I'm trying to get linux freeswan/pluto to talk with
openbsd/isakmpd using x509 certificates.  I'm using
the x509 patches to pluto available at
http://www.strongsec.com/freeswan/ (if the freeswan
list is not appropriate for discussing these
patches, I apologize).

I was observing the exchanged messages on the two
machines when either side is the initiator.  The
results are:

      pluto sends               isakmp replies
  (1)   SA                        SA
  (2)   KE + NONCE                KE + NONCE
  (3)   ID (DER_ASN1_DN) +        NOTIFY: INVALID ID INFORMATION
         SIG
[isakmpd debugging log says:
 151209.062674 Default rsa_sig_decode_hash: no public key found]

      isakmp sends               pluto replies
  (1)   SA                        SA
  (2)   KE + NONCE                KE + NONCE
  (3)   ID (IPV4_ADDR) +          ... no reply ...
          CERT(x509) + SIG
[pluto syslog says:
 "conname" #1: no suitable connection for peer '1.2.3.4']

I also tried it with isakmpd sending out FQDN ID's.  I havent
tried isakmpd's KEY_ID identification type, because I don't
know what the key id field would be filled in with (distinguished
name?).

Are these two implementations inherently incompatible, or
can I adjust the configurations to get them working?

                                  Tim N.

Hello Tim,

I'm not familiar at all with openbsd/isakmp but it seems to me
that the use of X.509 certificates is similar to what SSH Sentinel
1.1 beta does when it uses self-generated certificates. Also the
X.509 patch for FreeS/WAN, originally written by Neil Dunbar and
recently brought up-to-date for use with freeswan-1.5 by Luc Lanthier
works with this mode of authentication.

openbsd/isakmpd uses IPV4_ADDR or FQDN as an ID_type but
sends an additional X.509 certificate along with the ID.
The recipient can then check the the ipAddress, the dNSName or
the rfc822Name contained in the subjectAltName (which is a
X.509v3 extension field), against the transmitted ID of type
IPV4_ADDR, FQDN or UFQDN, respectively.

In order to make the X.509 patch compatible with openbsd,
I would have to introduce an option sendcert=yes that could be
set for any connection defined in ipsec.conf, in order to send
the FreeS/WAan server's certificate contained in /etc/x509cert.der
along with an ID of type IPV4_ADDR, FQDN or UFQDN.  

It might be done with a reasonable effort.

Regards

Andreas

======================================================================
Andreas Steffen                     e-mail: andreas.stef...@zhwin.ch
Zuercher Hochschule Winterthur      home:   http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland)    phone:  +41 76 340 25 56
===============================================================[ZHW]==

I have freeswan/pluto and openbsd/isakmpd talking together using
x509 certificates now.  Some of the problems I had were due to
mistakes on my part, but there were a few unusual configuration
items that needed to be set to make this work properly.  I list
them below, as well as the configuration files that I used.

First, you need isakmpd and freeswan installed (obviously).
Also, you need the x509 patches available at
http://www.strongsec.com/freeswan.

Next you need certificates.  I used openssl to make my certificates,
following the instructions in openbsd's "isakmpd" man page.
I actually made scripts to do this for me, which I put up at
http://www.lava.net/~newsham/certs.tgz in case anyone wanted to use
them.  I made a certificate authority, I'll call it "CA", and
certificates for two hosts, which I'll call "bsd" and "linux".
The address of "bsd" is b.b.b.b, and the address of "linux" is
l.l.l.l.

Keys and certificates need to be put in place:

   on bsd:
     bsd.key     ->  /etc/isakmpd/private/local.key
                     (chmod go-rwx local.key, or isakmpd wont read it!)
     ca.crt      ->  /etc/isakmpd/ca/ca.crt
     bsd.crt &
     linux.crt   -> /etc/isakmpd/certs/*

   on linux:
     linux.crt   -> /etc/x509.der
     linux.crt &
     bsd.crt     -> /etc/ipsec.d/*

Now the configuration files must be generated.  On Linux, everything
is as normal except for the way identities are expressed.  The private
key is extracted into /etc/ipsec.secrets as per the freeswan-x509 install
instructions, my file looks like:

