iked.conf basics

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

iked.conf basics

David Higgs
I am looking to configure iked(8) on my OpenBSD router to provide
IPsec services to remote clients.  I would like to tunnel (nearly) all
my traffic from my phone or laptop back into my home router, and
leverage the services there (DNS, firewall, etc.), then either access
my local network or the rest of the internet.  I think I want my
router to be a VPN proxy - is there more accurate/common terminology?

I am having difficulty extracting what is and is not relevant from the
iked.conf(5) man page, since this is new terminology to me.  I believe
that the first example is most appropriate for my router
configuration, adapted something like this:

# candidate iked.conf
set mobike
user "test" "password123"
ikev2 esp \
  eap "mschap-v2" \
  config dhcp-server 10.0.0.1

The parts I'm confused on are the from/to and peer/local fields.
Which pair describes the IPs of the tunnel endpoints, and which
describes the traffic allowed to flow through the tunnel?  I guess I
don't know whether "IPsec flow" refers to the encapsulating ESP
packets or the encapsulated traffic.

Thanks for any help / cluebats.

--david

Reply | Threaded
Open this post in threaded view
|

Re: iked.conf basics

Stuart Henderson
On 2018-05-31, David Higgs <[hidden email]> wrote:

> I am looking to configure iked(8) on my OpenBSD router to provide
> IPsec services to remote clients.  I would like to tunnel (nearly) all
> my traffic from my phone or laptop back into my home router, and
> leverage the services there (DNS, firewall, etc.), then either access
> my local network or the rest of the internet.  I think I want my
> router to be a VPN proxy - is there more accurate/common terminology?
>
> I am having difficulty extracting what is and is not relevant from the
> iked.conf(5) man page, since this is new terminology to me.  I believe
> that the first example is most appropriate for my router
> configuration, adapted something like this:
>
> # candidate iked.conf
> set mobike
> user "test" "password123"
> ikev2 esp \
>   eap "mschap-v2" \
>   config dhcp-server 10.0.0.1
>
> The parts I'm confused on are the from/to and peer/local fields.
> Which pair describes the IPs of the tunnel endpoints, and which

peer/local

> describes the traffic allowed to flow through the tunnel?  I guess I

from/to

> don't know whether "IPsec flow" refers to the encapsulating ESP
> packets or the encapsulated traffic.

The "flow" is an SADB entry which matches traffic and selects it for
encapsulation. The addresses in a flow have to cover the packets sent
over the vpn.

Here's an iked example from my live config, it allows mobile clients to
connect and route all traffic over the VPN, assigning a dynamic address
from 192.168.47.160/27, with not-too-terrible ciphers for most typical
clients.

ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \
  local x.x.x.x \
  peer any \
  ikesa enc aes-256 enc aes-128  prf hmac-sha2-256               auth hmac-sha2-256  group ecp256 \
  ikesa enc aes-256 enc aes-128  prf hmac-sha2-256 prf hmac-sha1 auth hmac-sha2-256  group ecp256 group modp2048 group modp1024 \
  childsa enc aes-256-gcm enc aes-128-gcm \
  childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \
  srcid "my.host.name" \
  eap "mschap-v2" \
  config address 192.168.47.160/27 \
  config name-server x.x.x.x \
  tag "$name-$id"

include "/etc/iked.users"

If you have any Windows clients note that the default ciphers are
absolutely bloody useless, for the powershell snippets needed to fix
this see comments in https://github.com/trailofbits/algo/issues/9.
If you don't need to support Windows clients you can probably get
rid of hmac-sha1/group modp1024 and the non-gcm aes entries.

To actually route the traffic you'll need net.inet.ip.forwarding
set and depending on setup probably also a nat rule, maybe something
like

match out on egress from 192.168.47.160/27 nat-to (egress:0)


Reply | Threaded
Open this post in threaded view
|

Re: iked.conf basics

David Higgs
On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <[hidden email]> wrote:

> On 2018-05-31, David Higgs <[hidden email]> wrote:
>> I am looking to configure iked(8) on my OpenBSD router to provide
>> IPsec services to remote clients.  I would like to tunnel (nearly) all
>> my traffic from my phone or laptop back into my home router, and
>> leverage the services there (DNS, firewall, etc.), then either access
>> my local network or the rest of the internet.
>>
>> The parts I'm confused on are the from/to and peer/local fields.
>> Which pair describes the IPs of the tunnel endpoints, and which
>
> peer/local
>
>> describes the traffic allowed to flow through the tunnel?  I guess I
>
> from/to
>
>> don't know whether "IPsec flow" refers to the encapsulating ESP
>> packets or the encapsulated traffic.
>
> The "flow" is an SADB entry which matches traffic and selects it for
> encapsulation. The addresses in a flow have to cover the packets sent
> over the vpn.

