原文链接:Configuring more than one Main-Mode Pre-Shared Key (PSK) *dialup* IPSec phase1

可能需要梯子来翻过高墙。文章内容如下:

Technical Note :

Configuring more than one Main-Mode Pre-Shared Key (PSK) *dialup* IPSec phase1 on a Fortigate

Description

This article explains a limitation inherent to IKE when trying to configure multiple IPSec phase1 in Pre-Shared Key (PSK) mode.

If you configure more than one *dialup* phase1 in Main Mode PSK on the same FortiGate port (IP),  then the same phase1 will always be matched by ALL dialers. The error will show up in the third Main Mode round (authentication) as per the example below :

2009-11-04 16:00:00 device_id=FGTxxx  log_id=0101023003 type=event subtype=ipsec pri=error loc_ip=aa.bb.cc.dd loc_port=500 rem_ip=ee.ff.gg.hh rem_port=500 out_if="wan1" vpn_tunnel="branchOffice" cookies=asd2345sdf4sdf345 action=negotiate status=negotiate_error msg="Negotiate SA Error: probable pre-shared secret mismatch"

When multiple *dialup* Main Mode PSK phase1 exist, IKE has no way to know which phase1 must be matched upon receipt of the first main mode packet :

  • the source IP (dialer's IP) cannot be used as a distinguisher (any source IP is allowed for dialup phase1)
  • the destination IP (FGT's IP) cannot be used as a distinguisher (we have assumed that all dialup phase1 were bound to the same FGT IP)
  • there isn't any payload in the first Main Mode packet which would allow to select a specific phase1

Consequently, the first phase1 in IKE internal list is always matched.
This is not a FortiOS limitation

The PSK itself is part of the phase1 root key (SKEYID) calculation.
This root key is then derived into two keys (SKEYID_e, SKEYID_a) which are used for the phase1 encryption and authentication.
Phase1 keys are therefore dependent on the PSK.

When the phase1 initiator sends the MI3 message (fifth Main Mode message) it is protected with its locally calculated SKEYID_e/SKEYID_a. If the phase1 which was chosen by the responder is not the correct one, then SKEYID_e and SKEYID_a on the responder are different from those on the initiator therefore leading to a failure ('probable PSK mismatch' in the 'debug ike') because the responder is unable to decipher the initiator's packet.

Scope

All FortiOS

Solution

To work around this Main Mode PSK limitation for multiple dialup connections :

  • use aggressive mode with ID (ID is sent in clear text in the first Aggressive Mode message and can therefore be used by the responder to select the correct phase1)
  • use Main Mode with RSASIG

Main Mode RSASIG doesn't suffer this limitation and still offers ID protection :
Upon receipt of the first Main Mode message, the IKE responder picks up the first dialup Main Mode RSASIG phase1 in its list. If it is not the correct phase1, it is not an issue.
When MI3 message will reach the IKE responder, it will be able to authenticate and to decipher it because SKEYID_a/e keys don't depend on the phase1 specification (the root SKEYID is based on payloads that were exchanged between each peer (nonces) and on the Diffie-Hellman private shared key that was locally computed by each peer).
Once the MI3 message is decrypted, the IKE responder finally knows the ID of the initiator (which by default is the DN of the initiator certificate) and can therefore "fallback" to the correct phase1 if needed.

IKE~多预共享密钥问题~解决方案的更多相关文章

  1. “IPSec 共享密钥”丢失。

    “IPSec 共享密钥”丢失.请验证您的设置并尝试重新连接. 但是这个vpn原来使用时不需要配置 共享的密钥,而且我也没有这个共享的密钥, 搜了下Mac OSX可以修改配置来绕过它. 在/etc/pp ...

  2. wstngfw openVpn站点到站点连接示例(共享密钥)

    wstngfw openVpn站点到站点连接示例(共享密钥) 在本例中,将假设以下设置: 站点 A 站点 B 名称 Beijing Office(北京办公室) 名称 Shenzheng Office( ...

  3. Wifi 开放系统认证和共享密钥身份认证

    记录开放系统认证和共享密钥认证的区别. 开放系统身份认证(open-systern authentication) 是802.11 要求必备的惟一方式. 由行动式工作站所发出的第一个帧被归类为auth ...

