[Completed] Working eap-tls / pfSense 2.2 - $100 USD

hege

Hello,

I'd like to see a working eap-tls VPN implementation for mobile clients in pfSense 2.2, so I'm able to connect from Windows Phone or Windows 8.1 with OOB features.

ermal already pushed a first implementation of eap-tls (thank you) but this implementation is currently not usable like I want to use it.

The current implementation generate a config with

leftauth =  eap-tls
rightauth = eap-tls

but that’s not supported by WP and Win8. (https://forum.pfsense.org/index.php?topic=81657.msg446613#msg446613)

I was able to connect from WP8 with this config:

…
ike = aes256-sha256-modp1024!
esp = aes256-sha256!
leftauth = pubkey
rightauth = eap-tls
right = %any
eap_identity = "C=XX, ST=XXXXX, L=XXXX, O=XXXXX, OU=XXXXXX, CN=*, E=*"

I think you can choose a different Value for eap_identity, but I don’t know.

Requirements for success:
A working GUI configuration in pfSense 2.2 with certificate validation. pfSense/strongSwan should accept all certs with EKU “Client Authentification” (1.3.6.1.5.5.7.3.2) created by a choosen certificate authority
The patch/code must be included into the main branch for pfSense 2.2

Edit:
working eap-tls vpn setup now possible, thank you very much ermal!

Cert requirements,

• Full trust of chain (Root CA have to be installed on the client)

• pfSense Server cert needs the EKU "Server Authentification", also the FQDN in the Subject Alternative Names

• pfSense Client Cert needs the EKU "Client Authentification", also the CN name as a FQDN in the SAN

eri--

You can donate this bounty to pfSense.

hege

I am pleased to do so after it works.

With your latest changes (and the manually added RSA private key path to ipsec.secrets)

eap_identity=%any
or
eap_identity=%identity
Win 8.1 Pro and Windows Phone 8.1

Jan 14 22:30:23 	charon: 11[IKE] EAP method EAP_TLS failed for peer CLIENTIP
Jan 14 22:30:23 	charon: 11[IKE] <con3|203> EAP method EAP_TLS failed for peer CLIENTIP
Jan 14 22:30:23 	charon: 11[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TLS ]
Jan 14 22:30:23 	charon: 11[NET] received packet: from CLIENTIP[4500] to SERVERIP[4500] (80 bytes)
Jan 14 22:30:23 	charon: 11[NET] sending packet: from SERVERIP[4500] to CLIENTIP[4500] (96 bytes)
Jan 14 22:30:23 	charon: 11[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TLS ]
Jan 14 22:30:23 	charon: 11[TLS] sending fatal TLS alert 'certificate unknown'
Jan 14 22:30:23 	charon: 11[TLS] no trusted certificate found for 'CERT-CN' to verify TLS peer
Jan 14 22:30:23 	charon: 11[TLS] received TLS peer certificate 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=CERT-CN, E=XXX'
Jan 14 22:30:23 	charon: 11[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TLS ]
Jan 14 22:30:23 	charon: 11[NET] received packet: from CLIENTIP[4500] to SERVERIP</con3|203>

Windows Phone 8.1:
eap_identity = "C=, ST=, L=, O=, OU=, CN=, E=*"

works, but only with wildcard identity and - pretty sure - only one client simultaneously

..
Jan 14 22:39:10 	charon: 01[IKE] authentication of 'CLIENTIP' with EAP successful
Jan 14 22:39:10 	charon: 01[IKE] <con3|206> authentication of 'CLIENTIP' with EAP successful
..
Jan 14 22:39:09 	charon: 01[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TLS ]
Jan 14 22:39:09 	charon: 01[CFG] reached self-signed root ca with a path length of 0
..
Jan 14 22:39:09 	charon: 01[CFG] checking certificate status of 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX'
Jan 14 22:39:09 	charon: 01[CFG] using trusted ca certificate 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX'
Jan 14 22:39:09 	charon: 01[TLS] received TLS peer certificate 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=CERT-CN, E=XXX'
Jan 14 22:39:09 	charon: 01[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TLS ]
Jan 14 22:39:09 	charon: 01[NET] received packet: from CLIENTIP[4500] to SERVERIP[4500] (1376 bytes)</con3|206>

Win 8.1 Pro:
eap_identity = "C=, ST=, L=, O=, OU=, CN=, E=*"

Jan 14 22:52:28 	charon: 06[JOB] deleting half open IKE_SA after timeout
Jan 14 22:52:00 	charon: 06[NET] sending packet: from SERVERIP[4500] to CLIENTIP[62300] (1008 bytes)
Jan 14 22:52:00 	charon: 06[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TLS ]
Jan 14 22:52:00 	charon: 06[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TLS ]
Jan 14 22:52:00 	charon: 06[NET] received packet: from CLIENTIP[62300] to SERVERIP[4500] (80 bytes)
Jan 14 22:52:00 	charon: 06[NET] sending packet: from SERVERIP[4500] to CLIENTIP[62300] (1104 bytes)
Jan 14 22:52:00 	charon: 06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TLS ]
Jan 14 22:52:00 	charon: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TLS ]
Jan 14 22:52:00 	charon: 06[NET] received packet: from CLIENTIP[62300] to SERVERIP[4500] (80 bytes)
Jan 14 22:51:59 	charon: 06[NET] sending packet: from SERVERIP[4500] to CLIENTIP[62300] (1104 bytes)
Jan 14 22:51:59 	charon: 06[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TLS ]
Jan 14 22:51:59 	charon: 06[TLS] sending TLS cert request for 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX'gedues'
Jan 14 22:51:59 	charon: 06[TLS] sending TLS server certificate 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX'
Jan 14 22:51:59 	charon: 06[TLS] negotiated TLS 1.0 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Jan 14 22:51:59 	charon: 06[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TLS ]
Jan 14 22:51:59 	charon: 06[NET] received packet: from CLIENTIP[62300] to SERVERIP[4500] (192 bytes)
Jan 14 22:51:58 	charon: 06[NET] sending packet: from SERVERIP[4500] to CLIENTIP[62300] (2848 bytes)
Jan 14 22:51:58 	charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/TLS ]
Jan 14 22:51:58 	charon: 06[IKE] sending end entity cert "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX"
Jan 14 22:51:58 	charon: 06[IKE] <con3|211> sending end entity cert "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX"
Jan 14 22:51:58 	charon: 06[IKE] authentication of 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX' (myself) with RSA signature successful
Jan 14 22:51:58 	charon: 06[IKE] <con3|211> authentication of 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=Server-CERT-CN, E=XXX' (myself) with RSA signature successful
Jan 14 22:51:58 	charon: 06[IKE] peer supports MOBIKE
Jan 14 22:51:58 	charon: 06[IKE] <con3|211> peer supports MOBIKE
Jan 14 22:51:58 	charon: 06[IKE] initiating EAP_TLS method (id 0x9F)
Jan 14 22:51:58 	charon: 06[IKE] <con3|211> initiating EAP_TLS method (id 0x9F)
Jan 14 22:51:58 	charon: 06[IKE] using configured EAP-Identity C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*
Jan 14 22:51:58 	charon: 06[IKE] <con3|211> using configured EAP-Identity C=*, ST=*, L=*, O=*, OU=*, CN=*, E=*
Jan 14 22:51:58 	charon: 06[CFG] selected peer config 'con3'
Jan 14 22:51:58 	charon: 06[CFG] looking for peer configs matching SERVERIP[%any]...CLIENTIP[192.168.137.68]
Jan 14 22:51:58 	charon: 06[IKE] received 29 cert requests for an unknown ca
Jan 14 22:51:58 	charon: 06[IKE] <211> received 29 cert requests for an unknown ca
Jan 14 22:51:58 	charon: 06[IKE] received cert request for "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX"
Jan 14 22:51:58 	charon: 06[IKE] <211> received cert request for "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX"
Jan 14 22:51:58 	charon: 06[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
Jan 14 22:51:58 	charon: 06[NET] received packet: from CLIENTIP[62300] to SERVERIP[4500] (848 bytes)
Jan 14 22:51:58 	charon: 06[NET] sending packet: from SERVERIP[500] to CLIENTIP[62303] (337 bytes)
Jan 14 22:51:58 	charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Jan 14 22:51:58 	charon: 06[IKE] sending cert request for "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX"
Jan 14 22:51:58 	charon: 06[IKE] <211> sending cert request for "C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=ROOT-CA-CERT-CN, E=XXX"</con3|211></con3|211></con3|211></con3|211></con3|211>

eri--

Is the client using different CA than the server cert in pfSense?

hege

No, both certs are issued by the same CA

eri--

Is the ca present in /var/etc/ipsec/ipsec.d/*

It should be there AFAIR, that is why you cannot connect from my understanding.

eri--

I see the issue now.

Is pfSense the issuer of these certificates.
I think that all the client certs should be present in the certificate repository of pfSense, at least the public component.
After i will put all these public parts to be trusted by strongswan.
Not sure why strongswan has this requirement but seems the better way.

