ads

Style 2

Style3[OneLeft]

Style3[OneRight]

Style4

Style5[ImagesOnly]

Style6

WIN 10 Secure IKEv2 VPN

How To:

Secure Windows 10 IKEv2 VPNs.  Improve IKEv2 security strength  -the easy way.  Enable hidden support for advanced cryptographic algorithms on Windows clients.

Problem:

The default Windows implementation of IPsec is highly vulnerable to Man-in-the-Middle (MITM) attacks.  It uses depreciated security algorithms and should not be trusted.  DO NOT use IKEv2 or L2TP/IPsec with Windows clients unless it negotiates secure cryptographic algorithms.

Solution:

A simple registry change enables secure IPsec.  This easy fix provides a respectable DH14-AES256-SHA256 negotiation.  Alternately, use PowerShell to enable even stronger security.  Both solutions provide a cryptographic baseline that ensures secure communications.

Background:

The VPN server confirms vulnerable  security:  3DES, SHA1, and DH2 -all bad.  Confirm active MM cryptographic algorithms with PowerShell:


PS C:\Users\stevenuwm> Get-NetIPsecMainMode
 
 Name                                : 51
 LocalEndpoint                       : x.x.x.x
 RemoteEndpoint                      : x.x.x.x
 LocalFirstId.AuthenticationMethod   : Certificate
 CipherAlgorithm                     : AES256
 HashAlgorithm                       : SHA1
 KeyModule                           : IkeV2
 CipherAlgorithm                     : DES3
 HashAlgorithm                       : SHA1
 GroupId                             : DH2
 KeyModule                           : IkeV1

3DES?  SHA1?  DH2?  Good thing we checked!

Security Guidelines:

The Internet Engineering Task Force (IETF) provides guidelines for securing IKEv2. (RFC4307 BIS-13).  These standards are based on key management security strength.  Do not use any cryptographic algorithm with less than 103-bits of security:  http://www.stevenjordan.net/2016/09/ipsec-security-levels.html.

Key Management Tips:

  • DH Group-2 SHOULD NOT be used.
  • Use DH Group-14.    
  • Use RSA-3096 certificates.
  • Use AES128 encryption.
  • SHA1 (Main-Mode) can be used.  SHA256 is a better alternative.
  • Use HMAC-SHA1.  It is not the same thing as SHA1
Theses tips serve as baseline security -a starting point.

Registry Solution:  

Create a registry key that enforces modern cipher and transform sets.

STEP 1:  Edit Registry or create GPO:

HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
STEP 2: Create new DWORD value:
NegotiateDH2048_AES256
STEP 3:  Modify DWORD value:

Table 2:  NegotiateDH2048_AES256 Values.
Value IKEv2 Security L2TP\IPsec (i.e., IKEv1)
None MM: IKE-DH2-3DES-SHA1
QM: ESP-3DES-SHA1(HMAC)
MM: IKE-DH2-3DES-SHA1
QM: ESP-3DES-SHA1(HMAC)
0 MM: IKE-DH2-3DES-SHA1
QM: ESP-3DES-SHA1(HMAC)
MM: IKE-DH2-3DES-SHA1
QM: ESP-3DES-SHA1(HMAC)
1 MM: IKE-DH14-AES256- SHA1
QM: AES256-SHA1(HMAC)
MM: DH14-SHA1-AES128
QM: AES128-SHA1
2 M: IKE-DH14-AES256- SHA256
QM: AES256-SHA1(HMAC)
MM: DH14-SHA1-AES128
QM: AES128-SHA1
   Note:  This security target assumes the VPN server supports DH14-AES256-SHA256.
   No value, or value of 0 uses client defaults -weak encryption and hash! 
   VPN client security MUST be set to maximum strength encryption in it property settings. 

   Example:

   Registry sub-key:
  HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\
   Registry entry:
  NegotiateDH2048_AES256 Data Type:  Reg_DWORD
  
Value:  2

Windows VPN Server:

IPsec requires common cryptographic algorithms.  Windows 2012 IPsec is every bit as insecure as Windows 10.  Therefore we'll need to make adjustments to the server as well.

The above registry fix is recommended for Windows clients.  However it can work with Windows 2012 RRAS VPN server -with one catch.  It does improve security strength for DH and encryption, It does not improve the security strength for the hashing:

     DH14-AES128-SHA1.

This registry change meets the bare-minimum IETF recommendations for IKEv2.  It's better than before -but we can do better.

Should we trust SHA1?  It's probably OK for now.  On the other hand, Google Chrome and Microsoft IE no longer support certificates that use SHA1.  Weak hashes (e.g., SHA1) are vulnerable to sophisticated off-line attacks  In other words, an attacker can steal your identity! (Entrust 2014).

We're not talking about credit scores.  We're talking about digital identity and authentication.  Fake RSA signatures that authenticate to the VPN, email, etc.  Yikes!

Why risk SHA1 when we can easily implement SHA256?  There are other simple (yet hard to find) methods that improve IKEv2 security strength  on Windows servers.  We can do better:  http://www.stevenjordan.net/2016/09/harden-rras-ikev2.html

PowerShell

The Windows 10 registry fix is the path of least resistance.   However, PowerShell supports a wider range of cryptography algorithms.  N.B., These IPsec configurations are not available from the Windows GUI or registry.

Step 1:  Configure new IKEv2 VPN.

Create the new VPN connection with PowerShell.  Do not create the VPN connection with the GUI.
However, it's OK to use the GUI to edit authentication attributes after PowerShell creates the connection .

Add-VpnConnection -Name "IKEv2-VPN" -ServerAddress "vpn.stevenjordan.net" -TunnelType IKEv2 -AuthenticationMethod MachineCertificate

Step 2:  Configure an acceptable level of cryptography.

Set-VpnConnectionIPsecConfiguration -ConnectionName "IKE-SMJ" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -PfsGroup None -PassThru -AllUserConnection

AuthenticationTransformConstants : None

CipherTransformConstants         : AES256

DHGroup                          : Group14

IntegrityCheckMethod             : SHA256

PfsGroup                         : None

EncryptionMethod                 : AES256

PfsGroup                         : None

Additional Thoughts:

Why does Microsoft cripple IPsec VPN security by default?  Is it support for legacy devices?  Are there more nefarious reasons (e.g., Eric Snowden)?  Does it nudge folks away from IPsec toward SSTP?  If so it's as good of a reason as any!  In fact, I recommend SSTP for most situations.  The only problem with SSTP is that it's limited to Windows and Android clients.  Direct Access is another great VPN solution (that incorporates Windows IPsec).  

Conclusion:

In the end, NegotiateDH20148_AES256, is a Band-Aid for its default (i.e., broken) Windows IKEv2 VPN.   It provides bare-minimum IPsec security strength that should already be enabled by default. The registry fix may not be the best option but it's quick and it's easy.

On the other hand, Windows 10 supports stronger IKEv2 security strength via PowerShell commands.  By default, Windows IPsec VPN is not secure -it should not be trusted.  However, these VPNs can provide excellent security with a few simple changes.

That's it!

References:

http://www.stevenjordan.net/2016/09/harden-rras-ikev2.html
http://www.stevenjordan.net/2016/09/harden-rras-ikev2.html
Microsoft Windows 8 Windows Server 2-12 Supplemental Admin Guidance IPsec VPN Clien.docx. https://tools.ietf.org/html/draft-ietf-ipsecme-rfc4307bis-00
http://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-3
https://technet.microsoft.com/en-us/library/jj613766(v=ws.11).aspx
https://technet.microsoft.com/library/9e500d0b-ad09-463e-a5b7-e2986476bc58(v=wps.630).aspx
https://technet.microsoft.com/en-us/library/dn262642(v=wps.630).aspx