Ikev2 #34
Comments
|
As you've noted, the current version of ike-scan doesn't support custom transforms for ikev2. It only supports a pre-defined ikev2 transform set, which is generated by the following code in ike-scan.c: It is possible to alter this code to change the transforms, which is what I've done when experimenting with ikev2, but I realise that's far from ideal. It would be preferrable to add support for custom transforms, but that would require some code refactoring in order to do so neatly. Now I know that there's some interest in ikev2 enumeration I might look at this. Of course, pull requests are always welcome :-) |
|
If i get some spare time I'd love to contribute and will aim at doing so, but I'll warn you, the extent of my coding is dirty scripting in python for pen testing. Do you have a good reference to ensure i have the write syntax for similar items above for other encryption, algorithm and dh groups somewhere? I am also a bit confused, maybe you could clarify, is the above block of code sending one request that says this is what i support so the server can respond with the default (this is what I'm obsering now). The idea here would be to allow a user the option of which transforms to choose and send that as well as to enumerate all correct? |
|
The code shown above is constructing the following IKEv2 transforms: Encryption Algorithm = AES_CBC, 256 bit key This transform set forms part of the proposal which in turn forms part of the SA payload. RFC 4306 states:
Which means the proposal is: Encryption: (AES/256 or AES/128 or 3DES or DES) and Edit: the simplest way to enumerate transforms is to send one custom transform at a time and see what responses are returned. But this custom transform needs to be sent instead of the default, not in addition to it. |
|
I've been trying to understand the yIKEs tool seen here which exclusively supports IKEv2. It is the only custom transform tool I've seen public: Would love to eventually have ike-scan perform the same function as yIKEs but at a higher level. If you want super quick IKEv1 full algorithm support, checkout Patator: |
|
Since I manage over hundreds of VPN tunnels with IKEv2, I would be very happy about a corresponding implementation. In the meantime, it would be enough for me if I could use Encryption: (AES/256) and I thought I could customize the ike-scan.c with the above parameters, but I saw that the isakmp.h only contains the following “maximum” algorithms: Would it perhaps be possible to have a quick and dirty implementation in the short term with the above proposal? If it is useful, I could use it to run many tests with different appliances (Cisco Routers and ASAs, StrongSwan [heavily used with IKEv2], Fortigate, WatchGuard, Sophos, Palo Alto and so on) and provide the results? I would like to take this opportunity to thank Roy Hills for his efforts and the implementation of |
|
The algorithms you mention are defined in rfc 4868: I'll create a PR to add these algorithm identifiers. |
|
I have adapted the file Added the following lines to Then I executed the commands as described in the documentation ( |
|
That is expected behaviour - if you change the IKEv2 transforms then the packet data won't match the sample data in |
|
Thank you very much for your swift response, Roy. I have successfully compiled it with the changes mentioned above. Tried an ikev2 scan against StrongSwan: According to the logs of the strongswan, the above changes are ignored and the old parameters are still used: |
|
I have committed this change to the PR which adds four new transforms to the default ikev2 proposal. Note that you need to adjust rsh@bookworm:~/ike-scan$ git diff
diff --git a/ike-scan.c b/ike-scan.c
index b14c82a..5448060 100644
--- a/ike-scan.c
+++ b/ike-scan.c
@@ -2208,15 +2208,19 @@ initialise_ike_packet(size_t *packet_out_len, ike_packet_params *params) {
free(attr);
add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_3DES, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_ENCR, IKEV2_ENCR_DES, NULL, 0);
+ add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_SHA2_512, NULL, 0);
