1

I got access to a VPN via IPsec and IKEv2. The provider gave me a username, a shared secret and a server certificate. Since the certificate was self-signed, the manual came with specific instructions on how to install it.

The manual also states, that you should remove the certificate file after import (in order that noone else can also import it). That sounded odd, since the file is the public key. So it is only used to verify the integrity of the server. So I thought, how can we connect to the server without having the certificate?

Since I did not find any option to disable the server certificate validation on neither Windows nor macOS, how hard is it to download the certificate and import it?

For HTTPS/SSL, such a file is send over the wire for every connection in plaintext, because SSL verifys the server first and encrypts afterwards. IKEv2 first opens an encrypted channel using DH-Key Exchange and then verifies the server certificate. Since the certificate file is encrypted before transmitting, you cannot grab it from Wireshark.

A google search didn't yield any results, so my questions are:

  • How hard is it to download the certificate via IKEv2?
  • In case a tool for that already exists, can you post a reference to it?
  • In case there is no ready to use tool, how long would a programmer need to write one?1

1: The tool doesn't need to be perfect, it just needs to download the certificate from one specific server. The imagined programmer has some years of experience but has not written any VPN stuff.

Improve this question

1 Answer 1

Reset to default
2
  • How hard is it to download the certificate via IKEv2?

That depends on the server's configuration and the type of client authentication.

If the client has the server certificate installed and trusts it, the server technically doesn't have to send it. The client will just use the local certificate that matches the server's IKE identity to verify the signature in the AUTH payload.

If the server is not configured to omit the certificate, certain authentication methods will prevent attackers from retrieving the certificate. With both certificate and pre-shared key authentication the client will be authenticated first. The server will just respond with an AUTHENTICATION_FAILED error notify if the client authentication isn't successful.

Only with EAP authentication (e.g. username/password via EAP-MSCHAPv2, or certificate via EAP-TLS) is the server authenticated before the client (the client will not send an AUTH or CERT payload in the IKE_AUTH request, but the server will send both in its first response).

  • In case a tool for that already exists, can you post a reference to it?
  • In case there is no ready to use tool, how long would a programmer need to write one?

I don't know of a tool for this specific use case. But e.g. strongSwan's charon-cmd command-line IKE client could be used with increased log levels to dump the server certificate. Another option would be to get the IKE keys (either via log or save-keys plugin) and use Wireshark to decrypt the IKE_AUTH response and extract the certificate from there.

Improve this answer
1
  • Hey, thanks for your answer! I really appreciate it. Before asking I already read into the RFC, but didn't knew about the first case. The server I was using, is configured to use EAP authentication. Therefore I could always see a packet roughly the size of the certificate that wireshark was unable to decode. I will wait and see if there is another answer and mark one as accepted tomorrow
    – rollstuhlfahrer
    Commented May 20, 2019 at 14:09

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .