In this article, we will focus on decrypting IPsec traffic between a Cisco router and a Strongswan IPsec VPN solution. Most of network vendors do not provide materials for decrypting IPsec protocols. Unlike other vendors, Strongswan, which is a multiplatform IPsec implementation, supplies these materials.
We will implement the topology below. The Strongswan and the Cisco router will act as IPsec gateways. The traffic between Site1 and Site2 will be encrypted by IPsec.
Configuring Strongswan
We will create a simple IPsec configuration on the Strongswan.
Step-1: Install Strongswan with the command below.
apt install strongswan
Step-2: Add two network adapters eth1, eth2 and configure their ip addresses like below.
┌──(root💀kali)-[/home/kali] └─# ifconfig eth1 192.168.20.1 netmask 255.255.255.0 up ┌──(root💀kali)-[/home/kali] └─# ifconfig eth2 192.168.10.2 netmask 255.255.255.0 up
Step-3: Enable routing and add the Site1 and Site2 routes into the routing table with commands below and then verify them.
┌──(root💀kali)-[/home/kali] └─# echo 1 > /proc/sys/net/ipv4/ip_forward ┌──(root💀kali)-[/home/kali] └─# route add -net 2.2.2.2 netmask 255.255.255.255 gw 192.168.20.2 ┌──(root💀kali)-[/home/kali] └─# route add -net 1.1.1.1 netmask 255.255.255.255 gw 192.168.10.1 ┌──(root💀kali)-[/home/kali] └─# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 1.1.1.1 192.168.10.1 255.255.255.255 UGH 0 0 0 eth2 2.2.2.2 192.168.20.2 255.255.255.255 UGH 0 0 0 eth1 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Step-4: Open /etc/ipsec.conf file which stores the configuration (policies) for ISAKMP and ESP. Beside that do not forget enabling IKE1 debugging, which will provide Initiator COOKIE (Initiator SPI) and encryption key. We will use these parameters to decrypt ISAKMP tunnel. The traffic between 1.1.1.1 and 2.2.2.2 hosts will be encrypted.
config setup strictcrlpolicy=yes uniqueids = yes charondebug="ike 1" conn %default conn Strongswan-to-Cisco left=192.168.20.1 leftsubnet=1.1.1.1/32 right=192.168.20.2 rightsubnet=2.2.2.2/32 authby=secret keyexchange=ikev1 ike=aes-sha2_256-modp1024! esp=aes256-sha2_256! lifetime=8h ikelifetime=1h auto=start
Step-5: Add the pre-shared key and IPsec gateways to /etc/ipsec.secrets file.
192.168.20.1 192.168.20.2 : PSK "celaldogan"
Step-6: After basic configuration and enabling debugging, we need to set the log file path, configuring /etc/strongswan.conf like below. All the debug logs, including ISAKMP encryption key will be stored in the charon.log file.
$ cat /etc/strongswan.conf charon { load_modular = yes filelog { charon { path = /home/kali/charon.log time_format = %b %e %T append = no ike_name = yes default = 4 flush_line = yes } stderr { ike = 1 ike = 2 ike = 4 knl = 3 } } plugins { include strongswan.d/charon/*.conf } } include strongswan.d/*.conf
Step-7: Start Strongswan with the command below.
┌──(root💀kali)-[/home/kali]
└─# systemctl start ipsec
Configuring the sites and the other IPsec peer
Step-1: Configuring Site1 is pretty straightforward. It does not require a complex design except assigning IP address to 2 interfaces and inserting the route to Site2 (2.2.2.2).
! hostname Site1 ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 speed auto duplex auto ! ip route 2.2.2.2 255.255.255.255 192.168.10.2 name Route-->2.2.2.2 !
Step-2: Configuring the Site2 is almost identical to Site1. Following shows the configuration.
! hostname Site2 ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.30.1 255.255.255.0 speed auto duplex auto ! ip route 1.1.1.1 255.255.255.255 192.168.30.2 name Route-->1.1.1.1
Step-3: Configuring IPsec_Gateway is more complex compared to Site1 and Site2. First thing first, we will assign IP addresses to the interfaces and add the relevant static routes to the routing table. After achieving basic connectivity, we need to define ISAKMP proposals (SA) with “crypto isakmp policy”. These parameters will be offered to the other IPsec peer in IPsec Main Mode (Phase1). We also define a pre-shared key for authentication with “crypto isakmp key...” command. After passing Main Mode, the peer will propose its IPsec Security Association (SA) to the other peer. We specify those parameters with a transformset. Next, we define an ACL to select the interesting traffic, which will be encrypted. Last but not least, we associate these configurations under a crypto map and apply it to the outgoing interface.
