Brainpool curves in IKEv2 IPsec VPN

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

This recipe demonstrates how to establish a more secure IPsec VPN tunnel using high-level “Brainpool curves” for greater encryption, as specified in RFC 6954.

This recipe assumes that a VPN user group already exists. The example is demonstrated with a site-to-site IPsec VPN tunnel between an ‘HQ’ FortiGate and a ‘Remote Office’ FortiGate.

PREP 20 mins      COOK 5 mins      TOTAL 25 mins

1. Creating the HQ tunnel

For the sake of simplicity, you will create a site-to-site IPsec VPN tunnel using the VPN Creation Wizard. You will later convert it to a custom tunnel.

Go to VPN > IPsec Wizard.

Enter a Name for the tunnel.

Select the Site to Site template and set the Remote Device Type to FortiGate.

Click Next.

Set IP address to the remote gateway interface. The Outgoing Interface should populate automatically.

Enter a Pre-shared Key and click Next.

Select the Local Interface and set the Local Subnets and Remote Subnets. Ensure that the subnets do not overlap.

Click Create.

The VPN Creation Wizard provides a summary of the VPN configuration.

Click Show Tunnel List.

2. Customizing the HQ tunnel

In the IPsec Tunnels list, highlight the new tunnel and select Edit.

In the Edit VPN Tunnel dialog, click Convert to Custom Tunnel.

Edit the Authentication section and enable IKE Version 2.

Edit the Phase 1 Proposal section.

Deselect Diffie-Hellman groups 5 and 14 and select groups 28, 29, and 30.

Edit the Phase 2 Selectors section (don’t click the Add Button) and click Advanced….

Once again, deselect Diffie-Hellman groups 5 and 14 and select groups 28, 29, and 30.

Click OK.

3. Creating and customizing the Remote Office tunnel

Repeat steps 1 and 2 on the Remote Office FortiGate, alternating names and IP addresses appropriately.

Ensure that the same Phase 1 and Phase 2 selectors are applied and that there are no overlapping subnets.

4. Results

On either FortiGate, navigate to Monitor > IPsec Monitor and verify that the tunnel status is Up.

You can confirm the use of Brainpool curves by performing diagnostics on the tunnel:

Go to Monitor > IPsec Monitor, highlight the tunnel and select Bring Down.

Open the CLI Console (>_) and enter the following command:

diagnose debug application ike 63
diagnose debug enable

Return to Monitor > IPsec Monitor and bring the tunnel up again, then view the CLI Console.

While the SA proposal negotiates the tunnel, the output of the diagnose command should be similar to the following, where I’ve highlighted the relevant parts:

FGT_1 # ike 0: comes 172.25.177.56:500->172.25.176.56:500,ifindex=5....
ike 0: IKEv2 exchange=INFORMATIONAL id=262e65aad12e5e8e/598faf8398c7acbe:00000001 len=80
ike 0:HQ_to_Remote:7: received informational request
ike 0:HQ_to_Remote:7: processing delete request (proto 3)
ike 0:HQ_to_Remote: deleting IPsec SA with SPI 00f82773
ike 0:HQ_to_Remote:HQ_to_Remote: deleted IPsec SA with SPI 00f82773, SA count: 0
ike 0:HQ_to_Remote: sending SNMP tunnel DOWN trap for HQ_to_Remote
ike 0:HQ_to_Remote:7: sending delete ack
ike 0:HQ_to_Remote:7: sent IKE msg (INFORMATIONAL_RESPONSE): 172.25.176.56:500->172.25.177.56:500, len=80, id=262e65aad12e5e8e/598faf8398c7acbe:00000001
ike 0: comes 172.25.177.56:500->172.25.176.56:500,ifindex=5....
ike 0: IKEv2 exchange=CREATE_CHILD id=262e65aad12e5e8e/598faf8398c7acbe:00000002 len=656
ike 0:HQ_to_Remote:7: received create-child request
ike 0:HQ_to_Remote:7: responder received CREATE_CHILD exchange
ike 0:HQ_to_Remote:7: responder creating new child
ike 0:HQ_to_Remote:7:1: peer proposal:
ike 0:HQ_to_Remote:7:1: TSi_0 0:192.168.180.0-192.168.180.255:0
ike 0:HQ_to_Remote:7:1: TSr_0 0:192.168.1.0-192.168.1.255:0
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: trying
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: matched phase2
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: accepted proposal:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: TSi_0 0:192.168.180.0-192.168.180.255:0
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: TSr_0 0:192.168.1.0-192.168.1.255:0
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: autokey
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: incoming child SA proposal:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: proposal id = 1:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: protocol = ESP:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: encapsulation = TUNNEL
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=ENCR, val=AES_CBC (key_len = 128)
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=INTEGR, val=SHA
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=DH_GROUP, val=ECP512BP
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=DH_GROUP, val=ECP384BP
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=DH_GROUP, val=ECP256BP
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=ESN, val=NO
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: matched proposal id 1
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: proposal id = 1:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: protocol = ESP:
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: encapsulation = TUNNEL
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=ENCR, val=AES_CBC (key_len = 128)
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=INTEGR, val=SHA
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=DH_GROUP, val=ECP512BP
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: type=ESN, val=NO
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: lifetime=43200
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: PFS enabled, group=30
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: replay protection enabled
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: set sa life soft seconds=42929.
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: set sa life hard seconds=43200.
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: IPsec SA selectors #src=1 #dst=1
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: src 0 7 0:192.168.1.0-192.168.1.255:0
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: dst 0 7 0:192.168.180.0-192.168.180.255:0
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: add IPsec SA: SPIs=2bf96e39/00f82774
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: added IPsec SA: SPIs=2bf96e39/00f82774
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: sending SNMP tunnel UP trap
ike 0:HQ_to_Remote:7:HQ_to_Remote:1: responder preparing CREATE_CHILD message
ike 0:HQ_to_Remote:7: sent IKE msg (CREATE_CHILD_RESPONSE): 172.25.176.56:500->172.25.177.56:500, len=336, id=262e65aad12e5e8e/598faf8398c7acbe:00000002

Note how the SA proposal finds the first matching encryption type, in this case ECP512BP (DH Group 30), which represents ‘Elliptic Curve Parameter 512-bit Brainpool Primitive’.

The diagnostic debug will run for 30 minutes, but you can stop it with these commands:

diagnose debug disable
diagnose debug reset

 

Keith Leroux

Keith Leroux

Technical Writer at Fortinet
Keith Leroux is a writer on the FortiOS 'techdocs' team in Ottawa, Ontario. He obtained a Bachelor's degree from Queen's University in English Language and Literature, and a graduate certificate in Technical Writing from Algonquin College. He spent a year teaching ESL in South Korea. Annyeong!
Keith Leroux

Latest posts by Keith Leroux (see all)

  • Was this helpful?
  • Yes   No
Note that Brainpool curves are only available in FortiOS 5.6.1+.
All times listed are approximations.
If it is not up, highlight the tunnel and select Bring Up.
'63' will remove encryption hash from the debug output, making it easier to read.