+ add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_SHA2_256, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_SHA1, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_PRF, IKEV2_PRF_HMAC_MD5, NULL, 0);
+ add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_SHA2_512_256, NULL, 0);
+ add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_SHA2_256_128, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_SHA1_96, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_INTEG, IKEV2_AUTH_HMAC_MD5_96, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_DH, 2, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_DH, 5, NULL, 0);
add_transform2(0, NULL, IKEV2_TYPE_DH, 14, NULL, 0);
transforms = add_transform2(1, &trans_len, 0, 0, NULL, 0);
- no_trans=11;
+ no_trans=15;
}
/*
* Proposal payloadThe initiator packet now looks like this: Please let me know if this works. |
|
I've added the Key Exchange Method Transform IDs DH Group 20 and Group 21. The IANA transform identifiers are: [21] 521-bit random ECP group [RFC6989], Sec. 2.3 [RFC5903] As I added the two lines to the code I also updated As seen in the excerpt above, the changes are still not considered. |
|
Check that you are running the modified and rebuilt version (e.g. with |
|
Dear Roy, I assure you that I have recompiled the source code. Even more, I cloned the repository from scratch every time. Here are my commands: cross check cross check Transferring the freshly build binaries to the remote test system: It is a mystery to me that the changes to the transform sets seem to be ignored every time. Would it be worth a try to upload the isakmp.h and ike-scan.c I modified to your repository and then carry out the individual steps (clone) yourself as I described above? |
|
Thanks for confirming - just checking. I should be able to reproduce your changes from the diffs you posted. It'll probably make sense when I get a branch with your changes to compare. |
|
Can you try revision d6c11fb on branch I've updated I've also incremented the version number in this branch to |
Progress!!!We are close to the finish. make check make check-sizes check-hash \ check-run1 check-run2 check-run3 check-psk-crack-1 check-psk-crack-2 check-psk-crack-3 check-psk-crack-4 check-packet check-decode check-error check-vendor-ids make[1]: Entering directory '/home/ritter/ike-scan' gcc -DHAVE_CONFIG_H -I. -DIKEDATADIR=\"/opt/ike-scan/share/ike-scan\" -g -O2 -Wall -Wshadow -Wwrite-strings -Wextra -fstack-protector -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -MT check-sizes.o -MD -MP -MF .deps/check-sizes.Tpo -c -o check-sizes.o check-sizes.c mv -f .deps/check-sizes.Tpo .deps/check-sizes.Po gcc -g -O2 -Wall -Wshadow -Wwrite-strings -Wextra -fstack-protector -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -o check-sizes check-sizes.o error.o md5.o sha1.o strlcat.o strlcpy.o gcc -DHAVE_CONFIG_H -I. -DIKEDATADIR=\"/opt/ike-scan/share/ike-scan\" -g -O2 -Wall -Wshadow -Wwrite-strings -Wextra -fstack-protector -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -MT check-hash.o -MD -MP -MF .deps/check-hash.Tpo -c -o check-hash.o check-hash.c mv -f .deps/check-hash.Tpo .deps/check-hash.Po gcc -g -O2 -Wall -Wshadow -Wwrite-strings -Wextra -fstack-protector -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -o check-hash check-hash.o error.o utils.o wrappers.o mt19937ar.o md5.o sha1.o strlcat.o strlcpy.o make[1]: Nothing to be done for 'check-run1'. make[1]: Nothing to be done for 'check-run2'. make[1]: Nothing to be done for 'check-run3'. make[1]: Nothing to be done for 'check-psk-crack-1'. make[1]: Nothing to be done for 'check-psk-crack-2'. make[1]: Nothing to be done for 'check-psk-crack-3'. make[1]: Nothing to be done for 'check-psk-crack-4'. make[1]: Nothing to be done for 'check-packet'. make[1]: Nothing to be done for 'check-decode'. make[1]: Nothing to be done for 'check-error'. make[1]: Nothing to be done for 'check-vendor-ids'. make[1]: Leaving directory '/home/ritter/ike-scan' make check-TESTS make[1]: Entering directory '/home/ritter/ike-scan' make[2]: Entering directory '/home/ritter/ike-scan' PASS: check-sizes PASS: check-hash PASS: check-run1 PASS: check-run2 PASS: check-run3 PASS: check-psk-crack-1 PASS: check-psk-crack-2 PASS: check-psk-crack-3 PASS: check-psk-crack-4 PASS: check-packet PASS: check-decode PASS: check-error PASS: check-vendor-ids ============================================================================ Testsuite summary for ike-scan 1.9.7 ============================================================================ # TOTAL: 13 # PASS: 13 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ make[2]: Leaving directory '/home/ritter/ike-scan' make[1]: Leaving directory '/home/ritter/ike-scan' /opt/ike-scan-1.9.7/bin/ike-scan --version ike-scan 1.9.7 Copyright (C) 2003-2013 Roy Hills, NTA Monitor Ltd. ike-scan comes with NO WARRANTY to the extent permitted by law. You may redistribute copies of ike-scan under the terms of the GNU General Public License. For more information about these matters, see the file named COPYING. /opt/ike-scan-1.9.7/bin/ike-scan --ikev2 -M 37.83.x.x Starting ike-scan 1.9.7 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) 37.83.x.x Notify message 17 (INVALID_KE_PAYLOAD) HDR=(CKY-R=0000000000000000, IKEv2) VID=882fe56d6fd20dbc2251613b2ebe5beb (strongSwan) Ending ike-scan 1.9.7: 1 hosts scanned in 0.078 seconds (12.79 hosts/sec). 0 returned handshake; 1 returned notify tcpdump -c 2 -n -i eth0 -v -X udp port 500
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:18:10.805234 IP (tos 0x0, ttl 51, id 46586, offset 0, flags [DF], proto UDP (17), length 372)
10.10.10.10.500 > 192.168.3.152.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[I]:
(sa: len=152
(p: #1 protoid=isakmp transform=17 len=152
(t: #1 type=encr id=aes (type=keylen value=0100))
(t: #2 type=encr id=aes (type=keylen value=0080))
(t: #3 type=encr id=3des )
(t: #4 type=encr id=1des )
(t: #5 type=prf id=#7 )
(t: #6 type=prf id=#5 )
(t: #7 type=prf id=hmac-sha )
(t: #8 type=prf id=hmac-md5 )
(t: #9 type=integ id=#14 )
(t: #10 type=integ id=#12 )
(t: #11 type=integ id=hmac-sha )
(t: #12 type=integ id=hmac-md5 )
(t: #13 type=dh id=modp1024 )
(t: #14 type=dh id=modp1536 )
(t: #15 type=dh id=modp2048 )
(t: #16 type=dh id=#20 )
(t: #17 type=dh id=#21 )))
(v2ke: len=128 group=modp1024)
(nonce: len=20 data=(eb0858c94fe1db1ea871...eef4222570b876c60de9))
0x0000: 4500 0174 b5fa 4000 3311 4298 023b 876b [email protected]..;.k
0x0010: c0a8 0398 01f4 01f4 0160 4648 c781 f73e .........`FH...>
0x0020: 4723 7ced 0000 0000 0000 0000 2120 2208 G#|.........!.".
0x0030: 0000 0000 0000 0158 2200 009c 0000 0098 .......X".......
0x0040: 0101 0011 0300 000c 0100 000c 800e 0100 ................
0x0050: 0300 000c 0100 000c 800e 0080 0300 0008 ................
0x0060: 0100 0003 0300 0008 0100 0002 0300 0008 ................
0x0070: 0200 0007 0300 0008 0200 0005 0300 0008 ................
0x0080: 0200 0002 0300 0008 0200 0001 0300 0008 ................
0x0090: 0300 000e 0300 0008 0300 000c 0300 0008 ................
0x00a0: 0300 0002 0300 0008 0300 0001 0300 0008 ................
0x00b0: 0400 0002 0300 0008 0400 0005 0300 0008 ................
0x00c0: 0400 000e 0300 0008 0400 0014 0000 0008 ................
0x00d0: 0400 0015 2800 0088 0002 0000 8ce0 13bc ....(...........
0x00e0: 7cfc 30ad f233 0757 db31 9df2 4548 73d1 |.0..3.W.1..EHs.
0x00f0: 4396 100b d1eb 1d6b 37ab 1af6 f8ff 1e24 C......k7......$
0x0100: 7a20 0dad cf25 7e4a ac37 9987 c1d6 9043 z....%~J.7.....C
0x0110: 414e eb25 58f6 df5a be8a cc80 dbbe c6e7 AN.%X..Z........
0x0120: ac67 e08b 533d 2ad0 09e0 f75a e05b 42b2 .g..S=*....Z.[B.
0x0130: c7a2 d3d1 77af f2b5 8ea5 cb2e cec4 0637 ....w..........7
0x0140: dee7 260b 0303 ab6c 9dd9 d6ce ec8e 3db5 ..&....l......=.
0x0150: 646a b2c0 be64 46cd ec6b eef9 0000 0018 dj...dF..k......
0x0160: eb08 58c9 4fe1 db1e a871 eef4 2225 70b8 ..X.O....q.."%p.
0x0170: 76c6 0de9 v...
19:18:10.811124 IP (tos 0x0, ttl 64, id 15783, offset 0, flags [DF], proto UDP (17), length 86)
192.168.3.152.500 > 10.10.10.10.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[R]:
(n: prot_id=#0 type=17(invalid_ke_payload))
(v2vid: len=16 vid=./.mo..."Qa;..[.)