Great, these hints got me moving in what seems like the right direction.

> Here's an iked example from my live config, it allows mobile clients to
> connect and route all traffic over the VPN, assigning a dynamic address
> from 192.168.47.160/27, with not-too-terrible ciphers for most typical
> clients.
>
> ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \
>   local x.x.x.x \
>   peer any \
>   ikesa enc aes-256 enc aes-128  prf hmac-sha2-256               auth hmac-sha2-256  group ecp256 \
>   ikesa enc aes-256 enc aes-128  prf hmac-sha2-256 prf hmac-sha1 auth hmac-sha2-256  group ecp256 group modp2048 group modp1024 \
>   childsa enc aes-256-gcm enc aes-128-gcm \
>   childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \
>   srcid "my.host.name" \
>   eap "mschap-v2" \
>   config address 192.168.47.160/27 \
>   config name-server x.x.x.x \
>   tag "$name-$id"
>
> include "/etc/iked.users"
>
> If you have any Windows clients note that the default ciphers are
> absolutely bloody useless, for the powershell snippets needed to fix
> this see comments in https://github.com/trailofbits/algo/issues/9.
> If you don't need to support Windows clients you can probably get
> rid of hmac-sha1/group modp1024 and the non-gcm aes entries.

This is only for iPhone / Mac clients at the moment.  I have attacked
configuration from several different angles and can't seem to get it
working.

# iked.conf
user "myuser" "mypassword"
set mobike
ikev2 "vpn" passive esp \
        from any to any \
        local $external_ip_addr peer any \
        srcid vpn.example.com \
        eap "mschap-v2" \
        config dhcp-server 10.0.128.1

# ikectl ca vpn create password ca-password # ca.example.com
# ikectl ikectl ca vpn certificate vpn.example.com create server
# ikectl ikectl ca vpn certificate client.example.com create client
# ikectl ca vpn install
# ikectl ca vpn certificate vpn.example.com install
# ikectl ca vpn certificate client.example.com export password client-password

I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and
export/client.example.com.pfx into my OS X and iPhone systems; with
the CA trusted, everything appears to be validating.  Only my
"vpn.example.com" is resolvable via DNS, but I used FQDNs for
everything except the "local" keyword in iked.conf (due to split-brain
DNS shenanigans).  I don't think this is the cause of my issues, but I
mention it just in case...

So with the PKI configured, I launch iked(8) with debugging and
tcpdump running, then attempt to enable the VPN:

# iked -vvd
ikev2 "vpn" passive esp inet from any to any local $external_ip_addr
peer any ikesa enc aes-256,aes-192,aes-128,3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes
536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1
/etc/iked.conf: loaded 2 configuration rules
ca_privkey_serialize: type RSA_KEY length 1194
ca_pubkey_serialize: type RSA_KEY length 270
config_new_user: inserting new user myuser
user "myuser" "mypassword"
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1194
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
config_getpolicy: received policy
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getmobike: mobike
ca_reload: loaded ca file ca.crt
ca_reload: loaded crl file ca.crl
ca_reload: .../CN=ca.example.com/...
ca_reload: loaded 1 ca certificate
ca_reload: loaded cert file vpn.example.com.crt
ca_validate_cert: .../CN=vpn.example.com/... ok
ca_reload: local cert type X509_CERT
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to
$external_ip_addr:500 policy 'vpn' id 0, 604 bytes
ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000
ikev2_policy2id: srcid FQDN/vpn.example.com length 12
ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x08 msgid 0 length 604 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000
$client_ip_addr:500
ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
encapsulation
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x46522d8f71571409
0x0000000000000000 $external_ip_addr:500
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
sa_state: INIT -> SA_INIT
ikev2_sa_negotiate: score 4
ikev2_sa_negotiate: score 0
ikev2_sa_negotiate: score 6
ikev2_sa_negotiate: score 18
ikev2_sa_negotiate: score 21
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
ikev2_sa_keys: DHSECRET with 256 bytes
ikev2_sa_keys: SKEYSEED with 32 bytes
ikev2_sa_keys: S with 64 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x46522d8f71571409
0x74cf2b5f05c0e26d $external_ip_addr:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x46522d8f71571409
0x74cf2b5f05c0e26d $client_ip_addr:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NONE
ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x20 msgid 0 length 457 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to
68.83.147.209:500 msgid 0, 457 bytes
config_free_proposals: free 0xc3b15a11900
config_free_proposals: free 0xc3bcaad6700
config_free_proposals: free 0xc3b178a2800
config_free_proposals: free 0xc3b15a11d00
config_free_proposals: free 0xc3bcaad6200

