这是一个创建于 2220 天前的主题,其中的信息可能已经有所发展或是发生改变。
首先说不是用来富强一类的,IPSec 这东西配置参数极为复杂,android 和 ubuntu 上的 strongswan 和 racoon 经过多次修改 ipsec.conf 配置,主机侧依然提示 No proposal found, 并且 strongswan 这货费尽周折开启 VERBOSE log 后发现 log 输出的内容基本也是无可读性的的 Binary 数据,实在不想花大笔时间去研究 ipsec 那复杂的参数了,有没有什么工具能够解析 INIT 阶段的 ISAKMP SA 数据包的,直观展示一下加密方式,DH,认证方式等等,尽量做到可视化直接方便配成一致,wireshark 就不用说了,那货给的信息也极为有限
31 条回复 • 2018-10-07 09:03:55 +08:00
 |
1
mason961125 2018-10-05 23:29:42 +08:00
日志的话...tail -f /var/log/auth.log 就能看到了...
|
 |
2
Seumi 2018-10-05 23:39:36 +08:00 via Android
就用 wireshark 就行。日志输出选最高级别,在里面搜索 SKEYSEED,下面就是七个密钥。strongswan 的日志包含的内容非常详细
|
 |
3
feast OP @mason961125 很抱歉你这办法我似乎已经用过了,输出的日志就是看不到,Juniper 官方说至少要这些东西互相匹配才行,日志里似乎是看不到的
If phase 2 negotiation has been initiated, and you get the "Error = NO_PROPOSAL_CHOSEN" message, this indicates a mismatch in proposals between the two peers. The phase 2 proposal elements include the following: Authentication algorithm (MD5, SHA1) Encryption algorithm (DES, 3DES, AES128, AES192, AES256) Lifetime kilobytes (sometimes referred to as lifesize) Lifetime seconds Protocol (AH, ESP) Perfect Forward Secrecy (Diffie-Hellman group1, group2, group5) If phase 2 fails to complete with an error in proposal, then confirm that remote peer has at least one proposal configured in which Authentication and Encryption algorithms, Protocol and Perfect Forward Secrecy (PFS) match at least one proposal on the local side. A common mis-configuration is PFS group key mismatch. Perhaps one side has PFS group key configured whereas the remote side may either not have PFS enabled or incorrect group key. Also, with some third-party non-Juniper devices, Lifetime in both kilobytes and/or seconds may also need to match. |
|
4
feast OP @Seumi SKYSEED 是什么,另外我已经把 STRONGSWAN 的日志级别调成 7 了依然没用,出来的数据看不到 JUNIPER 官方说的那几种参数
|
|
5
feast OP ```
Sep 16 22:28:10 05[MGR] checkout IKEv2 SA by message with SPIs 53be4aebeab9737c_i 0000000000000000_r Sep 16 22:28:10 05[MGR] created IKE_SA (unnamed)[1] Sep 16 22:28:10 05[NET] <1> received packet: from 119.77.23.12[500] to 172.21.241.94[500] (300 bytes) Sep 16 22:28:10 05[ENC] <1> parsing body of message, first payload is SECURITY_ASSOCIATION Sep 16 22:28:10 05[ENC] <1> starting parsing a SECURITY_ASSOCIATION payload Sep 16 22:28:10 05[ENC] <1> parsing SECURITY_ASSOCIATION payload, 272 bytes left Sep 16 22:28:10 05[ENC] <1> parsing payload from => 272 bytes @ 0x7f1b18000bdc Sep 16 22:28:10 05[ENC] <1> 0: 22 00 00 2C 00 00 00 28 01 01 00 04 03 00 00 08 "..,...(........ Sep 16 22:28:10 05[ENC] <1> 16: 01 00 00 03 03 00 00 08 03 00 00 02 03 00 00 08 ................ Sep 16 22:28:10 05[ENC] <1> 32: 02 00 00 02 00 00 00 08 04 00 00 02 28 00 00 88 ............(... Sep 16 22:28:10 05[ENC] <1> 48: 00 02 00 00 BD 44 15 33 19 42 FC 3E 48 26 C4 EE .....D.3.B.