! hostname IPSec_Gateway ! ! crypto isakmp policy 10 encr aes hash sha256 authentication pre-share group 2 crypto isakmp key celaldogan address 192.168.20.1 ! ! crypto ipsec transform-set VPN_TS esp-aes 256 esp-sha256-hmac mode tunnel ! ! ! crypto map VPN_CMAP 10 ipsec-isakmp set peer 192.168.20.1 set transform-set VPN_TS match address VPN_TRAFFIC ! ! interface FastEthernet0/0 ip address 192.168.20.2 255.255.255.0 speed auto duplex auto crypto map VPN_CMAP ! interface FastEthernet0/1 ip address 192.168.30.2 255.255.255.0 speed auto duplex auto ! ip route 1.1.1.1 255.255.255.255 192.168.20.1 name Route-->1.1.1.1 ip route 2.2.2.2 255.255.255.255 192.168.30.1 name Route-->2.2.2.2 ! ip access-list extended VPN_TRAFFIC permit ip host 2.2.2.2 host 1.1.1.1 !
Extracting decryption materials for ISAKMP protocol from charon.log file
Step-1: The debug logs are stored in charon.log file. We need two parameters for decryption: Initiator’s COOKIE (SPI) and Encryption Key. Following screenshots show how to find the parameters.
After applying this command, it will bring the Initiator’s COOKIE (SPI).
Open the log file with your preferred text editor and find “encryption key”. As seen below, my encryption key is 16 bytes. Take a note of both of the parameters and open your trace file with Wireshark.
Step-2: At this point, we have the information we need, now it is time to feed Wireshark with that information from Edit → Preferences → Protocols → ISAKMP → IKEv1 Decryption Table: as shown below.
Step-3: Click OK buttons to decrypt the ISAKMP traffic. Following screenshots show before and after decryption for one packet in the Quick Mode (Phase2). In the Phase2, all data is encrypted between peers. After decrypting the traffic, we can see the packet carries the IPsec SA proposal.
Obtaining decryption materials for ESP protocol
ESP is used to encrypt and authenticate data packets. We pinged from Site2 to Site1 (2.2.2.2 → 1.1.1.1) to create some traffic between IPsec peers. That traffic will be decrypted with correct IPsec key materials.
Step-1: Unlike ISAKMP ICOOKIE and encryption key, the keys used for ESP tunnel are not stored in the charon.log file. We will obtain that information with applying “ip xfrm state” command as below. SPI, authentication and encryption keys are different for each direction.
┌──(root💀kali)-[/home/kali] └─# ip xfrm state src 192.168.20.1 dst 192.168.20.2 proto esp spi 0x37f519a9 reqid 1 mode tunnel replay-window 0 flag af-unspec auth-trunc hmac(sha256) 0x15bb2bc4d1e08c3d65283550c7d9da1cd64ad99ff6e7110a84e6fb514391e3bd 128 enc cbc(aes) 0x65f67f38e75083c40995f34a09dc2dbbb882600ee70d4e1b8526527d805a44d4 anti-replay context: seq 0x0, oseq 0x4, bitmap 0x00000000 src 192.168.20.2 dst 192.168.20.1 proto esp spi 0xc9eb5901 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha256) 0x29e423a1091f4a32f04b7e93a0fc7737b1f62564b3c62a932a389f7c9215f57d 128 enc cbc(aes) 0xae8aa15b6d514931a3db6a8a9354d2bb6c8b3e9ea1fbce813ca0276adab9888f anti-replay context: seq 0x4, oseq 0x0, bitmap 0x0000000f
Step-2: Open Edit → Preferences → Protocols → ESP menu like below. After filling the menu correctly, Wireshark will decrypt the ESP payload in clear text.
Step-3: After feeding Wireshark with correct decryption materials, it deciphers and shows the actual data in clear text. Following screenshots show before and after decryption.
Final thoughts
Troubleshooting IPsec issues is not easy. Beside debugging, decrypting ISAKMP and ESP can help to identify and fix the issues.
References
https://www.blackhole-networks.com/IKE_Modes/ikev1-quick.html
https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SitetoSiteVPN_AdminGuide/Topics-VPNSG/IPsec-and-IKE.htm?TocPath=IPsec%20and%20IKE%7C_____0
https://support.sophos.com/support/s/article/KB-000034339?language=en_US
https://www.xinux.net/index.php/Strongswan_loglevel
https://osqa-ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets/