I found a nice tool today: ike-scan via another blog.
“ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.”
The documentation give also a nice introduction of the IPSEC protocol. I installed the tool on a box and performed some tests:
# ./ike-scan x.x.x.x Starting ike-scan 1.9 with 1 hosts \ (http://www.nta-monitor.com/tools/ike-scan/) x.x.x.x Main Mode Handshake returned HDR=(CKY-R=ef37b97f6fa8f857) \ SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 \ LifeType=Seconds LifeDuration(4)=0x00007080) VID=f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d4925b9df0000000018000000 (Firewall-1 NGX) Ending ike-scan 1.9: 1 hosts scanned in 0.087 seconds \ (11.47 hosts/sec). 1 returned handshake; 0 returned notify
There are plenty of options to change the way tests are performed. It’s also possible to use the IKE aggressive mode (not supported/configured on all IPSEC systems):
# ./ike-scan --aggressive --multiline --id johndoe x.x.x.x Starting ike-scan 1.9 with 1 hosts \ (http://www.nta-monitor.com/tools/ike-scan/) x.x.x.x Aggressive Mode Handshake returned HDR=(CKY-R=238dc8a43b8bc064) SA=(Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK \ LifeType=Seconds LifeDuration=28800) KeyExchange(128 bytes) Nonce(20 bytes) ID(Type=ID_IPV4_ADDR, Value=213.189.190.3) Hash(16 bytes) VID=12f5f28c457168a9702d9fe274cc0100 (Cisco Unity) VID=09002689dfd6b712 (XAUTH) VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0) VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation) VID=d64a6fb93b8ac0640f54a5e3c829ac04 VID=1f07f70eaa6514d3b0fa96542a500407 (Cisco VPN Concentrator) Ending ike-scan 1.9: 1 hosts scanned in 0.446 seconds \ (2.24 hosts/sec). 1 returned handshake; 0 returned notify
Using the –pskcrack flag, it’s possible to save the aggressive more pre-shared key. Then, another tool (pst-crack) is available to get the key (using a dictionary attack).
@Saleh for IkeV2 use ike-scan –ikev2
Hi
Is there a similar tool to test ipsec with ikev2?
Thanks
Saleh