2 - manual auto (

).

automatic

keying

: IP
gateway-to-gateway .

, ,
,
.
IPSec
.
.
.
, ,
, left right .
, ;
, ,
,
.
CONN.
-
.
,
.
type - . tunnel,
. ,
. transport
.
54

left - IP
. %defaultroute
interfaces=%defaultroute config , left

, , leftnexthop. left,
right %defaultroute, .
%any IP
.
leftsubnet -
network/netmask.
leftnexthop - gateway IP
.
leftupdown -
.
Leftfirewall -
( ,
( ).
yes ( ) no.
CONN .

.
.
keyexchange - .
ike.
auto -
IPSec. add ( ipsec
auto --add), route (ipsec auto --route), start (ipsec auto --up) ignore (
) ( ).
, plutoload plutostart
. ,
( , ,

55

 auto=start, ,
).
auth - ESP
AH. esp ah.
authby - gateway .
secret rsasid rsa
.
leftid

. left, IP
FQDN, @.
leftrsasigkey - RSA RFC
2537.
leftrsasigkey2 - , .
pfs - Perfect Forward Secrecy
( pfs
, -). yes no.
keylife - (
)
. , , m, h d,
, .
rekey -
.
rekeymargin -
. keylife.
rekeyfuzz - , rekeymargin
.
, . ,
100%, .
keyingtries - ,
. 3,
0 .

56

ikelifetime -
. 1 ,
8 .
compress - .
.
yes no, no e .
disablearrivalcheck - KLIPS , ,
. yes no.
CONN .

.
.
- AH ESP, .
spi - spi . 0xhex,
hex , KLIPS 0x100, 0x100 0xfff.
Spibase - spi spi .
0xhex0, hex , KLIPS
- 0x100,
0x100 0xff0.
esp - ESP .
, ipsec_spi(8), 3des-md5-96.
ESP.
espenckey - ESP .
leftespenckey rightespenckey.
espauthkey - ESP .
leftespauthkey rightespauthkey.
espreplay_window - ESP replay-window
0 64. , ESP .
leftespspi - SPI, ESP ,
, spi spi base.

57

ah - AH , ,
hmac-md5-96.
ahkey - AH , .
leftahkey rightahkey.
ahreplay_window - AH replay-window 0 (
, ) 64.
leftahspi - SPI, AH-
, spi spi base.
CONFIG.
config setup, ,
penswan.
config setup
interfaces="ipsec0=eth1 ipsec1=ppp0"
klipsdebug=none
plutodebug=all
manualstart=
plutoload="snta sntb sntc sntd"
plutostart=
- , ,
:
interfaces - , ,
IPSec.
forwardcontrol - ip forwarding (
) IPSec.
syslog - log
IPSec.
klipsdebug - KLIPS .
none , all .
plutodebug - Pluto .
none , all .
manualstart -
IPSec. , ,
, .
pluto - Pluto . yes no.
58

plutoload - ( )
Pluto. , , ,
. %search,
auto=add, auto=route auto=start.
plutostart - IPSec.
, , ,
. %search,
auto=add, auto=route auto=start.
plutowait - Pluto
Plutostart .
plutobackgroundload - , .
.
prepluto - shell, Pluto.
postpluto - shell, Pluto.
packetdefault - ,
KLIPS, eroute.
pass, , drop (
), , reject - drop,
icmp .
hidetos - TOS
0 . yes (
) no.
uniqueids - ID
, , ID IP .
yes no, .
overridemtu - MTU
IPSec .
3.2. ipsec.secrets.
.
IP ,
:

59

# sample /etc/ipsec.secrets file for 10.1.0.1

10.1.0.1 10.2.0.1: PSK "secret shared by two hosts"

RSA . ipsec.secrets
RSA.
# an RSA private key.
@my.com: rsa {
Modulus: 0syXpo/6waam+ZhSs8Lt6jnBzu3C4grtt...
PublicExponent: 0sAw==
PrivateExponent: 0shlGbVR1m8Z+7rhzSyenCaBN...
Prime1: 0s8njV7WTxzVzRz7AP+0OraDxmEAt1BL5l...
Prime2: 0s1LgR7/oUMo9BvfU8yRFNos1s211KX5K0...
Exponent1: 0soaXj85ihM5M2inVf/NfHmtLutVz4r...
Exponent2: 0sjdAL9VFizF+BKU4ohguJFzOd55OG6...
Coefficient: 0sK1LWwgnNrNFGZsS/2GuMBg9nYVZ...
}

:
, .
%prompt .
Pluto.
# X.509 certificate
: RSA host.example.com.key "password"

4. SUNet
ADSL .
.
4.1. Openswan .
OpensWAN X.509:
Openswan - , penswan
(http://www.openswan.org/), -
NAT-T, RPM
. RPM fedora, mandrake, suse
.
Fedora
http://www.openswan.org/download/binaries/fedora/3/i386/openswan-2.4.2-1.i386.rpm,
rpm -ivh openswan-2.4.2-1.i386.rpm.

