Choosing IKE version 1 and 2
If you create a route-based VPN, you have the option of selecting IKE version 2. Otherwise, IKE version 1 is used.
IKEv2, defined in RFC 4306, simplifies the negotiation process that creates the security association (SA).
If you select IKEv2:
- There is no choice in phase 1 of aggressive or main mode.
- Extended authentication (XAUTH) is not available.
- You can utilize EAP and MOBIKE.
Repeated authentication in IKEv2
This feature provides the option to control whether a device requires its peer to re-authenticate or whether re-key is sufficient. It does not influence the re-authentication or re-key behavior of the device itself, which is controlled by the peer (the default being to re-key). This solution is in response to RFC 4478. As described by the IETF, "the purpose of this is to limit the time that security associations (SAs) can be used by a third party who has gained control of the IPsec peer".
To configure IKE SA re-authentication:
config vpn ipsec phase1-interface edit p1 set reauth [enable | disable] next end
IKEv2 quick crash detection
There is support for IKEv2 quick crash detection (QCD) as described in RFC 6290.
RFC 6290 describes a method in which an IKE peer can quickly detect that the gateway peer it has and established an IKE session with has rebooted, crashed, or otherwise lost IKE state. When the gateway receives IKE messages or ESP packets with unknown IKE or IPsec SPIs, the IKEv2 protocol allows the gateway to send the peer an unprotected IKE message containing INVALID_IKE_SPI or INVALID_SPI notification payloads.
RFC 6290 introduces the concept of a QCD token, which is generated from the IKE SPIs and a private QCD secret, and exchanged between peers during the protected IKE AUTH exchange.
To configure QCD:
config system settings set ike-quick-crash-detect [enable | disable] end
IKEv1 quick crash detection
Based on the IKEv2 QCD feature previously described, IKEv1 QCD is implemented using a new IKE vendor ID (Fortinet Quick Crash Detection) so both endpoints must be FortiGates. The QCD token is sent in the phase 1 exchange and must be encrypted, so this is only implemented for IKEv1 in main mode (aggressive mode is not supported as there is no available AUTH message to include the token). Otherwise, the feature works the same as in IKEv2 (RFC 6290).
UDP fragmentation can cause issues in IPsec when either the ISP or perimeter firewall(s) cannot pass or fragment the oversized UDP packets that occur when using a very large public security key (PSK). The result is that IPsec tunnels do not come up. The solution is IKE fragmentation.
For most configurations, enabling IKE fragmentation allows connections to automatically establish when they otherwise might have failed due to intermediate nodes dropping IKE messages containing large certificates, which typically push the packet size over 1500 bytes.
FortiOS will fragment a packet on sending if only all the following are true:
- Phase 1 contains
set fragmentation enable.
- The packet is larger than the minimum MTU (576 for IPv4, 1280 for IPv6).
- The packet is being re-transmitted.
By default, IKE fragmentation is enabled.
To configure IKEv1 fragmentation:
config vpn ipsec phase1-interface edit 1 set fragmentation [enable | disable] next end
RFC 7383 requires each fragment to be individually encrypted and authenticated. With IKEv2, a copy of the unencrypted payloads around for each outgoing packet would need to be kept in case the original single packet was never answered and would retry with fragments. With the following implementation, if the IKE payloads are greater than a configured threshold, the IKE packets are preemptively fragmented and encrypted.
To configure IKEv2 fragmentation:
config vpn ipsec phase1-interface edit ike set ike-version 2 set fragmentation [enable|disable] set fragmentation-mtu [500-16000] next end