5.8. 部署 FIPS 兼容 IPsec VPN

流程

1. 安装 libreswan 软件包：

   # dnf install libreswan

2. 如果您要重新安装 Libreswan，请删除其旧的 NSS 数据库：

   # systemctl stop ipsec
   
   # rm /var/lib/ipsec/nss/*db

3. 启动 ipsec 服务，并启用该服务，以便其在引导时自动启动：

   # systemctl enable ipsec --now

4. 通过添加 ipsec 服务，将防火墙配置为允许 IKE、ESP 的 500 和 4500 UDP 端口，以及 AH 协议：

   # firewall-cmd --add-service="ipsec"
   # firewall-cmd --runtime-to-permanent

5. 将系统切换到 FIPS 模式：

   # fips-mode-setup --enable

6. 重启您的系统以允许内核切换到 FIPS 模式：

   # reboot

验证

1. 确认 Libreswan 在 FIPS 模式下运行：

   # ipsec whack --fipsstatus
   000 FIPS mode enabled

2. 或者，检查 systemd 日志中的 ipsec 单元条目：

   $ journalctl -u ipsec
   ...
   Jan 22 11:26:50 localhost.localdomain pluto[3076]: FIPS Mode: YES

3. 以 FIPS 模式查看可用算法：

   # ipsec pluto --selftest 2>&1 | head -6
   Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
   FIPS Mode: YES
   NSS crypto library initialized
   FIPS mode enabled for pluto daemon
   NSS library is running in FIPS mode
   FIPS HMAC integrity support [disabled]

4. 使用 FIPS 模式查询禁用的算法：

   # ipsec pluto --selftest 2>&1 | grep disabled
   Encryption algorithm CAMELLIA_CTR disabled; not FIPS compliant
   Encryption algorithm CAMELLIA_CBC disabled; not FIPS compliant
   Encryption algorithm NULL disabled; not FIPS compliant
   Encryption algorithm CHACHA20_POLY1305 disabled; not FIPS compliant
   Hash algorithm MD5 disabled; not FIPS compliant
   PRF algorithm HMAC_MD5 disabled; not FIPS compliant
   PRF algorithm AES_XCBC disabled; not FIPS compliant
   Integrity algorithm HMAC_MD5_96 disabled; not FIPS compliant
   Integrity algorithm HMAC_SHA2_256_TRUNCBUG disabled; not FIPS compliant
   Integrity algorithm AES_XCBC_96 disabled; not FIPS compliant
   DH algorithm MODP1536 disabled; not FIPS compliant
   DH algorithm DH31 disabled; not FIPS compliant

5. 在 FIPS 模式中列出所有允许的算法和密码：

   # ipsec pluto --selftest 2>&1 | grep ESP | grep FIPS | sed "s/^.*FIPS//"
   aes_ccm, aes_ccm_c
   aes_ccm_b
   aes_ccm_a
   NSS(CBC)  3des
   NSS(GCM)  aes_gcm, aes_gcm_c
   NSS(GCM)  aes_gcm_b
   NSS(GCM)  aes_gcm_a
   NSS(CTR)  aesctr
   NSS(CBC)  aes
   aes_gmac
   NSS       sha, sha1, sha1_96, hmac_sha1
   NSS       sha512, sha2_512, sha2_512_256, hmac_sha2_512
   NSS       sha384, sha2_384, sha2_384_192, hmac_sha2_384
   NSS       sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
   aes_cmac
   null
   NSS(MODP) null, dh0
   NSS(MODP) dh14
   NSS(MODP) dh15
   NSS(MODP) dh16
   NSS(MODP) dh17
   NSS(MODP) dh18
   NSS(ECP)  ecp_256, ecp256
   NSS(ECP)  ecp_384, ecp384
   NSS(ECP)  ecp_521, ecp521