0x0000: 4500 0056 3da7 4000 4011 af09 c0a8 0398 E..V=.@.@.......
0x0010: 023b 876b 01f4 01f4 0042 4e3a c781 f73e .;.k.....BN:...>
0x0020: 4723 7ced 0000 0000 0000 0000 2920 2220 G#|.........).".
0x0030: 0000 0000 0000 003a 2b00 000a 0000 0011 .......:+.......
0x0040: 0015 0000 0014 882f e56d 6fd2 0dbc 2251 ......./.mo..."Q
0x0050: 613b 2ebe 5beb a;..[.
2 packets captured
2 packets received by filter
0 packets dropped by kernel
swanctl --version strongSwan swanctl 5.9.8 tail -f charon_debug.log [NET] <10> received packet: from 10.10.10.10[500] to 192.168.3.152[500] (344 bytes) [ENC] <10> parsed IKE_SA_INIT request 0 [ SA KE No ] [IKE] <10> local endpoint changed from 0.0.0.0[500] to 192.168.3.152[500] [IKE] <10> remote endpoint changed from 0.0.0.0 to 10.10.10.10[500] [IKE] <10> 10.10.10.10 is initiating an IKE_SA [IKE] <10> IKE_SA (unnamed)[10] state change: CREATED => CONNECTING [CFG] <10> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521 [IKE] <10> natd_chunk => 22 bytes @ 0x7f64005f20 [IKE] <10> 0: 01 D0 21 4B 3C 55 F2 9B 00 00 00 00 00 00 00 00 ..!K 16: C0 A8 03 98 01 F4 ...... [IKE] <10> natd_hash => 20 bytes @ 0x7f64005810 [IKE] <10> 0: F5 8C 36 90 7C 1D 52 C9 66 F4 9B A0 8F 04 9B CB ..6.|.R.f....... [IKE] <10> 16: F2 EF C6 20 ... [IKE] <10> natd_chunk => 22 bytes @ 0x7f64005f20 [IKE] <10> 0: 01 D0 21 4B 3C 55 F2 9B 00 00 00 00 00 00 00 00 ..!K 16: 02 3B 87 6B 01 F4 .;.k.. [IKE] <10> natd_hash => 20 bytes @ 0x7f640048f0 [IKE] <10> 0: 22 94 9F F9 DF 90 38 5C A2 E6 8A CF 40 F3 01 35 ".....8\[email protected] [IKE] <10> 16: 57 8E 86 80 W... [IKE] <10> precalculated src_hash => 20 bytes @ 0x7f640048f0 [IKE] <10> 0: 22 94 9F F9 DF 90 38 5C A2 E6 8A CF 40 F3 01 35 ".....8\[email protected] [IKE] <10> 16: 57 8E 86 80 W... [IKE] <10> precalculated dst_hash => 20 bytes @ 0x7f64005810 [IKE] <10> 0: F5 8C 36 90 7C 1D 52 C9 66 F4 9B A0 8F 04 9B CB ..6.|.R.f....... [IKE] <10> 16: F2 EF C6 20 ... [IKE] <10> sending strongSwan vendor ID [IKE] <10> DH group MODP_1024 unacceptable, requesting ECP_521 [ENC] <10> generating IKE_SA_INIT response 0 [ N(INVAL_KE) V ] [NET] <10> sending packet: from 192.168.3.152[500] to 10.10.10.10[500] (58 bytes) [IKE] <10> IKE_SA (unnamed)[10] state change: CONNECTING => DESTROYING |
|
Looks like it's sending DH group 2 when it wants group 21. Try including the |
|
A brief idea in advance: The StrongSwan server is connected to a connection with a dynamic IP address, which will be renewed shortly anyway. Hence, here is the IP address 37.83.1.50 (which is NATed to 192.168.3.152 in the logs below), so that you can also test directly. It's easier for both of us. /opt/ike-scan-1.9.7/bin/ike-scan --dhgroup=21 --ikev2 -M 37.83.1.50 Starting ike-scan 1.9.7 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) 37.83.1.50 Notify message 14 (NO_PROPOSAL_CHOSEN) HDR=(CKY-R=0000000000000000, IKEv2) Ending ike-scan 1.9.7: 1 hosts scanned in 0.117 seconds (8.54 hosts/sec). 