  4. 多Web服务器之间共享Session的解决方案

    一.提出问题: 为了满足足够大的应用,满足更多的客户,于是我们架设了N台Web服务器(N>=2),在多台Web服务器的情况下,我们会涉及到一个问题:用户登陆一台服务器以后,如果在跨越到另一台服务 ...

  5. IE保护模式下ActiveX控件打不开共享内存的解决方案

    原文:http://www.cppblog.com/Streamlet/archive/2012/10/25/193831.html 感谢溪流漫话的投递 IE保护模式下,ActiveX控件会打不开别的 ...

  6. 集群下session共享问题的解决方案.

    这一篇博客来讲解下babasport这个项目中使用的Login功能, 当然这里说的只是其中的一些简单的部分, 记录在此 方便以后查阅. 一: 去登录页面首先我们登录需要注意的事项是, 当用户点击登录按 ...

  7. 多线程并行请求问题及SplashActivity预加载问题解决方案

    1. 问题描述(一): 现有3个线程thread1, thread2, thread3.这3个线程是并发执行的,当着3个线程都执行完成以后,需要执行一个finish()事件. 1.1 实现方法: /* ...

  8. CRM 数据密钥 忘记 解决方案

    UPDATE EmailServerProfile SET IncomingPassword=nullUPDATE EmailServerProfile SET OutgoingPassword=nu ...

  9. 相同根域名下跨域共享session的解决方案

    https://code.msdn.microsoft.com/CSASPNETShareSessionBetween-021daa39

随机推荐

  1. DS1515+

    DS1515+ 2021年05月02日 0 2.4k aahk   DS1515+ 2021年05月02日 这篇文章用于记录.改进.提高.分享我在使用群晖DS1515+网络存储服务器过程中的具体操作. ...

  2. 工具idea 基于maven 创建springMVC项目

    SpringMVC Spring MVC是Spring提供的一个强大而灵活的web框架.借助于注解,Spring MVC提供了几乎是POJO的开发模式,使得控制器的开发和测试更加简单.这些控制器一般不 ...

  3. 身边好几个技术一般的程序员都面上了,阿里P7门槛降低?

    经常在网上的论坛里看到讨论程序员的级别,尤其在跳槽类的信息里可以看到对标阿里P7,百度T6,腾讯3.1等字眼,似乎大厂的级别俨然可以成为业内的通用货币,类似于高考分数一样,哪一档就对应着什么样的待遇. ...

  4. SpringBoot开发二十-私信列表

    私信列表功能开发. 发送私信功能开发 首先创建一个实体类:Message package com.nowcoder.community.entity; import java.util.Date; p ...

  5. 22javascript笔记(2)

    JavaScript 1.js事件和作用域 js事件:html页面中每一个元素都可以产生某些触发js函数的事件.这些事件是可以被js侦测到的一种行为,并且js程序能应对这些事件. 常见的html事件 ...

  6. 附件携马之CS免杀shellcode过国内主流杀软

    0x01 写在前面 其实去年已经写过类似的文章,但是久没用了,难免有些生疏.所谓温故而知新,因此再详细的记录一下,一方面可以给各位看官做个分享,另一方面等到用时也不至于出现临阵磨枪的尴尬场面. 0x0 ...

  7. MySQL Mac 终端环境变量配置

    MySQL Mac 终端环境变量配置 这里安装的是mysql-8.0.26-macos11-x86_64,M1Mac,原本打算安装arm64版本,但一直安装不了,就装了x86版本 安装完成MySQL之 ...

  8. Nikitosh 和异或

    题面 设 \(l_{i}\) 为以 \(i\) 为结尾的区间中最大的一段异或值,\(r_{i}\) 为以 \(i\) 为开头的区间中最大的一段异或值. 则有 \[l_{i}=\max\left(l[i ...

  9. 题解 [JXOI2012]奇怪的道路

    考场上我坚持认为这是个组合数题... 看到\(k\leq8\)我想状压来着,但是不知道怎么压 实际上,对于点i和点j的连边(\(j\in[i-k, i-1]\))只有连或不连两种状态 而如果i与比j编 ...

  10. MySQL自动填充

    一.数据库级别 1.1 表设计 create_time默认值添加CURRENT_TIMESTAMP. update_time默认值添加CURRENT_TIMESTAMP,更新打勾. 1.2 验证是否成 ...