>H&.. Sep 16 22:28:10 05[ENC] <1> 64: 9E 03 ED F1 86 32 6F CB 18 56 8E E3 6E 59 2F 46 .....2o..V..nY/F Sep 16 22:28:10 05[ENC] <1> 80: 7D 93 71 FF C1 8B AD 1E FA D4 4A 42 04 ED D0 67 }.q.......JB...g Sep 16 22:28:10 05[ENC] <1> 96: 9F 51 55 F0 3B ED 25 E1 FC D0 82 46 84 39 E1 1A .QU.;.%....F.9.. Sep 16 22:28:10 05[ENC] <1> 112: 86 ED 85 57 96 B8 4F 08 F9 85 A8 30 D6 35 93 C7 ...W..O....0.5.. Sep 16 22:28:10 05[ENC] <1> 128: 27 61 21 2C 20 80 7D A0 8C 15 1A 32 10 1A BB A8 'a!, .}....2.... Sep 16 22:28:10 05[ENC] <1> 144: 7B 36 93 63 3B 05 A1 EC DD 36 27 6F E7 02 25 5E {6.c;....6'o..%^ Sep 16 22:28:10 05[ENC] <1> 160: E4 BC 3C CC 72 FB 33 11 44 7F 90 61 C2 82 2B EE ..<.r.3.D..a..+. Sep 16 22:28:10 05[ENC] <1> 176: 37 4B 6B E1 29 00 00 24 51 0F C8 1E A1 9A B5 E3 7Kk.)..$Q....... Sep 16 22:28:10 05[ENC] <1> 192: 41 12 8B E3 32 12 AD 58 A2 B4 E9 9E 3D 9E 3A D3 A...2..X....=.:. Sep 16 22:28:10 05[ENC] <1> 208: B6 88 EE 59 78 C5 69 8A 29 00 00 1C 00 00 40 04 ...Yx.i.).....@. Sep 16 22:28:10 05[ENC] <1> 224: 00 E9 42 94 E0 01 A5 09 2A 2D 7D 6A 6B 3A 3B E0 ..B.....*-}jk:;. Sep 16 22:28:10 05[ENC] <1> 240: 0C 52 8E 36 00 00 00 1C 00 00 40 05 AA E4 23 F4 .R.6......@...#. Sep 16 22:28:10 05[ENC] <1> 256: 5C 23 FF 4C 81 C6 D7 CA 06 A8 71 7D AB 0F 6C 3D \#.L......q}..l= Sep 16 22:28:10 05[ENC] <1> parsing rule 0 U_INT_8 Sep 16 22:28:10 05[ENC] <1> => 34 Sep 16 22:28:10 05[ENC] <1> parsing rule 1 FLAG Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 2 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 3 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 4 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 5 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 6 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 7 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 8 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 9 PAYLOAD_LENGTH Sep 16 22:28:10 05[ENC] <1> => 44 Sep 16 22:28:10 05[ENC] <1> parsing rule 10 (1258) ``` |
|
6
mason961125 2018-10-05 23:53:28 +08:00
@feast 我有个建议,你可以去 StrongSwan 的 Wiki 里找找有没有适合你需求的例子,一般来说都能找得到,而且也有配置完成后的日志。
|
|
7
Seumi 2018-10-05 23:54:21 +08:00 via Android
 |
|
8
Seumi 2018-10-05 23:55:01 +08:00 via Android
 |
|
9
feast OP @Seumi
Sep 16 22:28:10 05[ENC] <1> 0: 00 E9 42 94 E0 01 A5 09 2A 2D 7D 6A 6B 3A 3B E0 ..B.....*-}jk:;. Sep 16 22:28:10 05[ENC] <1> 16: 0C 52 8E 36 .R.6 Sep 16 22:28:10 05[ENC] <1> parsing NOTIFY payload finished Sep 16 22:28:10 05[ENC] <1> verifying payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> NOTIFY payload verified, adding to payload list Sep 16 22:28:10 05[ENC] <1> starting parsing a NOTIFY payload Sep 16 22:28:10 05[ENC] <1> parsing NOTIFY payload, 28 bytes left Sep 16 22:28:10 05[ENC] <1> parsing payload from => 28 bytes @ 0x7f1b18000cd0 Sep 16 22:28:10 05[ENC] <1> 0: 00 00 00 1C 00 00 40 05 AA E4 23 F4 5C 23 FF 4C ......@...#.