# tcpdump -s1600 -nvvvi em0 udp port 500
14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok]
isakmp v2.0 exchange IKE_SA_INIT
        cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604
        payload: SA len: 220
        payload: KE len: 264
        payload: NONCE len: 20
        payload: N len: 8
        payload: N len: 28
        payload: N len: 28
        payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632)
14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok]
isakmp v2.0 exchange IKE_SA_INIT
        cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457
        payload: SA len: 48
        payload: KE len: 264
        payload: NONCE len: 36
        payload: N len: 28
        payload: N len: 28
        payload: CERTREQ len: 25 (ttl 64, id 44025, len 485)

From my naive understanding, it looks like the client is being asked
for a certificate (CERTREQ), but decides not to or can't provide a
cert and just gives up.  I seem only able to configure my phone/laptop
to use either the client.example.com certificate OR username+password,
but not both.  FWIW, none of the other guides I've found on the
internet for configuring IKEv2 on Apple products mention importing the
server cert or a client keypair, just the CA certificate AFAICT.  Can
anyone help me decode what's going wrong?

Thanks again.

--david

Reply | Threaded
Open this post in threaded view
|

Re: iked.conf basics

David Higgs
On Fri, Jun 1, 2018 at 2:52 PM, David Higgs <[hidden email]> wrote:

> On Fri, Jun 1, 2018 at 4:09 AM, Stuart Henderson <[hidden email]> wrote:
>> On 2018-05-31, David Higgs <[hidden email]> wrote:
>>> I am looking to configure iked(8) on my OpenBSD router to provide
>>> IPsec services to remote clients.  I would like to tunnel (nearly) all
>>> my traffic from my phone or laptop back into my home router, and
>>> leverage the services there (DNS, firewall, etc.), then either access
>>> my local network or the rest of the internet.
>>>
>>> The parts I'm confused on are the from/to and peer/local fields.
>>> Which pair describes the IPs of the tunnel endpoints, and which
>>
>> peer/local
>>
>>> describes the traffic allowed to flow through the tunnel?  I guess I
>>
>> from/to
>>
>>> don't know whether "IPsec flow" refers to the encapsulating ESP
>>> packets or the encapsulated traffic.
>>
>> The "flow" is an SADB entry which matches traffic and selects it for
>> encapsulation. The addresses in a flow have to cover the packets sent
>> over the vpn.
>
> Great, these hints got me moving in what seems like the right direction.
>
>> Here's an iked example from my live config, it allows mobile clients to
>> connect and route all traffic over the VPN, assigning a dynamic address
>> from 192.168.47.160/27, with not-too-terrible ciphers for most typical
>> clients.
>>
>> ikev2 "vpn" passive esp from 0.0.0.0/0 to 0.0.0.0/0 \
>>   local x.x.x.x \
>>   peer any \
>>   ikesa enc aes-256 enc aes-128  prf hmac-sha2-256               auth hmac-sha2-256  group ecp256 \
>>   ikesa enc aes-256 enc aes-128  prf hmac-sha2-256 prf hmac-sha1 auth hmac-sha2-256  group ecp256 group modp2048 group modp1024 \
>>   childsa enc aes-256-gcm enc aes-128-gcm \
>>   childsa enc aes-256 enc aes-128 auth hmac-sha2-256 auth hmac-sha1 \
>>   srcid "my.host.name" \
>>   eap "mschap-v2" \
>>   config address 192.168.47.160/27 \
>>   config name-server x.x.x.x \
>>   tag "$name-$id"
>>
>> include "/etc/iked.users"
>>
>> If you have any Windows clients note that the default ciphers are
>> absolutely bloody useless, for the powershell snippets needed to fix
>> this see comments in https://github.com/trailofbits/algo/issues/9.
>> If you don't need to support Windows clients you can probably get
>> rid of hmac-sha1/group modp1024 and the non-gcm aes entries.
>
> This is only for iPhone / Mac clients at the moment.  I have attacked
> configuration from several different angles and can't seem to get it
> working.
>
> # iked.conf
> user "myuser" "mypassword"
> set mobike
> ikev2 "vpn" passive esp \
>         from any to any \
>         local $external_ip_addr peer any \
>         srcid vpn.example.com \
>         eap "mschap-v2" \
>         config dhcp-server 10.0.128.1
>
> # ikectl ca vpn create password ca-password # ca.example.com
> # ikectl ikectl ca vpn certificate vpn.example.com create server
> # ikectl ikectl ca vpn certificate client.example.com create client
> # ikectl ca vpn install
> # ikectl ca vpn certificate vpn.example.com install
> # ikectl ca vpn certificate client.example.com export password client-password
>
> I then copy and import ca/ca.crt, certs/vpn.example.com.crt, and
> export/client.example.com.pfx into my OS X and iPhone systems; with
> the CA trusted, everything appears to be validating.  Only my
> "vpn.example.com" is resolvable via DNS, but I used FQDNs for
> everything except the "local" keyword in iked.conf (due to split-brain
> DNS shenanigans).  I don't think this is the cause of my issues, but I
> mention it just in case...
>
> So with the PKI configured, I launch iked(8) with debugging and
> tcpdump running, then attempt to enable the VPN:
>
> # iked -vvd
> ikev2 "vpn" passive esp inet from any to any local $external_ip_addr
> peer any ikesa enc aes-256,aes-192,aes-128,3des prf
> hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
> modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
> hmac-sha2-256,hmac-sha1 srcid vpn.example.com lifetime 10800 bytes
> 536870912 eap "MSCHAP_V2" config dhcp-server 10.0.128.1
> /etc/iked.conf: loaded 2 configuration rules
> ca_privkey_serialize: type RSA_KEY length 1194
> ca_pubkey_serialize: type RSA_KEY length 270
> config_new_user: inserting new user myuser
> user "myuser" "mypassword"
> ca_privkey_to_method: type RSA_KEY method RSA_SIG
> ca_getkey: received private key type RSA_KEY length 1194
> ca_getkey: received public key type RSA_KEY length 270
> ca_dispatch_parent: config reset
> config_getpolicy: received policy
> config_getpfkey: received pfkey fd 3
> config_getcompile: compilation done
> config_getsocket: received socket fd 4
> config_getsocket: received socket fd 5
> config_getsocket: received socket fd 6
> config_getsocket: received socket fd 7
> config_getmobike: mobike
> ca_reload: loaded ca file ca.crt
> ca_reload: loaded crl file ca.crl
> ca_reload: .../CN=ca.example.com/...
> ca_reload: loaded 1 ca certificate
> ca_reload: loaded cert file vpn.example.com.crt
> ca_validate_cert: .../CN=vpn.example.com/... ok
> ca_reload: local cert type X509_CERT
