 Yeah, he gave it up, this is a wonder for you, because it's big. Last one, this better fix my voice. It's my last thing to keep speaking. Shall we start? Yeah. Hello everybody, I'm Nikol from Oryanopoulos, and this is Podvaldus who will present you, I will present you about IPsec MSL VPNs, how to set them up in Fedora, and CentOS or Red, it's pretty much similar. And yeah, it's a workshop, so it's pretty much not, at least the first part would not be much of a presentation, you have to follow the instructions and try the stuff in your laptop. The second part would have some presentation as well. And so, in the first part, for five minutes, we will present the open connectors of VPN, and the second part will be the IPsec LibreSwan with IPsec VPN. So, before we start, a few points. There are two types of VPN, side to side, when you connect a LAN to another LAN, a remote side to another remote side, and a remote access. Remote access is when you go outside your work and you want to connect to your LAN and use the resources from your work. When do we need weeds? When should you choose IPsec or SSL VPN? SSL VPN is very restricted, it can only be used, it's only used for remote access mainly, unless you are very small sites, and you want to use IPsec for side to side communication. And why is that? First, SSL VPN is very easy to set up for remote access for a user. Many SSL VPNs just work, the user goes to the browser, connects to a site, and he's logged in to the VPN using a browser plugin. So, as user friendly, it can be made a lot. It has an advantage that it can tolerate, it can operate under very broken firewalls. So, if the firewall blocks everything, except HTTPS, you can still connect to SSL VPN. Which means you can also use it to circumvent network restrictions of being allowed to use a VPN? Yes, in fact, a lot of Chinese use SSL open connect just because they want to get out of the firewall of China. It's a bit more flexible in applying various restrictions to different users. For example, you want to put them in a particular C group or put a particular bandwidth limit. I don't know whether this granularity you can do with IPsec. You can do the same. Usually it's done with X59 certificates, so you put sales in one group and programs in another. Okay, so this is not very accurate. IPsec has the advantage, because everything is done in the kernel, you can have the kernel, you can do everything in the kernel and you reduce context switches and it's a bit faster, it's more efficient when you use it for every globe. It has some better privacy than TLS. It's a protocol issue. SSL sends a certificate in the clear while IPsec encrypts the certificate before the connection. So a passive attacker would not see who is connected if you use certificate authentication. Okay, that's pretty much the introduction. I don't know if you have any questions. Sir, talk a little bit louder. Yeah, there's no microphone. If you can come closer. So, I will start with setting up the client as an introduction. This is the easy part in OpenConnect. I don't know how many of you have the door open to use the client. And then you will set up a simple client using the username and password authentication. So you connect to a site which accepts the username and password. We have created users with that name on this server. So there are eight users you can use. You can select which one to use when you connect. And now we go to the command line client. You need to install it first in your Fedora. The command is young installed OpenConnect. You can actually watch it from here where you can, if you can see the small letters there, you can connect it directly. It's ethopad.wikimedia.org slash p, slash OpenConnect dash ppn dash workshop. So if you raise your hands when you, for a moment, when you do that installation, I will have an idea of how we are progressing because there are many. So have people here set up VPNs before or is this all new for them? Yes, no? If you have set up a VPN before, any kind of VPN just raise your hand. Okay, okay. I'm not used to OpenConnect. Anyone used IPsec? So most people use OpenVPN. And after you install the client, you connect to the server using this command line. So is this the, what is that, server server? The server server is to, you can skip it because you will avoid warning but it doesn't know the server and the server certificate. So this is public key factor. Has of the public key. Yeah, actually you can skip it and you can type yes. So you have a smaller. I think you type. If I skip it, how is this corner password? It will ask for a password because it's username password authentication. The users are, yeah. The user is this. If you use user one. And the password is exactly the same as the user. Can you read one more, the name of the etherpad? Yeah, it's etherpad.wikimedia.org. The etherpad can pass it to the fan. Ah, yes. After you connect, how do you know it works? You should be able to access the internal network. That will be by pinging. You can test it by pinging this IP address. And if DNS works, you should be able to ping. Sorry, one more. It's 100. The time should be 100. 100? Yes. The address range 100.64 is a special range used for carrier grade NAT. So it's a reverse range and it's never meant to leak on the internet. So it's sort of like RFC 1918 space, except most people don't use it. So using that address range on your VPN avoids conflicts like if you're behind NAT and the Wi-Fi range. So of course, I shouldn't have told you this range. Everybody will start using it. Do you want me to change? It's a reconfiguration? I put them in the middle. And I am getting system D, defconf.nox.ca, BAMPOS authentication failure from OZSER. Someone's using wrong password. Wrong username. Yeah, I think we can test one as a password. And the table is correct. So there's two users online. Try different users, maybe. No, no, there's four. It doesn't seem to work. I see not our authentication failure. It's blocking you? There is some protection in the server if it is being flooded by the same IP address. So I don't know if we all share an external IP address. Actually, yes. Okay. I'll have to change the server configuration so it accepts. We'll disconnect everyone already connected. Does it work now? No, it's a password. The same as the other one. We can test one, two, three, four. Now it's in failures again. Nikos, the server is still giving authentication errors? I think maybe if one person is already online, maybe the second person... Did anyone get to the Firefox page? It doesn't work? It doesn't work for me. Not for me. What is the display? Did the ping work? I can't even connect. Try six. We can test. So there are people who got the ping working? Yeah. But not the web page? Yeah. So this DNS name doesn't exist in the pocket. It only exists on your own VPN. So it's a confirmation that you're actually using it again. Has someone a problem connecting? Yeah. Cool. So I get this. Yeah. So the server... which is disabled by default? Unauthorized. Which is the name? Seven. Three. Unauthorized. I will list the limit of users. I'm in with four. At least it gives a different output. I'm increasing the number of users to... You should be disconnected now. I started the server. But you should be able to connect with any user name now. It wouldn't matter. So okay. Is anyone having string problems to connect? Except the disconnection that was intentional? Okay. The second part is you can do the same thing with the network manager. If you have a Dora, you need to install the network manager open connect plugin. This part. The network manager does open connect. And I've made some screenshots. This can guide you to how to set up the network manager. You go to VPN settings. Ignore if it's a bit peculiar how you find this. I just go to the overview screen and type VPN. The advantage of network manager is that it doesn't run as route. So the connection is done not as route. And only the parts that need to be executed as route are executed as route. So it's a bit safer and more well designed on the command line. And if you don't have a PC, you can actually do it from your Android. If you have iPhone... You can still do it, but it's not an open-to-slang. Time-out of the network manager. Yeah, very time-out. It's connected. So it's supposed to be like that. Ah, okay. So checking ping from other... Overview. This is what the administrator sees. Let's say who is connected. He can see the user from which IP. Actually everyone here has the same IP that's why this issue was. And how long he's connected here. We'll see that in a moment when we go to service setup. Anyone had a problem with the network manager step? Yeah. It's connected, but I cannot access the website. The DNS is not updated for some reason. I think it... Because the ping works. But we don't write the algorithm yet. Did you ping the DNS address? It won't modify the algorithm. Yeah, it won't modify it because... Rest of the green is automatic. Let me check. So there is no network manager open connection route. Hi, it's red. Yes, there is one. It is in a belt. Okay. You can do a simulation of that. Yes. It's called ProxyARP. There are some instructions in the open connect side how to set up ProxyARP. And you get an IP that is within the LAN that you are connected. I have to manually specify the resolver. The network manager. I don't know what. I don't know. You shouldn't have been there. He was working two days ago. So I don't know what to say. Well, maybe it... Because I have the... Did you have the other one open? I have this, I think, in... I have this DNS mask. That I use caching DNS server. Do you want that? You have modified it. Yeah, I have modified the default configuration. So it uses the DNS mask for... Okay, I'm taking a note. I don't know whether it affects it or not, but... For example, it works part of our own... It should have worked, because it's just a caching thing. I think it works for the overhead open VPN. I don't have any manual setting. Why don't I? Okay. I'm going to make... You can do the same from Android if you don't have a laptop. Or if you have Windows, probably not here. There is also a client you can use. The same for Mac OS X. Another thing you may want to try is certificate authentication. There are some test certificates you can use to connect to this server, and the command line is this one. But I'm going to skip this test for now. I'll go to the server setup directly. You can try this now or later, but I'll go to the server setup to make sure we have time. The test server will be out in the entire conference, so feel free to use it and play with it. To make a server like the one you connect, you need to install OpenConnect first. The OpenConnect server. In Fedora, that would be with this command. I'll type it now. DNF. It works on CentOS as well, so it's a lot better. After you install it, OSC server is OpenConnect server. After you install it, you need to create a server certificate and a CA. This can be done automatically if you don't really want to buy one. So this will generate a certificate for the server, this command. All you need to do to set up a server is to edit this file after you install it. Here we set up a server with password authentication. It will ask the user to set password. We instruct to give them these addresses from this network, just randomly selected by me. And it will send the DNS server for the clients to be in that one. It's a random IP. The server will not work