0

Is there any way to configure the Windows 10 VPN client to use DH Group 15 / Group15 (modp3072) or higher for key exchange?

I am somewhat distressed that the CNSA specifies use of DH Group 15 (modp3072) or higher, but the Windows 10 VPN client supports only up to DH Group 14 (modp2048), which is still considered secure from my research, but it's not quite CNSA.

I am aware that the Windows 10 VPN client supports ECP384, which is allowed by the CNSA, but I have been unable to get the Windows 10 VPN client to connect to my strongSwan IPSec VPN server using my RSA X.509 certificates because apparently the Windows 10 VPN client is hardcoded to require use of ECDSA certificates to use ECP384 for key exchanges.

I have about come to the conclusion that I should just replace my RSA X.509 certificates with ECDSA X.509 certificates so that the Windows 10 clients can connect using ECP384 for key exchange.

Improve this question

2 Answers 2

Reset to default
1

No, if you want a stronger DH key exchange, you'll have to switch to ECP384. Because if the list for the -DHGroup parameter of the Set-VpnConnectionIPsecConfiguration PowerShell cmdlet is accurate, only the following DH groups are currently supported:

  • Group1 (modp768)
  • Group2 (modp1024)
  • Group14 (modp2048)
  • ECP256
  • ECP384
  • Group24 (modp2048s256)

As you mentioned, using ECP DH currently means that ECDSA certificates have to be used, at least for machine certificate authentication (see e.g. this ticket on the strongSwan issue tracker). It might not be the case for user certificates via EAP-TLS.

Improve this answer
0

ecdsa, thank you for your response, which is what I suspected the answer would be. I was finally successful in generating a new ECDSA CA Key & CACERT and a 384-bit ECDSA X.509 client certificate, installing the ECDSA X.509 client certificate on my Windows 10 computer, and configuring the Windows 10 VPN client and my strongSwan VPN server to use IKEv2 DHGroup ECP384 key exchange with CNSA-compliant AES256GCM encryption. I am posting here the pertinent commands and portions of configuration files that finally got it working for me in the hopes that they will help others who want to do what I have done.

Powershell commandlet configuration:

PS C:\WINDOWS\system32> Set-VpnConnectionIPsecConfiguration -ConnectionName "WSL VPN (X.509)" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod GCMAES256 -IntegrityCheckMethod SHA384 -PfsGroup ECP384 -DHGroup ECP384 -PassThru -Force


AuthenticationTransformConstants : GCMAES256
CipherTransformConstants         : GCMAES256
DHGroup                          : ECP384
IntegrityCheckMethod             : SHA384
PfsGroup                         : ECP384
EncryptionMethod                 : GCMAES256

ipsec.conf:

# ipsec.conf - strongSwan IPsec configuration file

config setup
        charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2,  mgr 2"
        uniqueids=no

conn %default
        fragmentation=yes
        forceencaps=yes
        dpdaction=clear
        dpddelay=300s
        rekey=no
        reauth=no
        mobike=yes

conn roadwarrior-ECDSA
        auto=add
        compress=yes
        type=tunnel
        keyexchange=ikev2

        ike=aes256-prfsha384-prfsha256-sha384-sha256-ecp384-ecp256-modp3072-modp2048,aes256gcm16-prfsha384-prfsha256-sha384-sha256-ecp384-ecp256-modp3072-modp2048!
        esp=aes256-prfsha384-prfsha256-sha384-sha256-ecp384-ecp256-modp3072-modp2048,aes256gcm16-prfsha384-prfsha256-sha384-sha256-ecp384-ecp256-modp3072-modp2048!

        left=%defaultroute
        leftid=mail.example.com
        leftsubnet=0.0.0.0/0
        leftcert=vpnHostKeyECDSA.pem
        leftsendcert=always
        leftfirewall=yes

        right=%any
        rightid=%any
        rightsourceip=192.168.109.0/24
        rightdns=192.168.110.222,8.8.8.8,8.8.4.4
        rightsendcert=never
        rightfirewall=yes
        auto=route

Snippet from strongSwan log:

roadwarrior-ECDSA[286]: ESTABLISHED 5 hours ago, 192.168.110.222[mail.example.com]...1.2.3.4[C=US, O=Will Snyder Industries, [email protected]]
roadwarrior-ECDSA[286]: IKEv2 SPIs: 41caec74d5829bc8_i 34766237017aa128_r*, rekeying disabled
roadwarrior-ECDSA[286]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384
roadwarrior-ECDSA{638}:  INSTALLED, TUNNEL, reqid 135, ESP in UDP SPIs: ca9791fe_i 66112426_o
roadwarrior-ECDSA{638}:  AES_GCM_16_256/ECP_384, 1841739 bytes_i (12768 pkts, 0s ago), 21381073 bytes_o (17487 pkts, 0s ago), rekeying disabled
roadwarrior-ECDSA{638}:   0.0.0.0/0 === 192.168.109.50/32

Will Snyder

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .