EoIP with higher IPSec Security

n4p · Sat Apr 14, 2018 6:21 pm

Hi there,
i wanna ask if there is an idea in the future to made it possible that i can select which sha or aes i will use?

Currently there is only sha1 and aes128 available, but sha1 is already known as vulnerable.

So currently there is only one way to fix this, you had to setup an ipsec tunnel and then the eoip trough it.
And thats a little bit boring if you had so much tunnels as i have.

Thanks!

doneware · Sun Apr 15, 2018 2:46 pm

i suppose you can tweak the default proposal template to have more secure encryption and hash algorithms.

the default is:

[me@cloudtik] /ip ipsec proposal> print 
Flags: X - disabled, * - default 
 0  * name="default" auth-algorithms=sha1 enc-algorithms=aes-128-cbc lifetime=30m pfs-group=modp1024

i highly encourage the usage of proper DH groups for perfect forward secrecy. Group 14 (modp2048) is considered as minimum, and one shall be rather using elliptic curve ones (group19+).
with regards to hashing, i'll say SHA256 (or SHA512) for phase 1, and use aes256 at least.

with regards to the peer section, you don't seem to have much alternatives than manually configuring your all your peers.
the defaults are as you said (aes128/3des and sha1) and i see no knob to control this. this is extremely unpleasant as phase1 is very important, if someone breaks into that, then you are screwed.
luckily we have modp2048 (group14) as default PFS setting here:

[me@cloudtik] /ip ipsec peer> export 
# apr/15/2018 13:42:42 by RouterOS 6.41.4
# software id = KTQF-XXXX
#
#
#
/ip ipsec peer
add
[me@cloudtik] /ip ipsec peer> export verbose 
# apr/15/2018 13:42:46 by RouterOS 6.41.4
# software id = KTQF-XXXX
#
#
#
/ip ipsec peer
add address=::/0 auth-method=pre-shared-key dh-group=modp2048,modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifetime=1d nat-traversal=yes \
    policy-template-group=default proposal-check=obey secret="" send-initial-contact=yes

doneware · Sun Apr 15, 2018 2:58 pm

just did a short test in the labs:

[me@cloudtik] /ip ipsec policy> /interface eoip print detail 
Flags: X - disabled, R - running 
 0  R name="eoip1" mtu=auto actual-mtu=1388 l2mtu=65535 mac-address=FE:18:5E:B0:C2:49 arp=enabled arp-timeout=auto loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m local-address=31.46.40.89 
      remote-address=31.46.40.79 tunnel-id=666 keepalive=1s,4 dscp=inherit clamp-tcp-mss=yes dont-fragment=no ipsec-secret="thisisthetest" allow-fast-path=no 

[me@cloudtik] /ip ipsec policy> print detail 
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 
 0 T * group=default src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=default template=yes 

 1  DA  ;;; eoip1
       src-address=31.46.40.89/32 src-port=any dst-address=31.46.40.79/32 dst-port=any protocol=gre action=encrypt level=require ipsec-protocols=esp tunnel=no proposal=default ph2-count=2

as the dynamically created policy is using the "default" proposal, it is indeed running on more secure parameters:

[me@cloudtik] /ip ipsec> installed-sa print detail 
Flags: H - hw-aead, A - AH, E - ESP 
 0  E spi=0x7E6D54E src-address=31.46.40.79 dst-address=31.46.40.89 state=mature auth-algorithm=sha512 enc-algorithm=aes-cbc enc-key-size=256 
      auth-key="0933dzzzzeca0809a994zzzz959f6c884a1d4b463a5c7e558a72080184bf5c579674598df64e794919a2115b520cf838ed7c7321467191f89688266f4d1f937e" enc-key="1e8695zzzzzc5b000756e97dzzzzzz527d4eb149fa912224e512b8bdc703f685" add-lifetime=24m/30m 
      replay=128 

 1  E spi=0xD9D2A5B src-address=31.46.40.89 dst-address=31.46.40.79 state=mature auth-algorithm=sha512 enc-algorithm=aes-cbc enc-key-size=256 
      auth-key="0933dzzzzeca0809a994zzzz959f6c884a1d4b463a5c7e558a72080184bf5c579674598df64e794919a2115b520cf838ed7c7321467191f89688266f4d1f937e" enc-key="1e8695zzzzzc5b000756e97dzzzzzz527d4eb149fa912224e512b8bdc703f685" 
      addtime=apr/15/2018 13:51:54 expires-in=22m28s add-lifetime=24m/30m current-bytes=8 current-packets=1 replay=128

but the dynamic peer config (responsible for phase1) is the "hard coded" default as i suggested:

[me@cloudtik] /ip ipsec> peer print detail 
Flags: X - disabled, D - dynamic, R - responder 
 0  D  ;;; eoip1
       address=31.46.40.79/32 local-address=31.46.40.89 auth-method=pre-shared-key secret="thisisthetest" generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes nat-traversal=yes proposal-check=obey 
       hash-algorithm=sha1 enc-algorithm=aes-128,3des dh-group=modp2048,modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5

doneware · Sun Apr 15, 2018 3:12 pm

all in all, i'd like to see the following option in IPSec-capable routerOS interfaces (and servers):

- ipsec-peer-template=default

[me@cloudtik] /interface eoip> print 
Flags: X - disabled, R - running 
0 R name="eoip1" mtu=auto actual-mtu=1388 l2mtu=65535 mac-address=FE:18:5E:B0:C2:49 arp=enabled arp-timeout=auto 
    loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m 
    local-address=31.46.40.89 remote-address=31.46.40.79 tunnel-id=666 keepalive=1s,4 dscp=inherit 
    clamp-tcp-mss=yes dont-fragment=no ipsec-secret="thisisthetest" allow-fast-path=no
    ipsec-peer-template=default

then the dynamic ipsec configuration would be done based on these.
so the initial configuration in routeros should look like this:

/ip ipsec peer template 
add default local-address::/0 remote-address=::/0 auth-method=pre-shared-key secret="" exchange-mode=main \
policy-template-group=default nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-128,3des \
dh-group=modp2048,modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5

so we could tweak all phase1 parameters in dynamic sessions, even certificate-based auth would be possible, and by setting "policy-template-group" to an user defined one we could also have control over phase2 parameters. but it would not break existing "not so secure" peers.

this should apply to:
- gre
- eoip
- ipip
- l2tp-client
- l2tp-server

and of course their v6 capable counterparts.

n4p · Sun Apr 15, 2018 7:33 pm

Yeah it would be really nice if this feature would be added, because i had to configure a lot of tunnels by hand. If it would be implementet that i can chose the profile, i didn't need to configure for each peer a seperat ipsec tunnel and can use eoip with secret.

Or is there any other way that the Eoip Tunnel did not chose the default configuration? Or can i adjust the default and optimize it?

It's really poor for me now

n4p · Wed Jul 04, 2018 7:25 pm

Hi there,
any news about eoip with generating automated the ipsec tunnel with more than sha1 and aes128? Or do i still need to do this by hand?

kind regards

pe1chl · Wed Jul 04, 2018 7:40 pm

When you think that your data is so secret and important that aes128 is nog good enough for you, it should not be too much effort to manually configure IPsec.
It is quite easy, just setup with automatic IPsec first, then copy the generated IPsec setup and change it to your liking and remove the automatic IPsec.
In fact, when you are so concerned about Phase1 security, it is probably a good idea to instead look at your firewall rules so ISAKMP is only allowed from your peer(s).

EoIP with higher IPSec Security

EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Re: EoIP with higher IPSec Security

Who is online