in practice. I mean, you have to set up with it real LAN information there, but this will be a test server. And you will need to specify the port that the server will use because this is a cell VPN server. The default port is 443. I don't know how familiar you are with VPN. With VPN, you can either tell the client to use the VPN server to connect you for all the routes, for default route. So everywhere the client visits, it will go through the server. Or you can just tell the client that I serve this IP, this prefix. So if you specify this, you just tell the client that hey, I'm serving these addresses. And don't try to connect for all internet connections to me. If you want to do the alternative, you do this. Be sure. So when you should better use IT others instead of in APS, otherwise you can just correct some of the prefix. Ah, okay. Yeah? But if you press control key and you reply, if there is a rosy word, that's how the class can... Yes. Natural manager is better than the last one. What I think is that the reason why it doesn't work with the caching DNS, the default setup, because you don't... Basically the network manager doesn't know how to... If I don't want to have DNS for everything to be forwarded to your server, then it doesn't know which domains are... For which domains it should restrict the... So natural manager doesn't send this information? It should have sent that. Because the server sends all the information. If you specify just this information, there is no information which is the domain for DNS. Ah, yes. If you only specify this, but inside the configuration, you can set which are your split DNS domains. And did you specify it on a... Yes, yes. And I don't know. Then it must be in the... I have 15 minutes. I'll take 10 minutes more. Okay, let's... Who is in this part of the test? Raise your hand. Okay, and... After you set up a configuration file with this information, you need to enable the ports in the firewall. In DIPCA Fedora, you just need to open the port for pre-port from firewall B if you use this port. I have the specified IPv4 network range showing that the network IPv4 is not enabled. Ah, you only put that information. You have to enable the original file and just... There was... There was more... Did you install it? No, I don't have... You did? I don't have... I don't know if you did. I don't know if it worked. Do you have it? I'll say, sometimes you may want to... It's like... I do... I do... I think that you have to back in the other direction of this area because this is what is getting by the point. In this part it's right, but in the other part it's not. But you said that you work with a client, with a command line client. Yeah, because it did not, it just replaced the whole server, the NS server and the Okay, it could be because the configuration will change for the 100, so I don't know if there's something there. But anyway, let's move to the server side. And you can start open connect server using system B. And in a real world scenario you would like to set up your firewall in a way that communication between VPN users and your LAN is allowed. This is an example using a server wall, I mean you can use whatever firewall you have. And the interesting information is after you set it up there's some commands which allow you to see the status of the server. And how many users are connected and how much they're downloading and everything. So the status, status command shows you something like that. But the server is online for so many hours, there's one client connected. How many IDs are in the ban list, the ban list is the thing that stopped you from connecting at the beginning. If there is a single IP connection all the time, it blocks it. And that is the status page. And you can also get an overview of the connected users. So with O3, CPL2 you type so users in it and you see the user name, the group it belongs to, the IP he connected from, the IP he was given in the VPN, the device he's using, and cyber information. And you can even get specific information for a user which is more detailed. You can see which client he connected with, this is the open connected client for each other, it can be another client. How much he's downloading, the average bandwidth he's using. So I'm stuck on the authentication, I don't see... Of the server or the client? Yeah, setting up the server. I want to add a user to the OC serve, the 3D, the 3D, what's the format or... There is a tool OC pass WD, you can use it to add users and then server password already. Are we on time? It's already 40 minutes? Yeah. So let me take... You can use the etherpad even after the talk and another thing you can disconnect the user and there are some other exams to set up the server with certificate authentication and stuff. And the interesting setup is if you use Kerberos in your LAN, if you use IPA for example, there's a side how to set up OC serve in a way to do sync, sign on. So when you connect to the VPN, you're also connected to the LAN using Kerberos and you can see all the services without a second authentication. So I give the floor to Paul who will tell you about the Kerberos one and the IPsec. It's 4x3. So I downloaded the 4x3 template, but it's quite different. Okay, so I'll give you a really quick primer on IPsec, then show you the configuration samples and then we can just build tunnels to each other or to the same server that we've been using for the OpenConnect tunnels. So the different part with an IPsec tunnel is that there's two parts of it. One is the command channel that happens in userland. It's called Ike, the Internet Exchange. And the actual crypto part of the packets is done by the kernel, not by the userland program. So that happens inside the kernel. So Ike is the command channel for setting up IPsec tunnels and the IPsec tunnels actually do the encryption. Since Ike is going to negotiate like crypto material, it also needs to be encrypted itself. It's a little confusing. So the Ike command channel is encrypted, but it's only used to set up the tunnels that provide encryption. So for Linux, the way you talk to the kernel IPsec subsystem is to use the Netlink interface with the XFM subset. The standard way on most other OSes is the PFK interface, but it's no longer maintained in the kernel. So whatever is left there is sort of a half implementation. It's also known to lie about what the kernel supports. So if you, for instance, have certain crypto algorithms, the kernel will always say that they don't exist or will always say that they do exist. So they cannot really use them. Use the IPXFM state and IPXFM pull commands to get the raw kernel information about the IPsec. And if you want to do any IP table rules, you can specifically match packets that came in and encrypted but have since been decrypted by the kernel by using the dash amp policy and the dash dash pull IPsec. So you can, for instance, say I only want port 25 traffic that has come in over IPsec. So then you can block port 25 for the plain text. But it's where you're matching the IPsec packets after the decryption. So it's a taint that keeps with the packet. So you know which packets were encrypted before. There's two versions of IPv1 and IPv2. As you can see, they're both really old. So obviously most people still use IPv1 because it was working well enough. Only in the last two years have we seen a dramatic increase in IPv2, mostly because of iPhone and Android. The IP runs over UDP port 500. And to work around some helpful devices that Fenders created at some point that messed with that port, they also moved it to 4,500 for natural reversal techniques. Two more terms you'll hear regularly is security associations. That's what they basically mean when the two peers have come to some kind of agreement and they have an open command channel to each other. It's called a parent essay or an I security association. In really old terms it's also called a phase one. And that's the part where authentication happens in different ways. I appreciate TRSA, X599 is an API. There's also AAP plugins and other things. The IPsec essay is the security association that both systems have about the IPsec encryption itself. So they keep a copy in user land just to know what's in the kernel. If you look on the wire, the IPsec protocol uses protocol 50 called ESP. So a lot of admins make the mistake of not understanding that it's not port 50 because they're used to dealing with these UDP that has ports. ESP does not have any ports. So it's protocol number 50. All the other things I guess you can mostly forget is two modes, tunnel mode and transport mode. Tunnel mode is a full entire packet inside another packet where transport mode is just the packet itself being as much encrypted as you can. But of course you cannot encrypt everything because then you cannot know where the packet is going to. So it leaks like source assassination obviously and some other header information. Transport mode is mostly used because it saves a few bytes because you're not adding an entire packet inside a packet. But usually it's not really needed. If you're at the endpoint of an IPsec tunnel, usually people lower the MTU to like 1200 or something just to avoid the 10 layer of encapsulations that happen on the way between your ISP and the world. So usually you use tunnel mode. Authenticated header was also a way of doing authenticated packets but not encrypted packets. And nobody should use it anymore but again whenever the ITF tries to remove it there's a few people that stand up and say, no we use this you cannot remove it. So it will never go away but it's not really used by anyone. So all of this luckily you don't really need to know because all the defaults on LibreSwan are set in such a way that they use the right things. Soling LibreSwan is pretty simple. Just install LibreSwan package. The one maybe confusing things is that the service is not called LibreSwan but IPsec. Which turned out to be a good thing because originally this software was called FreeSwan and then it was called OpenSwan and now it's called LibreSwan. Luckily the service name has never changed. Also since FreeSwan actually started in the mid-90s there were no advanced init systems. So everybody had to type etc init.d or c3.d IPsec start. So we already built our own wrappers around this. So we can just do IPsec start, IPsec stop, IPsec restart. And of course now to look at what init system is running and if it's system vehicle called system CTL, if it's running upstart it will do the upstart thing. So if you want to do the network manager GUI site for the client you install network manager LibreSwan GNOME or depending on if you're on an older Fedora you still have to use network manager OpenSwan GNOME. We made sure that both packages support OpenSwan and LibreSwan. OpenSwan has been obsolete by LibreSwan. So depending on which of the ones available on your system depends on your Fedora version. So let's get to the configuration. This is the full configuration needed for a simple tunnel from one IP to another IP. So one thing that might also get some little used to is that we're using the terms left and right because IPsec is a peer to peer system. So there is no source destination or there is no server client. So when they designed the software they decided to call it left and right where left means the server that's on the left side of your diagram. And of course if you turn over the diagram it's the other way around. It's the right side. And so it's arbitrary. You can decide whether you call it left or right. Once the daemon starts it will look at all the IP addresses it has configured and it will figure out whether it is left or whether it is right. So this also means that you can take this configuration to the other machine without changing it and using it there too. We thought it was really clever but it's cost a lot of grief because people just don't find it intuitive to use left and right. Authorized secret means like a pre-shared key and you can drop in a secret file in IPsec's data directory where you can write a set and you save ESK for pre-shared key and then the secret. Once you do this the only thing you need to do is restart the service and your tunnel should be up. So if people want to try it then we can try with the neighbor or I can talk a bit more about more configurations first. Any preference? Describe multiple servers in the core of mind. I'll go through more configurations then this will come up. So if you want to add a network to a subnet to a subnet and the only thing you need to add is not a subnet is a right subnet is. And if you want multiple subnets it's actually write subnets with an S and then a comma separate list of multiple servers and then you can explode them as much as you want. What we call subnet extrusion is actually what I use myself as well at home is where you call one side a subnet zero star zero and the other is your subnet. So what you basically do is you're moving a subnet to your other location. So for instance this range 192.1.5.7.0.24 is a range I own in Amsterdam and so on the Amsterdam server there is this configuration and this is my DSL IP address at home and so it says I actually have this subnet and so every destination from this packet to anywhere in the world has to go through the tunnel. So basically these 16 IP addresses live now in my space in Toronto and if you do a trace route to it you'll see a trace route happening to Amsterdam and then a really slow hop the last hop which looks like a single hop because of the IP sector and it actually goes all the way to Canada. So this is how you move the subnet around which is a really useful feature especially if you want IPs in your home and your ISP only gives you one. So configuration so far we've used that pre-shared key so this is one where we're using RSA so you run IPsec new host key that just generates a new RSA key for use with IPsec and you can display by using IPsec show host key and then you can type a dash at left or dash at right and I would just show you the line that you have to put in the file that specifies the key. So the output of IPsec show host key you can send over email, it's just a public key so you can exchange it. You can come up with a random ID it's not really used, it's only used for matching for this matter so for instance Paul and Nikos and then another couple of slightly changed left ID is specified and right ID is specified and then left RSA set key and this is shortened it's a really long block of a key and right the RSA key and off by is RSA set of secret key. So now you're using RSA which is much more secure than using pre-shared key and so there's no entry needed in these secrets so you don't need the secrets hard because once it generated that RSA key it stored the private parts of the key in the specific NSS database that's stored in the IPsec.d which can be protected by FIBS passwords and other things. But is it on both, how it gets on both sides? Sorry? How it gets on both sides? So you exchange with the other end, the public key which you, when you do IPsec show host key. So you create, do you need to create that on both sides? A new host key? Yeah, the new host key. Yeah, both parties generate RSA key with new host key and you run show host key to just get the public key and you exchange them. Oh really? And then how do you apply them? Like is there a command like apply or use this key or you just put it into the configuration? You put it into the configuration. Okay, you're good, okay. Yeah. I'll go out of full screen mode on the presentation and with a terminal and I can show some more things. Another feature on demand tunnel. So if you do a subnet to subnet connection you might not want to have it up all the time. So if you want to bring it up only when there's packets there you can just change the set auto is on demand. Basically instructs the kernel and says these packets may not leak out. If you get a packet for this go talk to the IkeDemon and give us a notification and we'll set up the tunnel. The one problem with this is that the first packet that actually triggers that kernel message is eaten by the kernel and dies. So if you're doing something like a TCP or if you're doing a ping you're missing a one ping packet. If you're doing a TCP connect you're missing that first TCP connect. I have been trying to tell the people that they should really implement a packet caching for this so that they cache at least one or two packets so that once the tunnel is up they can release the packets. But Herbert Sue has not been convinced yet that you should write the code. Dynamic IP. So for one if you are on a dynamic IP you can do left equals percent is default route. It will just pick up the IP you have and use that to go out. If you want the other side to be random when they connect to you you can use right is percentage any. Of course this you can't really use in real life because if both ends don't know where to find each other then it stops right. So normally in these cases where you're both on dynamic IP you make sure you have a DNS hosting that gets updated and if you use a hosting for these then they will also properly just work. And it will do whenever it tries to bring up the tunnel again