60

4.2. Openswan vpn.uni-sofia.bg.

VPN: ,
, windows .
VPN vpn.uni-sofia.bg Fedora 3.
3, VPN
/etc/ipsec.conf.
home-to-su-icmp Openswan - penswan
VPN (. 4.1.).

4.1.

VPN 192.168.24.0/24 ,
vpn.uni-sofia.bg 192.168.2.0/24 85.187.139.5,
.
home-to-su-icmp-nat Openswan penswan NAT VPN .
4.2.

61

 4.2.

VPN 192.168.24.0/24,
vpn.uni-sofia.bg, 192.168.2.0/24 ADSL
192.168.1.1.
win-to-su-icmp e Openswan
Windows 2000/XP - VPN .
4.3.
Windows ,
,
Windows VPN .

4.3.

62

 ipsec.conf conn e :
conn home-to-su-icmp
authby=rsasig
pfs=no
auto=add
rekey=no
left=62.44.96.35
leftnexthop=62.44.96.3
leftsubnet=192.168.24.0/24
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/clientCert.pem
leftprotoport=icmp
#
# The remote user.
#
right=85.187.139.5
rightnexthop=85.187.139.5
rightcert=/etc/ipsec.d/certs/hostCert.pem
rightrsasigkey=%cert
rightprotoport=icmp
rightsubnet=192.168.2.0/24
conn home-to-su-icmp-nat
authby=rsasig
pfs=no
auto=add
rekey=no
left=62.44.96.35
leftnexthop=62.44.96.3
leftsubnet=192.168.24.0/24
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/clientCert.pem
leftprotoport=icmp
#
# The remote user.
#
right=%any
rightcert=/etc/ipsec.d/certs/hostCert.pem
rightrsasigkey=%cert
rightprotoport=icmp
rightsubnet=192.168.2.0/24
conn win-to-su-icmp
authby=rsasig
rekey=no
left=62.44.96.35
leftnexthop=62.44.96.3
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/clientCert.pem
# For updated Windows 2000/XP clients,
# to support old clients as well, use leftprotoport=17/%any
leftprotoport=17/0
#
# The remote user.
right=%any
rightca=%same
rightrsasigkey=%cert
rightprotoport=17/1701
rightsubnet=vhost:%priv,%no
pfs=no
auto=add

63

 CA
OpenSSL.
winhostCert.pem

hostCert.pem clientCert.pem

/etc/ipsec.d/certs/,

hostKey.pem, clientKey.pem winhostKey.pem /etc/ipsec.d/private/,

/etc/ipsec.d/cacerts/ o , CA - caCert.pem.

hostCert.pem

clientCert.pem

VPN .

VPN

, winhostCert.pem -
Windows. winhostCert.pem Windows,
OpenSSL winhostCert.p12 , CA,
.
ipsec.conf ipsec.secrets
Openswan service ipsec restart.
ipsec verify ipsec
.
:
>ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path
[OK]
Linux Openswan U2.4.4/K2.6.12-1.1381_FC3 (netkey)
Checking for IPsec support in kernel
[OK]
Checking for RSA private key (/etc/ipsec.secrets)
[FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running
[OK]
Two or more interfaces found, checking IP forwarding
[OK]
Checking NAT and MASQUERADEing
[OK]
Checking for 'ip' command
[OK]
Checking for 'iptables' command
[OK]
Checking for 'setkey' command for NETKEY IPsec stack support
[OK]
Opportunistic Encryption Support
[DISABLED]

IPSec,a
UDP 500 (IKE), 50 (ESP), 51(AH) UDP 4500
NAT-T.
4.3. L2TP PPP vpn.uni-sofia.bg.
1) Windows l2tp

64

http://www.openswan.org/download/binaries/fedora/3/i386/l2tpd-0.69-13.i386.rpm

rpm ivh l2tpd-0.69-13.i386.rpm.