0 returned handshake; 1 returned notify [NET] <13> received packet: from 10.10.10.10[500] to 192.168.3.152[500] (348 bytes) [ENC] <13> parsed IKE_SA_INIT request 0 [ SA KE No ] [IKE] <13> local endpoint changed from 0.0.0.0[500] to 192.168.3.152[500] [IKE] <13> remote endpoint changed from 0.0.0.0 to 10.10.10.10[500] [IKE] <13> 10.10.10.10 is initiating an IKE_SA [IKE] <13> IKE_SA (unnamed)[13] state change: CREATED => CONNECTING [CFG] <13> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521 [LIB] <13> ECDH public value is malformed [IKE] <13> natd_chunk => 22 bytes @ 0x7f44008830 [IKE] <13> 0: B1 FF A1 CB A3 34 B4 4B 00 00 00 00 00 00 00 00 .....4.K........ [IKE] <13> 16: C0 A8 03 98 01 F4 ...... [IKE] <13> natd_hash => 20 bytes @ 0x7f44008810 [IKE] <13> 0: 70 F6 29 29 9A EF 76 18 E2 07 C0 61 52 F1 CF 15 p.))..v....aR... [IKE] <13> 16: 71 11 E3 65 q..e [IKE] <13> natd_chunk => 22 bytes @ 0x7f44008830 [IKE] <13> 0: B1 FF A1 CB A3 34 B4 4B 00 00 00 00 00 00 00 00 .....4.K........ [IKE] <13> 16: 02 3B 87 6B 01 F4 .;.k.. [IKE] <13> natd_hash => 20 bytes @ 0x7f44006b90 [IKE] <13> 0: 01 AB C2 AF 83 9D D3 01 F9 48 2C 41 C2 DC AB 67 .........H,A...g [IKE] <13> 16: 73 5A 18 01 sZ.. [IKE] <13> precalculated src_hash => 20 bytes @ 0x7f44006b90 [IKE] <13> 0: 01 AB C2 AF 83 9D D3 01 F9 48 2C 41 C2 DC AB 67 .........H,A...g [IKE] <13> 16: 73 5A 18 01 sZ.. [IKE] <13> precalculated dst_hash => 20 bytes @ 0x7f44008810 [IKE] <13> 0: 70 F6 29 29 9A EF 76 18 E2 07 C0 61 52 F1 CF 15 p.))..v....aR... [IKE] <13> 16: 71 11 E3 65 q..e [IKE] <13> sending strongSwan vendor ID [IKE] <13> applying DH public value failed [ENC] <13> generating IKE_SA_INIT response 0 [ N(NO_PROP) ] [NET] <13> sending packet: from 192.168.3.152[500] to 10.10.10.10[500] (36 bytes) [IKE] <13> IKE_SA (unnamed)[13] state change: CONNECTING => DESTROYING tcpdump -c 2 -n -i eth0 -v -X udp port 500
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:12:43.614420 IP (tos 0x0, ttl 51, id 25106, offset 0, flags [DF], proto UDP (17), length 376)
10.10.10.10.500 > 192.168.3.152.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[I]:
(sa: len=152
(p: #1 protoid=isakmp transform=17 len=152
(t: #1 type=encr id=aes (type=keylen value=0100))
(t: #2 type=encr id=aes (type=keylen value=0080))
(t: #3 type=encr id=3des )
(t: #4 type=encr id=1des )
(t: #5 type=prf id=#7 )
(t: #6 type=prf id=#5 )
(t: #7 type=prf id=hmac-sha )
(t: #8 type=prf id=hmac-md5 )
(t: #9 type=integ id=#14 )
(t: #10 type=integ id=#12 )
(t: #11 type=integ id=hmac-sha )
(t: #12 type=integ id=hmac-md5 )
(t: #13 type=dh id=modp1024 )
(t: #14 type=dh id=modp1536 )
(t: #15 type=dh id=modp2048 )
(t: #16 type=dh id=#20 )
(t: #17 type=dh id=#21 )))
(v2ke: len=132 group=#21)
(nonce: len=20 data=(a4bcf746d3267f883cd9...67a163c6da55a19ae2c8))
0x0000: 4500 0178 6212 4000 3311 967c 023b 876b [email protected]..|.;.k
0x0010: c0a8 0398 01f4 01f4 0164 6852 fb5d 4cd4 .........dhR.]L.
0x0020: 123b a3c5 0000 0000 0000 0000 2120 2208 .;..........!.".
0x0030: 0000 0000 0000 015c 2200 009c 0000 0098 .......\".......