or rekey it will relook up the DNS. So if it's changed in the meanwhile it will find any right units. You also use usually other equals add instead of start or on demand because if the partner you're trying to talk to the remote partner is any you don't know where they are so you cannot initiate to them. You have to wait for them to initiate to you. So this is not a configuration that would be identical on both sides of the... This is a typical Cisco IPsec connection. So this is where we're basically emulating a Cisco server which if you look on the Android... So on iPhone it's called Cisco IPsec on Android it's called RSA Xoff it's basically the same thing. It's using IPv1 with some extensions called Xoff. So you'll see some new things. So this one is with certificates so... I didn't put the grants in there yet. So you import the certificates which I'll show later and you specify left server and you specify by the export name that was chosen for the PKSS12 certificate. You say left Xoff server, left config server yes and on the right side you say client yes. You can assign an address pool. Pick an entropy address. You say right subnet is 0000 to get all traffic and these are just some specifics. You can give a DNS server, you can give it a DNS name for what domain you want to get DNS queries from and you basically as a... So this is what I use to connect my iPhone to my home network and this is the same with pre-shared key. The difference is usually you say the remote pair type is Cisco to enable some Cisco tweaks. Usually those setups also use aggressive mode and there are very specific... Cisco is very specific about the crypto parameters. The whole point of hike was that you can send a whole bunch of proposals and then the two pairs will negotiate the one that they both like. But Cisco is more secure so as soon as they see something that they don't like they just stop talking to you. Not to reveal any information. Which is not what the protocol is about. So you used to have to specify it specifically. So this is one way of specifying two proposals. One is for AS256 with SHA-1 with a different element size of 2024 and the other one is AS256 SHA-1 with the same... Yeah, the same. One should be 128. This one should be 128. The ESP... So Ike is the encryption algorithms for the Ike connection. The ESP is the encryption done by the kernel for the actual packet encryption. The group name is specified as the ID. So what Cisco calls group name is what in Ike terms is really the ID of the client. So this basically almost comes straight from my configuration to connect to the Red Hat media. Next I'm going to plug in. I'm going to test it against the Defconn server. You just go to add VPN plug-in and then go to the Identity tab and you basically fill in the gateway. You leave the group name out. User group password is the group password is the pre-shared key. And then username password is the same. You can test... 128. So once... When I was making these slides last week I actually had to talk to some of the network manager people because they expect to deal with routing. So whenever we added a route they were sort of deleting them from us. So one side effect is that in the latest packets that's in Flora right now when you disconnect your VPN you'll actually lose your default routers. But they will be fixed for that soon as they roll a new version of the package. So quick minds to add your connection to leave, bring it up, bring it down. That's what we said. IPsec white hash dash listen is used whenever you gain a new interface or lose an interface and things change and Pluto the IDM has to reorient itself to figure out who it is. So that should usually not be needed by the end user themselves. Some other useful... IPsec verify we'll do a quick check on your system to see if the settings are right. There's some CCTL settings that could be weird. Forwarding might be disabled. Things might be... RP filter. People know RP filter. It's a proc setting you can enable which very smartly automatically drops packets that come from a destination it couldn't have possibly arrived on. So if you have like ETH0 with a 10 slash hate address and you suddenly packet for 10 has originated on ETH1 then it will be swear and say well that could never happen. The routing tells me it should have come from ETH0 it could never come from ETH1 and so it will drop the packet. Unfortunately the code is not smart enough to realize that a packet could have come in encrypted, got decrypted to another IP address and then got on to the machine. So RP filter you always have to disable on IPsec. IPsec WAC traffic status shows you a similar as OpenConnect how much traffic the user has been the users have been doing. The IPsec status command is what was never meant for humans only for developers but since we took up the easy name everybody uses it it gives you like basically a dump of the entire ID means internal. And IPsec bar is what we sometimes ask people to give us if they have a lot of problems and we want to understand their system it actually makes a sort of snapshot of their entire system related to IPsec. And the last two commands are for importing certificates. So if you want to do anything with certificates you get a PKCS12 file and you just do IPsec import and we'll call the proper search utils and if you want to see what's in the NSS database you can also use this. But our real true goal is to encrypt the entire internet with IPsec. Nobody should be sending packets without encrypting them. So the Loopson project and this is what actually started the FreeSon project in the mid-90s was everything should be encrypted. So we call that opportunistic encryption. The term is a little bit vague now because people associate different things to it. But basically the idea is whenever you are going to send out a plain text packet why don't you look and see if you can somehow build up an authenticated connection with it an eye connection and then start an IPsec tunnel with it. And as of last year there's now even a possibility to do an unauthenticated IPsec tunnel. So you just say I don't know who you are but let's talk IPsec because hey the NSA is monitoring us and let's just try and encrypt it. So we have the unauthenticated one working. The old DNS one is not working but we're replacing it with a DNS sec one. And we're also working on the GSS API one and Kerbal one. So that basically allows you to encrypt your entire LAN as a mesh. So whenever one machine in your LAN another machine in your LAN the kernel will catch the packet tell the IPD man hey you should set up an IPsec tunnel in there. We set up the tunnel, everything gets encrypted automatically. So you don't have to specify one configuration for each host in your network. Now that I can see if I can demo that. Although it doesn't really work here on the Wi-Fi so I'll just log into another system. So this is actually the demo server that we've been using. So I sneakily already enabled why is it so slow? Wow it's like being on a modem. Okay. So you can see that's already so one user connected with the configuration and the three before they clear a private you can see there, those are three other machines that have an unauthenticated IPsec so they're normal. So they just happen to send packets and those are oelebusvan.org oe1.lebusvan.org there's a few of those. OE up there I think OE4 we have now. So those machines sort of continuously send each other via Chrome to bring up the tunnels. It's our little testing system for this. But they also do this to the entire world. Now of course you have to remember if the other end didn't actually support IPsec you don't want to hammer them every time to see if they can IPsec. So we do remember that for a while. So we call those things a shunt so we place a shunt in the door and we're like okay we don't do okay so that's not a good example. Okay let's actually pick the sorry let me just find another machine. I think someone might have, another developer might have reconfigured these machines for another test. Now so IPsec outro and some passwords or IPsec what? Now so if you want to just monitor the tunnels the IPsec wac-tashtraffic status is the one to use because that gives you one line per tunnel in the output. Like the IPsec status bond gives you a lot of details but it's really hard to parse. You don't really want to parse it automatically. It's hard to type in a delay. Yeah somebody installed some broken vision. Okay try the last one. I've run an open DNS resolver which gets a lot of traffic. And so we use that for some stress testing. So then it's guaranteed to install. So for instance we found that you have to be really careful about logging. You can't even log like an opportunistic tunnel didn't work in one line. Like on a DNS server your disk is filled within four hours. Anyone else have any questions on IPsec? Oh here we go. So here you see a list of shunts. So let's try to send an IPsec to all of those machines and just remember this for about an hour or so and it didn't work. So this list probably has 64,000 entries or so because this is my DNS server. With the wifi here my shell is now lost. So anyway the goal is to have like a full mesh encryption both in the enterprise and if possible like internet-wide. That's what we're currently working on as stream. So if we do the so we can do the opportunistic with XWAP and certificates with less encrypt. And then so we say okay we trust the less encrypt CA. Yeah would we just use their certificates. So once we connect to a server to an IP address with a packet, that server will then when we try to do IK will give us their certificate. And then in that certificate will be their name which is not their IP address but we don't care. Now what we can do, what I've been thinking of maybe we should do an extra check where we look up in the DNS to see if that was actually their name or not. So if there's a little extra check that there's no man in the middle but because anybody can answer anyone can steal routing and take over IP address and get a less encrypt valid certificate. But remember the goal of opportunistic encryption is to encrypt when you would otherwise have send it out plain text. It is never a replacement for like a hard enterprise encryption or like that you want to do properly. So like the Kerberos GSS with the I has to be done properly so there's no man in the middle possible, there's no token shoveling or other things happening. You mean do you want to do the SSH thing of the known hosts file? Yeah, is there some way to be sure it's the same one you connect to? You say there's no authentication but can you at least be sure it's the same one or do you have to exchange some? You could but what do you do when it's not because like everybody own dynamic IP addresses you will talk to different people with different applications. So you can't really tell that they're somebody. Also the one of the modes you want to do is where only one side is anonymous and the other side is not. So traditionally IP sec both peers authenticate each other and with the null authentication it's now possible to be unauthenticated and that's something that actually TLS had as an advantage. The reason so much HTTPS encryption happened in the last 10 years is because people didn't have to configure their own identity on the machine. They could just connect to the server and it was their job to authenticate the server and the server didn't really care. I would talk plain text or