2) l2tpd. Fedora
'/etc/l2tpd/l2tpd.conf'. - :
[global]
auth file = /etc/l2tpd/l2tp-secrets
[lns default]
ip range = 172.22.127.2-172.22.127.250
local ip = 172.22.127.1
require chap = yes
refuse pap = yes
require authentication = yes
name = MyVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd.lns
length bit = yes

IP . Local IP VPN .
3) . -
/etc/ppp/options.l2tpd.lns.
ipcp-accept-local
ipcp-accept-remote
ms-dns 172.22.127.1
ms-wins 172.22.127.1
auth
crtscts
idle 1800
mtu 1200
mru 1200
nodefaultroute
debug
lock
proxyarp
connect-delay 5000
nologfd

ms-dns ms-wins DNS WINS

. mtu 1200, ,
1500,
SMB .
4) - /etc/ppp/chap-secrets.
# Secrets for authentication using CHAP
# client
server secret
IP addresses
username
* password *

65

 , IP ,
IP .
l2tpd
'/etc/init.d/l2tpd start'.
4.4 Openswan .

- NAT.
penswan ,
.
home-to-su-icmp ,
:
conn home-to-su-icmp
authby=rsasig
pfs=no
auto=add
rekey=no
left=62.44.96.35
leftnexthop=62.44.96.3
leftsubnet=192.168.24.0/24
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/clientCert.pem
leftprotoport=icmp
right=85.139.187.5
rightnexthop=85.139.187.1
rightsubnet=192.168.2.0/24
rightcert=/etc/ipsec.d/certs/hostCert.pem
rightrsasigkey=%cert
rightprotoport=icmp

, NAT, :
conn home-to-su-icmp-nat
authby=rsasig
pfs=no
auto=add
rekey=no
left=62.44.96.35
leftnexthop=62.44.96.3
leftsubnet=192.168.24.0/24
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/clientCert.pem
leftprotoport=icmp
right=192.168.1.2
rightnexthop=192.168.1.1
#ADSL
rightsubnet=192.168.2.0/24
rightcert=/etc/ipsec.d/certs/hostCert.pem
rightrsasigkey=%cert
rightprotoport=icmp

66

 (right
) , VPN IP .
home-to-su-icmp.

ipsec auto --up home-to-su-icmp.
-:
ipsec auto --up home-to-su-icmp
104 "home-to-su-icmp" #1: STATE_MAIN_I1: initiate
003 "home-to-su-icmp" #1: received Vendor ID payload [Openswan (this version)
2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "home-to-su-icmp" #1: received Vendor ID payload [Dead Peer Detection]
003 "home-to-su-icmp" #1: received Vendor ID payload [RFC 3947] method set
to=109
106 "home-to-su-icmp" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "home-to-su-icmp" #1: NAT-Traversal: Result using 3: no NAT detected
108 "home-to-su-icmp" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "home-to-su-icmp" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "home-to-su-icmp" #2: STATE_QUICK_I1: initiate
004 "home-to-su-icmp" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x6f78f193 <0xd110f47f xfrm=AES_0-HMAC_SHA1 IPCOMP=>0x0000949d <0x0000dde7
NATD=62.44.96.35:500 DPD=none}

, leftprotoport=
rightprotoport= . ICMP
ping
192.168.2.0/24 192.168.24.0/24.
.
ipsec auto status
000 "home-to-su-icmp": 192.168.24.0/24===62.44.96.35[C=GB, ST=Berkshire, O=My
Company Ltd, CN=pc9, E=ceco1@yahoo.com]:1/0---62.44.96.3...%any[C=GB,
ST=Berkshire, O=My Company Ltd, CN=pc2, E=ceco@yahoo.com]:1/0===192.168.2.0/24;
unrouted; eroute owner: #0
000 "home-to-su-icmp":
srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "home-to-su-icmp":
CAs: 'C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd,
CN=pc2, E=tsvetomir_h@yahoo.com'...'C=GB, ST=Berkshire, L=Newbury, O=My Company
Ltd, CN=pc2, E=tsvetomir_h@yahoo.com'
000 "home-to-su-icmp":
ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "home-to-su-icmp":
policy: RSASIG+ENCRYPT+TUNNEL+DONTREKEY; prio: 24,24;
interface: eth0;
000 "home-to-su-icmp":
newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "home-to-su-icmp"[1]: 192.168.24.0/24===62.44.96.35[C=GB, ST=Berkshire, O=My
Company Ltd, CN=pc9, E=ceco1@yahoo.com]:1/0---62.44.96.3...85.187.139.5[C=GB,
ST=Berkshire, O=My Company Ltd, CN=pc2, E=ceco@yahoo.com]:1/0===192.168.2.0/24;
erouted; eroute owner: #2

67

000 "home-to-su-icmp"[1]:
srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "home-to-su-icmp"[1]:
CAs: 'C=GB, ST=Berkshire, L=Newbury, O=My Company
Ltd, CN=pc2, E=tsvetomir_h@yahoo.com'...'C=GB, ST=Berkshire, L=Newbury, O=My
Company Ltd, CN=pc2, E=tsvetomir_h@yahoo.com'
000 "home-to-su-icmp"[1]:
ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "home-to-su-icmp"[1]:
policy: RSASIG+ENCRYPT+TUNNEL+DONTREKEY; prio:
24,24; interface: eth0;
000 "home-to-su-icmp"[1]:
newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "home-to-su-icmp"[1]:
IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 #2: "home-to-su-icmp"[1] 85.187.139.5:500 STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_EXPIRE in 28485s; newest IPSEC; eroute owner
000 #2: "home-to-su-icmp"[1] 85.187.139.5 esp.a5509e0d@85.187.139.5
esp.38f9e656@62.44.96.35 comp.17fb@85.187.139.5 comp.acf6@62.44.96.35
tun.0@85.187.139.5 tun.0@62.44.96.35
000 #1: "home-to-su-icmp"[1] 85.187.139.5:500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_EXPIRE in 3278s; newest ISAKMP; lastdpd=-1s(seq in:0
out:0)

.
Openswan. debug
a all klipsdebug plutodebug.
,
.
ipsec eroute
VPN . VPN
, .
4.5. Windows XP Openswan
l2tp/ipsec.
Windows sp2, ,
NAT-Traversal, NAT
. ,
.
Windows (Windows 2000/XP).
PKCS#12.
,
CA (root) .
: .
,

68

. certimport Xelerance pfxMachineImport Keith Brown

PKCS#12 .
Windows 2000 XP
:
1. Administrator (
IPSec ).
2. Windows 2000 Professional, High
Encryption Pack SP2+.
3. Microsoft Management Console Start Run
mmc.
4. File Add/Remove Snap-in.
5. Add.
6. Certificates. Add,
.
7. Computer account. ,
, IPSec ,
.
8. Local computer.
9. snap-in Certificates, OK.
10. Certificates (Local Computer). -
Personal. Certificates.
,
. All task" Import.
11. Certificate Import Wizard.
Next.
12. File to import.
File name . Browse.
13. Files of type Personal Information Exchange (*.pfx, *.p12).
14. Open.
15. File to
import. Next.
16. .
69

17. Automatically select the certificate store. (

Place all certificates in the following store: Personal). Next.
18. Certificate Import Wizard Finish.
19. .
Action Refresh.
.
20. File Exit.
,
L2TP/IPSec ,
Linux Openswan .
L2TP/IPSec .
() L2TP IPSec
:
1. Network Connection Start Control Panel.
2. File New Connection.
3. Connect to the Network at my Workplace,
Next.
4. New Connection Wizard Network
Connection, o : Dial-Up Connection Virtual
Private Network Connection. Next.
5. Company Name,
VPN Server Selection IP ,
.
6. roperties.
7. Networking Tab.
8. VPN Auto L2TP IPSec VPN.
9. .
10. .
11. Connect, VPN .
Windows IP 172.22.127.11
.

70

 , TCP/IP
, Use default gateway on remote network .
,
. route
. 192.168.24.0
- Route add 192.168.24.0 mask 255.255.255.0 172.22.127.11.
default gateway , ,
-
172.22.127.11.

-
VPN.
SUNet VPN.
IPSec, -
VPN.

Openswan, IPsec, a
NAT-T, NAT.
VPN SU Sunet
Windows.
VPN SU
, ,
, .
VPN ,
- IPSec VPN.
,
VPN ,
,
.

71

 :
1. : James S Tiller :VPN - A Technical Guide to IPSec Virtual Private Networks
2. : J.Davies and E. Lewis: Deploying VPN with Microsoft Windows Server 2003
3. Openswan http://www.openswan.org/docs/
4. Openvpn http://openvpn.net/

72