0x0040: 0101 0011 0300 000c 0100 000c 800e 0100 ................
0x0050: 0300 000c 0100 000c 800e 0080 0300 0008 ................
0x0060: 0100 0003 0300 0008 0100 0002 0300 0008 ................
0x0070: 0200 0007 0300 0008 0200 0005 0300 0008 ................
0x0080: 0200 0002 0300 0008 0200 0001 0300 0008 ................
0x0090: 0300 000e 0300 0008 0300 000c 0300 0008 ................
0x00a0: 0300 0002 0300 0008 0300 0001 0300 0008 ................
0x00b0: 0400 0002 0300 0008 0400 0005 0300 0008 ................
0x00c0: 0400 000e 0300 0008 0400 0014 0000 0008 ................
0x00d0: 0400 0015 2800 008c 0015 0000 25a0 d595 ....(.......%...
0x00e0: d180 a932 505a 6af5 92b1 8ba2 44a2 4cf7 ...2PZj.....D.L.
0x00f0: a968 36ee 8eb2 6ccb eeb9 a22e 2cc7 c85b .h6...l.....,..[
0x0100: 6d2d 48aa 12c2 e85d b52d 94ee 13c7 6d8e m-H....].-....m.
0x0110: 4708 df92 62b3 86c5 b143 5682 65fe 0abd G...b....CV.e...
0x0120: cd9c 32f9 1f02 96ea f06b 5e8f 85ac ff4a ..2......k^....J
0x0130: b1d1 8669 89a8 81f4 361e a23c f2cd 5aa2 ...i....6..<..Z.
0x0140: 751c 2ad9 5592 c790 a610 bcf5 2915 291e u.*.U.......).).
0x0150: e3ad 4f0c aad4 a320 74af f09b 1ac2 4fbe ..O.....t.....O.
0x0160: 0000 0018 a4bc f746 d326 7f88 3cd9 67a1 .......F.&..<.g.
0x0170: 63c6 da55 a19a e2c8 c..U....
20:12:43.661927 IP (tos 0x0, ttl 64, id 20780, offset 0, flags [DF], proto UDP (17), length 64)
192.168.3.152.500 > 10.10.10.10.500: isakmp 2.0 msgid 00000000: parent_sa ikev2_init[R]:
(n: prot_id=#0 type=14(no_protocol_chosen))
0x0000: 4500 0040 512c 4000 4011 9b9a c0a8 0398 E..@Q,@.@.......
0x0010: 023b 876b 01f4 01f4 002c 4e24 fb5d 4cd4 .;.k.....,N$.]L.
0x0020: 123b a3c5 0000 0000 0000 0000 2920 2220 .;..........).".
0x0030: 0000 0000 0000 0024 0000 0008 0000 000e .......$........
2 packets captured
2 packets received by filter
0 packets dropped by kernel
And here the response for DH20: /opt/ike-scan-1.9.7/bin/ike-scan --dhgroup=20 --ikev2 -M 37.83.1.50 Starting ike-scan 1.9.7 with 1 hosts (http://www.nta-monitor.com/tools/ike-scan/) 37.83.1.50 Notify message 17 (INVALID_KE_PAYLOAD) HDR=(CKY-R=0000000000000000, IKEv2) VID=882fe56d6fd20dbc2251613b2ebe5beb (strongSwan) Ending ike-scan 1.9.7: 1 hosts scanned in 0.090 seconds (11.16 hosts/sec). 0 returned handshake; 1 returned notify |
It looks like strongswan checks the DH value and fails because ike-scan just creates a KE payload with the correct format and length but fills it with random data. That is generally enough for the handshake to progress on most systems, but obviously not all. You would need to supply a valid key exchange payload with valid DH values, which isn't an easy task because you'd need a crypto library; and it's outside the scope of ike-scan. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Are you aware of any scripts that can enumerate acceptable cipher suites and combinations of the separate attributes for ikev2 similar to what ike-scan does for ikev1? I see that I can see what dhgroups are acceptable but ike-scan responds with a message saying that ikev2 does not accept custom proposals. Does this mean that ikev2 hides what is acceptable until further along the handshake/auth or am I missing something? If the cipher suites can be enumerated how much work would it be to modify the script and do you have any suggestions on how to go about it? I'd like to spend some time on this outside of a test I'm doing and just wondering how much of an investment it'd be or if I should work through scapy.
The text was updated successfully, but these errors were encountered: