Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: essandess
essandess Author
User level: Level 1
41 points

OS X VPN Server Authentication Cracked—What are Secure Alternatives?

Now that MS-CHAPv2 authentication has been completely pwned [http://arstechnica.com/security/2012/07/broken-microsoft-sheme-exposes-traffic/], Mountain/Lion VPN Server must be considered cracked and insecure, as well as WPA2 and Open Directory authentications that a set to use the default MS-CHAPv2. As I recall, Snow Leopard Server's VPN service had a Keberos authentication option, but Apple removed this option in Lion, as well as MIT Kerberos.


What are the options to get a secure VPN service running between OS X Server and iOS? Is there a serveradmin command line setting for Kerberos authentication? Is there iOS client support for OpenVPN if you stand up an OVPN server? What other OS X Server functions depend on the cracked MS-CHAPv2, and how can these be cut out as we wait for Apple to rework OS X Server security?


Here's how to check if your VPN server uses MS-CHAPv2:


$ sudo serveradmin fullstatus vpn

Password:

vpn:servicePortsAreRestricted = "YES"

vpn:readWriteSettingsVersion = 1

vpn:servers:com.apple.ppp.pptp:AuthenticationProt

ocol = "MSCHAP2"

vpn:servers:com.apple.ppp.pptp:CurrentConnections

= 0

vpn:servers:com.apple.ppp.pptp:enabled = yes

vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPP

EKeySize128"

vpn:servers:com.apple.ppp.pptp:startedTime = "201

2-07-28 15:52:48 +0000"

vpn:servers:com.apple.ppp.pptp:Type = "PPP"

vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"

vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugi

ns = "DSAuth"

vpn:servers:com.apple.ppp.pptp:pid = 98

vpn:servers:com.apple.ppp.l2tp:AuthenticationProt

ocol = "MSCHAP2"

Mac mini Server (Mid 2010), Mac OS X (10.7.4), Lion Server, EyeTV HD, Turbo.264 HD

Posted on Aug 1, 2012 6:28 PM

Reply
11 replies
User profile for user: essandess
essandess Author
User level: Level 1
41 points

Aug 7, 2012 7:41 AM in response to essandess

There do not appear to be any secure options for VPN between OS X Server and iOS using either the native VPN server or OpenVPN.


The options are:


  1. Native VPN with L2TP/IPsec using pre-shared keys (PSKs) and MS-CHAPv2 authentications. This is OS X Server's default. But Moxie Marlinspike's crack makes this insecure. Moxie: "This leaves either an OpenVPN configuration, or IPSEC in certificate rather than PSK mode."
  2. Native VPN with PPTP. Insecure. Moxie: "PPTP traffic should be considered unencrypted."
  3. Kerberized Native VPN. This is IPsec with certificates, which was possible on OS X Server 10.4 and 10.5, but I haven't tried this on 10.7 or 10.8, and I sure don't see any online documentation on how to build this. Even if you can stand up a secure OS X VPN service with kerberos authentication, there isn't iOS native support VPN+kerberos clients. So no secure OS X Server to iOS connections.
  4. OpenVPN with SSL authentication. Secure, but again, no iOS native SSL VPN support. So no secure OS X Server to iOS connections.


Have I missed any? Has anyone got a secure VPN solution for OS X Server and iOS?

Reply
User profile for user: Jonathan Melville
Jonathan Melville
User level: Level 2
450 points

Aug 8, 2012 6:53 AM in response to essandess

This exploit requires a man in the middle attack to work. Almost impossible to do outside of a lab setting.


Unless you're running Los Alamos National Labatorary, I don't think that you should be that concerned. It's not nearly as easy to break as you're making it out to be. Unless your servers contain sensitive secrets vital to national security, L2TP/IPSec is quite secure.

Reply
User profile for user: essandess
essandess Author
User level: Level 1
41 points

Aug 8, 2012 8:36 AM in response to Jonathan Melville

This is not correct. You are confusing various authentication protocols. Cracking certificate-based VPN requires a MITM attack and therefore OpenVPN+SSL or L2TP/IPsec+Kerberos, both certificate-based, are both secure.


However, VPN without certificates -- e.g. PPTP or L2TP/IPsec+MS-CHAPv2, the only GUI options in OS X Server -- is not secure for the reasons stated. Moxie, again:


larger enterprises have opted to use IPSEC-PSK over PPTP. While PPTP is now clearly broken, IPSEC-PSK is arguably worse than PPTP ever was for a dictionary-based attack vector. PPTP at least requires an attacker to obtain an active network capture in order to employ an offline dictionary attack, while IPSEC-PSK VPNs in aggressive mode will actually hand out hashes to any connecting attacker.


In terms of currently available solutions, deploying something securely requires some type of certificate validation. This leaves either an OpenVPN configuration, or IPSEC in certificate rather than PSK mode.


There do not appear to be any secure options for VPN between OS X Server and iOS using either the native VPN server or OpenVPN.


Does anyone knowledgeable have any pointers to an alternative for secure VPN between OS X Server and iOS?

Reply
User profile for user: smallIT
smallIT
User level: Level 1
5 points

Oct 31, 2012 4:20 PM in response to essandess

Hi,

In Real World application, how does the MSCHAPv2 exploit impact users running their own VPN server? I understand that paid services will be obvious targets, but what about a small company serving an unknown VPN with only five clients? Do hackers blindly crawl the internet across IP addresses looking for open VPN ports? I have read many articles, the accompanying comments, and have done my best to decipher the dangers of the exploit, but I am not clear how it really effects SOHO users like myself.


If you would enlighten me, for the following scenarios presented, is it no risk, low risk, or high risk?

Server VPN is L2TP over IPsec with Shared Secret authentication (i.e., PSK),10.6 Snow Leopard Server (SLS), behind a NAT with port forward

  1. Client is on a personal home network, tunnel into VPN server network.
  2. Client is on mobile carrier 3G/LTE network, tunnel into VPN server network.
  3. Client is on public/cybercafe/airport wifi network, tunnel into VPN server network.


  • Is a static IP address equally susceptible to an attack of a dynamic IP that is coupled with DynDNS?
  • What if only a handful of people know the server domain name?



Other VPN Options (?)

L2TP-IPSec using the self-signed Certificate (no iOS compatibility)

Server Admin in SLS allows L2TP over IPSec authentication using the self-signed Certificate created by the server. As Essandress pointed to Moxie's article, this appears to be an alternative to PSK and a seemingly secure method for desktop and notebook clients. Unfortunately, as indicated in the Apple document VPN Server Configuration for iOS Devices , iOS devices do not support certificate authentication for L2TP-IPSec.


Cisco IPSec VPN router

iOS devices support Cisco IPSec protocol. However, it seems not the consumer or the small business VPN routers that are compatible, but instead those priced $3k.


OpenVPN (with Jailbreak required for iOS)

Installing OpenVPN and client software may work for computers, but a jailbreak of iOS devices is required. Essandess has a method that didn't work for him, and Tunnelbrick and Viscocity have a share of their own security issues not related to VPN tunneling.


I thank you for taking the time to read.

Reply
User profile for user: essandess
essandess Author
User level: Level 1
41 points

Nov 1, 2012 3:44 AM in response to smallIT

Thanks smallIT.


First, the OpenVPN server method I posted here is working great and I really like it, and even prefer it to OS X Server's VPN regardless of the latter's cracked protocol.


Second, you're right about Tunnelblick's serious local security issues, which remain unresolved. My server doesn't have any untrusted local accounts, but this is an important issue nonetheless, so I've posted a simplified setup here that relies only on launchctl and openvpn, completely avoiding the use of Tunnelblick and its suid helpers.


Third, I believe that the MS-CHAPv2 exploit leaves you wide open to anyone who is able to capture your packets:


you can plug the cracked MD4 hash CloudCracker gives you back into chapcrack, and it will decrypt the entire network capture (and all future captures for that user). Alternately, you can also use it to login to the user's VPN service or WPA2 Enterprise radius server.


This has nothing to do with organization size or the visibility of your server. The VPN packets themselves are vulnerable, and should be considered to be unencrypted.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Nov 1, 2012 7:12 AM in response to essandess

An option might be to install an SSL VPN server on OS X and use an SSL VPN client. There appear to be free SSL VPN server and client options for OS X but the only SSL clients I found for iOS appear to be part of commercial solutions.


My own preferred solution would be to use a VPN applicance of some sort, even one built-in to a (hardware) Firewall. Many of these can then be linked via RADIUS to an OS X server. This approach should be more secure because of the addition of RADIUS. I have done this in the past with a SonicWALL.

Reply

OS X VPN Server Authentication Cracked—What are Secure Alternatives?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up