IPsec Packet by Packet

-

Phase-1 of IPSEC

In 1st two message it negotiate proposal and IKE version and NAT-T capability 

Proposal/transform >>

HAGLE - HASH, AUTH, DH Group, Lifetime ,Encryption  

1st Message IPSec main mode:

SA Payload 

Proposal payload

Trasform payload

SPI/cookie




2nd IPsec Main mode message




3rd Message IPSec main mode:

In 3rd and 4th message, it will do key exchange and Nonce and NAT-D (IP & Port hash)

DH key exchange ::

DH algo used to agree on same shared secret and generate key material

DH public value is calculated  (public value is mathematical calculation of private keys)

-->>It generate public and private key's

--->>It share public key's (x^b)

(x^b)==>g^a mod p (MOD(generator of private key=a))

g^ab=>(x^b)^a mod p (large prime no)






==>Each side has their public key and nonce (Ni_b is the Initiator's Nonce, and Nr_B is the Responder's Nonce)

==>It generate  SKEYID = prf(pre-shared-key, Ni_b | Nr_b)

The Seed value is then combined with the DH Shared Secret (and a few other values) to create three Session Keys: 

1>>a Derevative key

 SKEYID_d = prf(SKEYIDg^ab | CKY-I | CKY-R | 0)

SKEYID_d (d for derivative): not used by Phase 1. 

-->Phase2 --->[It is used as seed key for Phase2 keys, i.e. seed key for production traffic keys in Plain English]

g^ab -->Shared secret in DH process


2>>Authentication key

SKEYID_a = prf(SKEYID, SKEYID_d g^ab | CKY-I | CKY-R | 1)

(a for authentication) 

This key is used to protect message integrity in every subsequent packets as soon as both peers are authenticated (peers will authenticate each other in next 2 packets). Yes, I know, we verify the integrity by using a hash but throwing a key into a hash adds stronger security to hash and it's called HMAC.

HMAC=>keyed hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function



[pre-shared +SKEYID_a +hash}

3>>an Encryption key. 

SKEYID_e = prf(SKEYID, SKEYID_ag^ab | CKY-I | CKY-R | 2)

SKEYID_e (e for encryption): you'll see that the next 2 packets are also encrypted. 

As selected encryption algorithm for this phase was AES-CBC (128-bits) then we use AES with this key to symmetrically encrypt further data.


Next packet:


1. Hash of pre-shared key  

2. Identification 

ike 0:VPN:3: initiator: main mode get 3rd response...
ike 0:VPN:3: dec D3701B9BC03E3E03FA02FBC561FE57
ike 0:VPN:3: peer identifier IPV4_ADDR 20.1.1.20
ike 0:VPN:3: PSK authentication succeeded
ike 0:VPN:3: authentication OK
ike 0:VPN:3: established IKE SA d3701b9bc03e3e03/fa02fbc561fe5763

5th Message of Main mode:


6th Message of main mode:

5th and 6th Message in short



Comments

Post a Comment

Popular posts from this blog

Backup your fortigate

-
         It is critical to take backup when it comes to upgrading or before making any configuration changes.  You should take the following backup: Configuration file Local certificates Why I should take Certificate backup? Because Unique SSL inspection CA and server certificates that are generated by your FortiGate by default are not saved in a system backup. Where I can save the backup? local PC, USB key, FTP, and TFTP server What if I have VDOM? If you have VDOMs, you can back up the configuration of the entire FortiGate or only a specific VDOM How to Backup? Click on the user name in the upper right-hand corner of the screen and select Configuration > Backup. Direct the backup to your Local PC or to a USB Disk.     The USB Disk option will not be available if no USB drive is       inserted in the USB port. If VDOMs are enabled, you can collect specific VDOM backup or the entire configuration Encryption. Encryption must ...
Read more

IPsec Main and Quick Mode packet flow (Decrypted)

-
Image
Main Mode 1st Message: Generation of the initiator cookie — An 8-byte pseudo-random number used for anticlogging CKY-I = md5{(src_ip, dest_ip), random number, time, and date} Generation of the responder cookie — An 8-byte pseudo-random number used for anticlogging CKY-R = md5{(src_ip, dest_ip), random number, time, and date} Main Mode 2nd Message: Before 3rd and 4th message: Public key: Xa ,Xb Nonce = Ni, Nr How public key is created? DH public value = Xa  Xa = g^a mod p g is the generator  p is a large prime number  a is a private secret known only to the initiator Main Mode 3rd message: Key exchange Public key NAT-D Main Mode 4th Message: Key exchange Public key NAT-D NAT-D Before 5th and 6th message: Initiator secret = (Xb)a mod p = (Xa)b mod p = responder secret  This value is the shared secret between the two parties and is also equal to g^ab PRF => Pseudo random function based on negotiated hash SKEYID's = PRF [ Pre-shared key , Ni ,Nr ]    SKEYID...
Read more

SSL VPN Debug

-
Image
        It is very important to go through debug logs if there is an issue with SSL VPN. I have tried here to break down the debug flow so we can understand the flow of VPN and figure out the exact issue. 1st step: Fortigate (FW) and client establish SSL tunnel  It checks client cert requirements and TLS version supported by the client At the end of this flow, you can see the TLS version and cypher used  IMP: If you are facing any issue at this stage, you can try to verify the TLS version, ciphers and client cert requirement  2nd step: It matches the authentication rule and checks user credentials It validates the authentication rule (if you have more than one auth role, it use the top to bottom approach You can see authentication successful at last IMP: If an issue occurs in this stage, you need to verify the auth rule and credentials 3rd step In this step, it does hostcheck (hostcheck is basically checking whether the system support specified OS, reg...
Read more