    --- /etc/ipsec.secrets ---
    : RSA
        {
            Modulus: 0x..hex data ommitted...
            PublicExponent: 0x.....
            PrivateExponent: 0x....
            Prime1: 0x....
            Prime2: 0x....
            Exponent1: 0x....
            Exponent2: 0x....
            Coefficient: 0x....
        }
    --- end ---

In the configuration file, I was unable to use {left,right}cert=
to automatically load the cert and ID, because we need to express
the ID as an IPV4_ADDR.  Isakmpd will not accept ASN.1 encoded
certificates from pluto.  So I had to generate the left and right
rsasig as outlined in the freeswan-x509 instructions.  The box
is configured to initiate connections since "auto=start" is
specified.

    ---- /etc/ispec.conf ----
    config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

    conn x509-con
            authby=rsasig
            left=l.l.l.l
            leftid=l.l.l.l
            leftrsasigkey=0x....hex data ommitted....
            right=b.b.b.b
            rightid=b.b.b.b
            rightrsasigkey=0x......
            pfs=no
            auto=start
    ---- end ----

On the BSD side, everything was set up as it normally would be
for x509 certificates.  My policy file specifies that anybody
with a key signed by "CA" can negotiate phase-2 SA's.  A very
important note: The distinguished name must be entered in its
entirety!!!  I initially had "DN:/CN=CA/Email=news...@lava.net"
as the DN, which only specified some of the fields in the
certificates DN.  This did not work, and cost me a few hours
of headaches.  SPECIFY THE FULL DN!  You can find the DN by
reading through isakmpd debugging output, or you can extract
them with openssl:

     % openssl x509 -in ca.crt -noout -text |grep Subject
      Subject: C=US, ST=California, L=San Francisco, O=None, OU=Moon,
               CN=CA/Email=news...@lava.net

which would be "DN:/C=US/ST=California/L=.../CN=CA/Email=news...@lava.net"

My policy file is:

    ---- /etc/isakmpd/isakmpd.policy ----
    KeyNote-Version: 2
    Authorizer: "POLICY"
    Licensees: "DN:/C=US/ST=California/L=..../CN=CA/Email=news...@lava.net"
    Conditions: app_domain == "IPsec policy" &&
                esp_present == "yes" &&
                esp_enc_alg == "3des" -> "true";
    ---- end ----

And finally, my isakmpd.conf file.  This file is almost right out
of the man page.  It specifies a phase-1 transform using RSA_SIG,
so that RSA signatures are used to authenticate the connection.
Note that since the connection is listed as a passive-connection,
the bsd machine will not initiate outgoing connections.

    ---- /etc/isakmpd/isakmpd.conf ----
    [Default-main-mode]
    DOI=                    IPSEC
    EXCHANGE_TYPE=          ID_PROT
    Transforms=             3DES-SHA-RSA_SIG

    [Default-quick-mode]
    DOI=                    IPSEC
    EXCHANGE_TYPE=          QUICK_MODE
    Suites=                 QM-ESP-3DES-SHA-SUITE

    [General]
    Retransmits=            5
    Exchange-max-time=      120
    Listen-on=              b.b.b.b

    [Phase 1]
    l.l.l.l=                rempeer

    [rempeer]
    Phase=                  1
    Transport=              udp
    Local-address=          b.b.b.b
    Address=                l.l.l.l
    Configuration=          Default-main-mode

    [net-you]
    ID-type=                IPV4_ADDR_SUBNET
    Network=                l.l.l.l
    Netmask=                255.255.255.255

    [net-me]
    ID-type=                IPV4_ADDR_SUBNET
    Network=                b.b.b.b
    Netmask=                255.255.255.255

    [Phase 2]
    Passive-Connections=    x509-con

    [x509-con]
    Phase=                  2
    ISAKMP-peer=            rempeer
    Configuration=          Default-quick-mode
    Local-ID=               net-me
    Remote-ID=              net-you
    ---- end ----

Thats it.  I fire up isakmpd (isakmpd -d) and freeswan (ipsec setup --start)
and the two are talking like old friends...  enjoy.

                                                  Tim N.