\#.L Sep 16 22:28:10 05[ENC] <1> 16: 81 C6 D7 CA 06 A8 71 7D AB 0F 6C 3D ......q}..l= Sep 16 22:28:10 05[ENC] <1> parsing rule 0 U_INT_8 Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 1 FLAG Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 2 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 3 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 4 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 5 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 6 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 7 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 8 RESERVED_BIT Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 9 PAYLOAD_LENGTH Sep 16 22:28:10 05[ENC] <1> => 28 Sep 16 22:28:10 05[ENC] <1> parsing rule 10 U_INT_8 Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 11 SPI_SIZE Sep 16 22:28:10 05[ENC] <1> => 0 Sep 16 22:28:10 05[ENC] <1> parsing rule 12 U_INT_16 Sep 16 22:28:10 05[ENC] <1> => 16389 Sep 16 22:28:10 05[ENC] <1> parsing rule 13 SPI Sep 16 22:28:10 05[ENC] <1> => 0 bytes @ (nil) Sep 16 22:28:10 05[ENC] <1> parsing rule 14 CHUNK_DATA Sep 16 22:28:10 05[ENC] <1> => 20 bytes @ 0x7f1b100023c0 Sep 16 22:28:10 05[ENC] <1> 0: AA E4 23 F4 5C 23 FF 4C 81 C6 D7 CA 06 A8 71 7D ..#.\#.L......q} Sep 16 22:28:10 05[ENC] <1> 16: AB 0F 6C 3D ..l= Sep 16 22:28:10 05[ENC] <1> parsing NOTIFY payload finished Sep 16 22:28:10 05[ENC] <1> verifying payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> NOTIFY payload verified, adding to payload list Sep 16 22:28:10 05[ENC] <1> process payload of type SECURITY_ASSOCIATION Sep 16 22:28:10 05[ENC] <1> process payload of type KEY_EXCHANGE Sep 16 22:28:10 05[ENC] <1> process payload of type NONCE Sep 16 22:28:10 05[ENC] <1> process payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> process payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> verifying message structure Sep 16 22:28:10 05[ENC] <1> found payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> found payload of type NOTIFY Sep 16 22:28:10 05[ENC] <1> found payload of type SECURITY_ASSOCIATION Sep 16 22:28:10 05[ENC] <1> found payload of type KEY_EXCHANGE Sep 16 22:28:10 05[ENC] <1> found payload of type NONCE Sep 16 22:28:10 05[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Sep 16 22:28:10 05[CFG] <1> looking for an ike config for 172.21.241.94...220.166.51.91 Sep 16 22:28:10 05[IKE] <1> no IKE config found for 172.21.241.94...220.166.51.91, sending NO_PROPOSAL_CHOSEN Sep 16 22:28:10 05[ENC] <1> added payload of type NOTIFY to message Sep 16 22:28:10 05[ENC] <1> order payloads in message Sep 16 22:28:10 05[ENC] <1> added payload of type NOTIFY to message Sep 16 22:28:10 05[ENC] <1> generating IKE_SA_INIT response 0 [ N(NO_PROP) ] Sep 16 22:28:10 05[ENC] <1> not encrypting payloads 这种已经够详细了吧,但是还是看不出客户端到底用的什么加密,什么 HASH 和什么 FPS 模式 |
|
10
feast OP @Seumi 老兄非常感谢你的热心回复,但是你针对的是 traffic 阶段的 ESP 封包解密,但是我的意思是获取 ISKAMP 阶段 AH 封包的配置信息,AH 包是不加密的,是用来握手的
