IPSec VPN介绍
IPSec是为实现VPN功能而最普遍使用的协议。IPSec不是一个单独的协议,它给出了应用于IP层上网络数据安全的一整套体系结构。该体系结构包括认证头协议(Authentication Header,简称为AH)、封装安全负载协议(Encapsulating Security Payload,简称为ESP)、密钥管理协议(Internet Key Exchange,简称为IKE)和用于网络认证及加密的一些算法等。IPSec规定了如何在对等体之间选择安全协议、确定安全算法和密钥交换,向上提供了访问控制、数据源认证、数据加密等网络安全服务。
- 认证头协议(AH):IPsec体系结构中的一种主要协议,它为IP数据包提供无连接完整性的保护与数据源认证,并提供保护以避免重播情况。AH尽可能为IP头和上层协议数据提供足够多的认证。
- IPsec封装安全负载(ESP):IPsec体系结构中的一种主要协议。ESP加密需要保护的数据并且在IPsec ESP的数据部分进行数据的完整性校验,以此来保证机密性和完整性。ESP提供了与AH相同的安全服务并提供了一种保密性(加密)服务,ESP与AH各自提供的认证根本区别在于它们的覆盖范围。
- 密钥管理协议(IKE):用于协商AH和ESP所使用的密码算法,并将算法所需的必备密钥放到恰当位置。
安全联盟(Security Association)
IPSec在两个端点之间提供安全通信,两个端点被称为IPSec ISAKMP网关。安全联盟(简称为SA)是IPSec的基础,也是IPSec的本质。SA是通信对等体间对某些要素的约定,例如使用哪种协议、协议的操作模式、加密算法(DES、3DES、AES-128、AES-192和AES-256)、特定流中保护数据的共享密钥以及SA的生存周期等。
安全联盟是单向的,在两个对等体之间的双向通信,最少需要两个安全联盟来分别对两个方向的数据流进行安全保护。
SA建立方式
建立安全联盟的方式有两种,一种是手工方式(Manual),一种是IKE自动协商(ISAKMP)方式。
手工方式配置比较复杂,创建安全联盟所需的全部信息都必须手工配置,而且IPSec的一些高级特性(例如定时更新密钥)不能被支持,但优点是可以不依赖IKE而单独实现IPSec功能。该方式适用于当与之进行通信的对等体设备数量较少的情况,或是IP地址相对固定的环境中。
IKE自动协商方式相对比较简单,只需要配置好IKE协商安全策略的信息,由IKE自动协商来创建和维护安全联盟。该方式适用于中、大型的动态网络环境中。该方式建立SA的过程分两个阶段。第一阶段,协商创建一个通信信道(ISAKMP SA),并对该信道进行认证,为双方进一步的IKE通信提供机密性、数据完整性以及数据源认证服务;第二阶段,使用已建立的ISAKMP SA建立IPsec SA。分两个阶段来完成这些服务有助于提高密钥交换的速度。
The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service. Data integrity is ensured by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-SHA. Data origin authentication is ensured by using a shared secret key to create the message digest. Replay protection is provided by using a sequence number field with the AH header. AH authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.
The ESP protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication. When ESP provides authentication functions, it uses the same algorithms as AH, but the coverage is different. AH-style authentication authenticates the entire IP packet, including the outer IP header, while the ESP authentication mechanism authenticates only the IP datagram portion of the IP packet.
Authentication Header Protocol
AH offers authentication and integrity but it doesn’t offer any encryption. It protects the IP packet by calculating a hash value over almost all fields in the IP header. The fields it excludes are the ones that can be changed in transit (TTL and header checksum).
Transport Mode
Transport mode is simple, it just adds an AH header after the IP header. Here’s an example of an IP packet that carries some TCP traffic:
And here’s what that looks like in Wireshark:
Above you can see the AH header in between the IP header and ICMP header. This is a capture I took of a ping between two routers. You can see that AH uses 5 fields:
- Next Header: this identifies the next protocol, ICMP in our example.
- Length: this is the length of the AH header.
- SPI (Security Parameters Index): this is an 32-bit identifier so the receiver knows to which flow this packet belongs.
- Sequence: this is the sequence number that helps against replay attacks.
- ICV (Integrity Check Value): this is the calculated hash for the entire packet. The receiver also calculates a hash, when it’s not the same you know something is wrong.
Tunnel Mode
With tunnel mode we add a new IP header on top of the original IP packet. This could be useful when you are using private IP addresses and you need to tunnel your traffic over the Internet. It’s possible with AH but it doesn’t offer encryption:
The entire IP packet will be authenticated. Here’s what it looks like in wireshark:
Above you can see the new IP header, then the AH header and finally the original IP packet that carries some ICMP traffic.