Can you do the test to put the peer certificate on the /var/etc/ipsec/ipsec.d/cer* and see if that fixes it with eap_identify = %identity?

hege

pfSense is not the issuer of the certs, I imported the root CA and the pfSense VPN cert.

I will test that after work.

(If importing the public key is required it should be possible to import only the public key via the GUI - Currently private and public is required)

eri--

Normally you can import only public even though you have both fields you can just import the public part and it will not complain.

hege

I can import the cert without private key in the CAs tab.
In the Certificates tab i get the error "The field Key data is required."

eri--

Anyway can you perform the test from console and after can see this issue as well.

hege

strongswan seems to ignore the cert completly if it's not referenced in the conf.

I added the pub, and even the private key to the right directories and after "ipsec rerreadall" it only shows my used pfSense cert with "ipsec listcerts" (and only the CA cert with listcacerts)

If I add this to the config, the peer cert is available with listcerts
"rightcert=/var/etc/ipsec/ipsec.d/certs/peercert.crt"
but than I get
"charon: 01[CFG] no matching peer config found"

I can also see my peer cert after the first successfully connection
(with eap_identity = "C=, ST=, L=, O=, OU=, CN=, E=*")

very strange…

I will build a new test deployment with different certs and clients(also a strongswan client) at the weekend....

eri--

Can you try instead of eap_identity to put aaa_identity = %any and retry?

hege

Unfortunately,

aaa_identity=%any
and
aaa_identity=%any
eap_identity=%any

Jan 15 20:06:56 charon: 10[IKE] EAP method EAP_TLS failed for peer CLIENT-IP
Jan 15 20:06:56 charon: 10[TLS] sending fatal TLS alert 'certificate unknown'
Jan 15 20:06:56 charon: 10[TLS] no trusted certificate found for 'CERT-CN' to verify TLS peer
Jan 15 20:06:56 charon: 10[TLS] received TLS peer certificate 'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=CERT-CN, E=XXX'

aaa_identity=%identity

Jan 15 20:08:27 charon: 07[TLS] sending fatal TLS alert 'handshake failure'
Jan 15 20:08:27 charon: 07[TLS] no usable TLS server certificate found for '%identity'

eri--

What algo is the signature on the client cert, SHA1 something else?

Can you validate this cert with the pki –verify tool of strongswan?

It is available with pfSense.

hege

sha512 :)

pki –verify --in /tmp/VPN-Client.crt --cacert /var/etc/ipsec/ipsec.d/cacerts/1eb57a16.0.crt

using certificate  'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=CERT-CN, E=XXX'
  using trusted ca certificate  'C=XX, ST=XXXXXX, L=XXX, O=XXX, OU=XXX, CN=CA-CERT-CN, E=XXX'
  reached self-signed root ca with a path length of 0
certificate trusted, lifetimes valid

I do this tests currently in my private network, at weekend I will create a new test setup with weaker and non sensible certs, so I can give you more information if needed.

eri--

Oh can you try removing the leftid settings from the profile and see if that fixes it?

hege

nope,

Jan 15 22:06:23 charon: 13[TLS] no trusted certificate found for 'CERT-CN' to verify TLS peer

(with and without eap_identity)

eri--

What if you do even leftauth=eap-tls or as usual but adding rightsendcert=never?

Also can you post full ipsec.conf section of the connection?

EDIT: also can you see based on this https://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig

hege

Jan 15 22:15:53 charon: 07[IKE] configured EAP-only authentication, but peer does not support it
Jan 15 22:15:53 charon: 07[IKE] <con3|43>configured EAP-only authentication, but peer does not support it

conn con3
        reqid = 3
        fragmentation = yes
        keyexchange = ikev2
        reauth = yes
        forceencaps = no
        rekey = yes
        installpolicy = yes
        type = tunnel
        dpdaction = none
        auto = add
        left = WAN-IP
        right = %any
        compress = yes
        ikelifetime = 28800s
        lifetime = 3600s
        rightsourceip = 172.16.94.0/24
        ike = aes256-sha256-modp1024!
        esp = aes256-sha1-modp1024,aes256-sha256-modp1024!
        eap_identity=%identity
        leftauth=eap-tls
        rightauth=eap-tls
        leftcert=/var/etc/ipsec/ipsec.d/certs/cert-3.crt
        rightsubnet = 172.16.94.0/24
        leftsubnet = 0.0.0.0/0

edit: with usual but rightsendcert=never same as always

Jan 15 22:19:11 charon: 13[TLS] sending fatal TLS alert 'certificate unknown'
Jan 15 22:19:11 charon: 13[TLS] no trusted certificate found for 'Client-CN' to verify TLS peer</con3|43>