|
|
11
feast OP  1
@mason961125 如果客户端能配我也不会大费周章找工具了,就是不知道客户端用的什么模式,只能不断改服务端配置来试探
|
|
12
Seumi 2018-10-06 00:01:10 +08:00 via Android
IKE_SA_INIT 阶段的两条报文不是明文吗,可以看加密套件的协商结果,而且正常的话,日志里会显示协商过程
|
|
13
Seumi 2018-10-06 00:02:42 +08:00 via Android
不是啊,就是 IKE_SA_INIT 和 IKE_AUTH 握手阶段,后面是 ESP 阶段
|
|
14
feast OP @Seumi 你看我发的日志,sw 的日志协商阶段根本看不出客户端请求的什么加密方式,直接就提示一个 no IKE config found,这种让人很郁闷呐
|
|
15
feast OP 我的想法是,既然是握手,客户端发送给服务器的 ISAKMP 包一定会包括 JUNIPER 官方说的
Authentication algorithm (MD5, SHA1) Encryption algorithm (DES, 3DES, AES128, AES192, AES256) Lifetime kilobytes (sometimes referred to as lifesize) Lifetime seconds Protocol (AH, ESP) Perfect Forward Secrecy (Diffie-Hellman group1, group2, group5) 这几类信息,这几类信息用什么工具才能解析出来呢?我是目前没看到有任何类似的工具,IPSec 我感觉网上大部分富强的也就是抄配置+撞运气,压根没管参数的真正意义 @Seumi |
|
16
Seumi 2018-10-06 00:16:59 +08:00 via Android
用 wireshark 就可以,IKE 握手有两个阶段,第一个阶段 IKE_SA_INIT 的两条报文是明文,就包含你说的这几个加密套件,然后紧接着的 IKE_AUTH 阶段就会用上面协商的方法加密。你用 wireshark 抓到前两条报文,就能看到加密套件协商结构体
|
|
17
Seumi 2018-10-06 00:23:36 +08:00
 |
|
18
feast OP @Seumi 那这个阶段两端的 AUTH MODE 不同会不会导致出现上面的 NO PROPOSAL 错误呢,比如一端是未知的 oem 过的 psk 加密,一段是 psk 我感觉那个 IKE config strongswan 应该不仅仅判断了那几个加密套件要素,这方面兄台是否有所深入了解过?
|
|
19
Seumi 2018-10-06 00:26:42 +08:00
 日志里的协商过程大概是这样的 |
 |
20
zhaoxiting1997 2018-10-06 00:29:47 +08:00 via Android
试试 strongswan android 端,日志里可能有些有用的信息,服务器接受什么加密方式之类的
|
|
21
Seumi 2018-10-06 00:29:55 +08:00
https://github.com/quericy/one-key-ikev2-vpn
你试试这个,基于 strongswan 的一键配置 |
|
22
feast OP @Seumi 我感觉我还是没把日志调到最高,你这个日志是使用 strongswan 什么版本搭配各种命令行开启这种 verbose log 的
|
|
23
feast OP @zhaoxiting1997 那个的确挺丰富,但是那只是客户端好像
|
|
24
feast OP @Seumi 这个我很早就用过了,之前研究 IKEV2 的时候,这个脚本算是兼容性比较好的,但是我手上的终端并非一般意义上的标准 android 终端
|
|
25
Seumi 2018-10-06 00:36:56 +08:00
The IKE daemon knows different numerical levels of logging, ranging from -1 to 4:
-1: Absolutely silent 0: Very basic auditing logs, (e.g. SA up/SA down) 1: Generic control flow with errors, a good default to see whats going on 2: More detailed debugging control flow 3: Including RAW data dumps in hex 4: Also include sensitive material in dumps, e.g. keys 输出级别最高就是 4 了 |
|
27
Seumi 2018-10-06 00:48:47 +08:00
 不解密可以看到 SA 负载里的内容的啊 |
|
28
feast OP @Seumi 我已经看到了 proposal 里的内容了,明日我再修改服务器配置看一下,谢谢老兄了,SA_INIT 阶段是否会验证 AUTH 方法?目前看起来是 SA 建立后才进行 AUTH 协商的吧
|
 |
29
ladeo 2018-10-06 07:45:40 +08:00 via Android
1.racoon 就别用了太老了
2.你应该补一下最基本的 ipsec 概念,ike v1,ike v2,main mode,aggresive mode 的握手都不一样。 3.ipsec 最主要的就是 2 端匹配,匹配了肯定能起来 4.strongswan 和 juniper 是能连的,我自己就在用 5.换个运营商的线路看看,有时是背墙了 6.NAT 问题,NAT 次数太多。或者 n 没有开 NAT-T |
 |
30
cwbsw 2018-10-06 09:21:31 +08:00
IPSec 配置还好吧,简单的场景还是蛮简单的,严格照着 Strongswan 官网 wiki 上的来就可以了。我在 OpenWrt 路由器上配置了 IPSec 网关,iOS、Android、Windows 都没问题。
|
 |
31
zxq2233 2018-10-07 09:03:55 +08:00
您好,我是苏州思杰马克丁的法务专员,本内容有侵犯我司软件著作权之嫌,故烦请贴主将本文删除,谢谢!
|
Select Language