> config_getocsp: ocsp_url none
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> ikev2_recv: IKE_SA_INIT request from initiator $client_ip_addr:500 to
> $external_ip_addr:500 policy 'vpn' id 0, 604 bytes
> ikev2_recv: ispi 0x46522d8f71571409 rspi 0x0000000000000000
> ikev2_policy2id: srcid FQDN/vpn.example.com length 12
> ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
> 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
> flags 0x08 msgid 0 length 604 response 0
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536
> ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
> ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
> ikev2_pld_ke: dh group MODP_2048 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_nat_detection: peer source 0x46522d8f71571409 0x0000000000000000
> $client_ip_addr:500
> ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
> encapsulation
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> ikev2_nat_detection: peer destination 0x46522d8f71571409
> 0x0000000000000000 $external_ip_addr:500
> ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
> ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> sa_state: INIT -> SA_INIT
> ikev2_sa_negotiate: score 4
> ikev2_sa_negotiate: score 0
> ikev2_sa_negotiate: score 6
> ikev2_sa_negotiate: score 18
> ikev2_sa_negotiate: score 21
> sa_stateok: SA_INIT flags 0x0000, require 0x0000
> sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> ikev2_sa_keys: DHSECRET with 256 bytes
> ikev2_sa_keys: SKEYSEED with 32 bytes
> ikev2_sa_keys: S with 64 bytes
> ikev2_prfplus: T1 with 32 bytes
> ikev2_prfplus: T2 with 32 bytes
> ikev2_prfplus: T3 with 32 bytes
> ikev2_prfplus: T4 with 32 bytes
> ikev2_prfplus: T5 with 32 bytes
> ikev2_prfplus: T6 with 32 bytes
> ikev2_prfplus: T7 with 32 bytes
> ikev2_prfplus: Tn with 224 bytes
> ikev2_sa_keys: SK_d with 32 bytes
> ikev2_sa_keys: SK_ai with 32 bytes
> ikev2_sa_keys: SK_ar with 32 bytes
> ikev2_sa_keys: SK_ei with 32 bytes
> ikev2_sa_keys: SK_er with 32 bytes
> ikev2_sa_keys: SK_pi with 32 bytes
> ikev2_sa_keys: SK_pr with 32 bytes
> ikev2_add_proposals: length 44
> ikev2_next_payload: length 48 nextpayload KE
> ikev2_next_payload: length 264 nextpayload NONCE
> ikev2_next_payload: length 36 nextpayload NOTIFY
> ikev2_nat_detection: local source 0x46522d8f71571409
> 0x74cf2b5f05c0e26d $external_ip_addr:500
> ikev2_next_payload: length 28 nextpayload NOTIFY
> ikev2_nat_detection: local destination 0x46522d8f71571409
> 0x74cf2b5f05c0e26d $client_ip_addr:500
> ikev2_next_payload: length 28 nextpayload CERTREQ
> ikev2_add_certreq: type X509_CERT length 21
> ikev2_next_payload: length 25 nextpayload NONE
> ikev2_pld_parse: header ispi 0x46522d8f71571409 rspi
> 0x74cf2b5f05c0e26d nextpayload SA version 0x20 exchange IKE_SA_INIT
> flags 0x20 msgid 0 length 457 response 1
> ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
> ikev2_pld_ke: dh group MODP_2048 reserved 0
> ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25
> ikev2_pld_certreq: type X509_CERT length 20
> ikev2_msg_send: IKE_SA_INIT response from 69.251.76.50:500 to
> 68.83.147.209:500 msgid 0, 457 bytes
> config_free_proposals: free 0xc3b15a11900
> config_free_proposals: free 0xc3bcaad6700
> config_free_proposals: free 0xc3b178a2800
> config_free_proposals: free 0xc3b15a11d00
> config_free_proposals: free 0xc3bcaad6200
>
> # tcpdump -s1600 -nvvvi em0 udp port 500
> 14:10:43.817658 68.83.147.209.500 > 69.251.76.50.500: [udp sum ok]
> isakmp v2.0 exchange IKE_SA_INIT
>         cookie: 23989e8da6aceb82->0000000000000000 msgid: 00000000 len: 604
>         payload: SA len: 220
>         payload: KE len: 264
>         payload: NONCE len: 20
>         payload: N len: 8
>         payload: N len: 28
>         payload: N len: 28
>         payload: N len: 8 [tos 0x20] (ttl 54, id 11728, len 632)
> 14:10:43.907535 69.251.76.50.500 > 68.83.147.209.500: [udp sum ok]
> isakmp v2.0 exchange IKE_SA_INIT
>         cookie: 23989e8da6aceb82->5803d5f20fcc4e08 msgid: 00000000 len: 457
>         payload: SA len: 48
>         payload: KE len: 264
>         payload: NONCE len: 36
>         payload: N len: 28
>         payload: N len: 28
>         payload: CERTREQ len: 25 (ttl 64, id 44025, len 485)
>
> From my naive understanding, it looks like the client is being asked
> for a certificate (CERTREQ), but decides not to or can't provide a
> cert and just gives up.  I seem only able to configure my phone/laptop
> to use either the client.example.com certificate OR username+password,
> but not both.  FWIW, none of the other guides I've found on the
> internet for configuring IKEv2 on Apple products mention importing the
> server cert or a client keypair, just the CA certificate AFAICT.  Can
> anyone help me decode what's going wrong?

Whelp, client/service config mismatch error.  I'm blocking port 4500,
hadn't disabled NAT-T in iked(8), and wasn't watching the icmp
replies.

Will happily accept any other non-obvious critiques as I continue to
troubleshoot.

Thanks.

--david