encrypted to anyone who talks who's going to talk to it and so IP sec was missing that mode so by finally having this RFC out we can now do the same in IP sec so where the client can connect and goes okay I'm just going to verify that that server is really that server, that IP sec server but I'm not going to even tell them who I am because they don't need to know. Okay I think we're pretty much out of time. What is the still minutes? Okay. So if people want to set up some IP sec tunnels go for it. Or some more questions for Nikos. One question opportunistic encryption does it use transport mode? No. Yes. Because transport mode is evil and should die because with the presence of NAT it's terrible because with transport mode you're basically encrypting on the the packet itself right so you're not encapsulating another packet inside and then you go through and that these IP addresses get replaced for other IP addresses so then you break the encryption. So the only case where transport mode really still is used is the L2P IP sec with Windows 95 and that's sort of a weird transport mode because it sort of also does tunnel mode but yeah no whenever you say transport mode that's it. Even for IPv6 What? Even for IPv6 Yeah it doesn't matter but it's IPv4 or IPv6 So I mean really the only thing you gain is a few bytes like it's not like transport mode gets you a few bytes and then and you release it from your own head and then you just find it. It's just by sitting next to each other Right So if you so if you want to do it so the way the configuration of the opportunistic works, let me just bring up a new shell that's local. So we define first of all we have a group called Clear which is the group that we never want to talk IP sector This is where you can put your white list in like you know never do IP sector Then we have clear or private which means don't initiate IP sector to them but if they do IP sector to us we'll do IP sector to them Then there's private or clear which means we'll try to do IP sector and if that fails we'll do clear and there's private where we go like okay we'll initiate IP sector and we expect them to IP sector and then there's locked and we'll never talk to them So you can see here these are just regular IP sector configurations so if you want to go like well I really want to use transport mode then you can just say try to transport and then you have transport mode if you really want to you can do it like that and then right and then sorry and then so in the there's a directly ETC IP sector with the policies and it actually contains all the addresses of what you want to do so if I look at private or clear here in this case we only put 0 side 0 and here so in these files you can basically say okay this range goes into clear this range goes into clear private or this range goes into private or clear so you can sort of determine with whom you want to do opportunistic encryption so I guess I'm supposed to throw these to anyone who asks questions I think maybe many of them that's for the other program too so you can get up to three so we actually just redid that upstream where it will actually give you now in the regular log so without having to add any Pluto debug logs you will tell you to peer send these proposals and I have this proposal and therefore we didn't match yeah the next version will be in it's already in the if you pull the git version from github it's already in we actually had to completely rewrite the proposal code it was badly done so for instance it checked every element and like it turned out strong strong sent a massive amount of options like it's like many ciphers, many algorithms so we spent if you enable debugging we spent so much time in the debug just writing all these proposals out that it was too slow and timed out so we so we redid the entire proposal code so now we're really fast and as a result of that we can also just simply now print the line I can now check if I have pulled the other side yes yes and you no longer have to enable debugging so it will already be in the no debug log those are the things because that all comes in freeSwan so that all comes in freeSwan so strongSwan also for freeSwan are they still strongSwan is the only thing I asked a couple of questions just going to blue and blue I think it's really nice I think it's a better option like it's doing a couple of them can I can I can I can I can I can I can I can I can I can I can I can I Yeah I am sorry Today, we have some meeting at some point. So, because I'm having a meeting for one hour, so I'm going to go out here now. So, I guess I'll do this. Okay. When I'm probably somewhere, I don't know. I don't know why. That's a bummer. I can't remember. That's so weird, man. Yes. So... So... I don't know. I don't know why. I don't know why. I don't know why. I don't know why. Okay. On this side. On this side. Okay. Okay. Okay. I will try to find it. Okay. Good. It's changed into... converted into a giant racket. Yes, this is for this. So, the traffic status... Yeah. So, it's the traffic status. It's like, okay, that discussion, like brutal discussion of them done. Yeah. Okay. Yes. Yes. Okay. But I was not that very... I mean, you also see how much... when it was added and how much traffic it was. So, three of us don't even know what to write. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay, okay. And last but not least, what is to come, let's continue with drive-thru. All right. Okay. Okay. Okay. Okay. Thank you. Thank you very much. Okay. Thanks for spinning through here. Thanks to you too. Okay. Made possible. Yeah, and moved forward. Yeah, the driving reminders, pretty good. So, it's... so, it's, right here in here, looks looking at you, Oh, it's that location? Another thought?