4 Virtual Private Networks

4.6 Internet Key Exchange (IKE)

• Security association (SA)
• IKE phase 1 - main mode
• IKE phase 1 - aggressive mode
• Man-in-the-middle attacks on aggressive mode
• IPsec ID types
• ISAKMP and IPsec security associations
• IKE phase 2 – quick mode
• Perfect forward secrecy (PFS)
• IPsec configuration example
• The new standard – IKEv2
• IKE_SA_INIT / IKE_AUTH request/response pairs
• CREATE_CHILD_SA request/response pair
4.7 VPN Applications
• Site-to-site and remote access tunnels
• Windows 7 / Linux strongSwan VPN clients
4.8 VPN Features
• Extended authentication (XAUTH / EAP)
• Configuration payload
• NAT traversal (ESP-in-UDP encapsulation)
• Dead peer detection

1
2
3
4
5
6
7
8
9
SA1i Suite of cryptographic proposals for the IKE SA
KEi Initiatior public factor for the Diffie-Hellman Key Exchange
Ni Initiator Nonce

SA1r Selection of a cryptographic proposal for the IKE SA

KEr Responder public factor for the Diffie-Hellman Key Exchange
Nr Responder Nonce

IDi Initiator ID
Certi Initiator Certificate (optional)
IDr Desired Responder ID (optional)
Authi Initiator Authentication (RSA, PSK, or EAP)
SA2i Suite of cryptographic proposals for the Child SA (ESP and/or AH)
TSi Initiator Traffic Selectors (subnets behind the Initiator)
TSr Responder Traffic Selectors (subnets behind the Responder)

IDr Responder ID
Certr Responder Certificate (optional)
Authr Responder Authentication (RSA, PSK, or EAP)
SA2r Selection of a cryptographic proposal for the Child SA (ESP and/or AH)
TSi Initiator Traffic Selectors (subnets behind the Initiator, optional narrowing)
TSr Responder Traffic Selectors (subnets behind the Responder, optional narrowing)

10
11
N Rekeying Notification (optional)
SAi Suite of cryptographic proposals for the Child SA (ESP and/or AH)
Ni Initiator Nonce
KEi Initiatior public factor for the Diffie-Hellman Key Exchange (optional PFS)
TSi Initiator Traffic Selectors (subnets behind the Initiator)
TSr Responder Traffic Selectors (subnets behind the Responder

SA1r Selection of a cryptographic proposal for the IKE SA

Nr Responder Nonce
KEr Responder public factor for the Diffie-Hellman Key Exchange (optional PFS)
TSi Initiator Traffic Selectors (subnets behind the Initiator)
TSr Responder Traffic Selectors (subnets behind the Responder

12
13
14
15
16
17
18
N Rekeying Notification (optional)
SAi Suite of cryptographic proposals for the Child SA (ESP and/or AH)
Ni Initiator Nonce
KEi Initiatior public factor for the Diffie-Hellman Key Exchange (optional PFS)
TSi Initiator Traffic Selectors (subnets behind the Initiator)
TSr Responder Traffic Selectors (subnets behind the Responder

SA1r Selection of a cryptographic proposal for the IKE SA

Nr Responder Nonce
KEr Responder public factor for the Diffie-Hellman Key Exchange (optional PFS)
TSi Initiator Traffic Selectors (subnets behind the Initiator)
TSr Responder Traffic Selectors (subnets behind the Responder

19
20
21
22
23
24
25
Dead Peer Detection
• If Dead Peer Detection (DPD) is activated then the peer is polled every dpddelay seconds
by sending an IKEv2 INFORMATIONAL request message if no inbound ESP or IKE
activity was detected during the previous dpddelay interval. Typical values for dpddelay
are 30-60 seconds but if the IKEv2 Mobility and Multihoming (MOBIKE) protocol is used
where quite some time can elapse until a new network interface appears then dpddelay
should be increased to 5 minutes.
• If no matching IKEv2 INFORMATIONAL response is received, the regular retransmission
scheme for IKEv2 packets is applied and if still no response arrives after about 5 retries
over 2-3 minutes, the peer is declared dead and the IKE SA and all attached all CHILD
SAs are deleted.

26