jkipsec 0.1.0

Userspace IKEv2/IPsec VPN responder for terminating iOS VPN tunnels and exposing the inner IP traffic. Pairs with jktcp for a fully userspace TCP/IP stack.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

# jkipsec

Userspace IKEv2/IPsec responder built to terminate iOS VPN tunnels and hand
the inner IP traffic to your own code - typically [`jktcp`](https://crates.io/crates/jktcp)
for a complete userspace TCP/IP stack.

```text
   iOS device                Internet                  jkipsec
  ────────────                ────────                ──────────
                                                        UDP 500
   IKE_SA_INIT  ──────────────────────────────────►  ┐
                                                     │  Server task
   IKE_AUTH(SK)  ─────────────────────────────────►  │  (no locks,
                                                     │   crossfire
   ESP packets   ─────────────────────────────────►  │   channels)
                                        decrypted IP packets
                                              jktcp::Adapter
                                            your application code
```

## What this is

A small Rust library that speaks just enough IKEv2 + ESP to let an iOS device
build an IPsec VPN tunnel to a process you control, with the inner IP packets
exposed as an `AsyncRead + AsyncWrite` stream you can plug into a userspace
TCP stack.

It exists because:

- iOS' WireGuard implementation creates a `utun` interface whose policies block
  some inbound services (notably lockdown on TCP/62078). iOS' built-in IKEv2
  client uses the same OS path but with different policy hooks, and *can*
  reach those services. (*edit*: ipsec is now blocked too)
- Implementing IKEv2/IPsec in userspace lets you run as a non-root user and
  multiplex multiple devices without touching the kernel.

The companion crate [`jktcp`](https://crates.io/crates/jktcp) gives you a full
userspace TCP stack on top of the raw IP frames jkipsec produces.

## What this is **not**

- **Not a production VPN gateway.** Designed for terminating one or a few
  trusted iOS devices to talk to specific services on the host.
- **Not a general IPsec implementation.** Negotiates exactly two IKE/ESP
  suites, both with DH group 19 (P-256). No MODP groups, no AH, no transport
  mode, no IPv6 inner support, no rekeying, no DPD, no MOBIKE,
  no fragmentation, no IKE_INTERMEDIATE / RFC 9370 hybrid PQ.
- **Not security-audited.** The crypto primitives are RustCrypto, but the
  protocol code is hand-written and lightly tested. Don't use it where a
  motivated attacker on the network is part of your threat model.
- **Not a drop-in `strongSwan` / `Libreswan` replacement.** Tested against
  iPhone 5, iPhone 8, and modern iPhones - that's it. Other clients
  (Windows, Android, strongSwan-as-initiator) are likely to fall outside the
  narrow set of behaviors we accept.

## Negotiated suites

Both suites use **DH group 19 (NIST P-256)** for IKE_SA_INIT and **PRF
HMAC-SHA-256**. The selector tries them in this preference order and picks the
first one the peer offers:

| # | Cipher | Integrity | Notes |
|---|--------|-----------|-------|
| 1 | AES-GCM-16-256 (AEAD) | (built into AEAD) | Modern iOS default |
| 2 | AES-CBC-256 | HMAC-SHA-256-128 | Older iOS (iPhone 5–8) only ships this |

Authentication is **PSK only** (RFC 7296 §2.15 shared key MIC). The "PSK" is
never stored - only the 32-byte derived auth key, which the user's callback
returns or verifies via `AuthChallenge::approve_with`.

## Quick start

`Cargo.toml`:

```toml
[dependencies]
jkipsec = "0.1"
jktcp = "0.1"
tokio = { version = "1", features = ["full"] }
```

```rust
use std::net::{IpAddr, Ipv4Addr};
use jkipsec::api::{AuthDecision, JkispecConfig, JkispecServer, PortRole};
use jkipsec::crypto::derive_auth_key;
use tokio::io::{AsyncReadExt, AsyncWriteExt};

#[tokio::main]
async fn main() {
    // Pre-derive the auth key once, store this in your DB instead of the PSK.
    let alice_key = derive_auth_key(b"correct horse battery staple");

    let server = JkispecServer::start(JkispecConfig {
        binds: vec![
            ("0.0.0.0:500".into(), PortRole::Ike500),
            ("0.0.0.0:4500".into(), PortRole::Ike4500),
        ],
        public_ip: "203.0.113.1".parse().unwrap(),
        public_port: 500,
        identity: "vpn.example.com".into(),
        virtual_ip: Ipv4Addr::new(10, 8, 0, 2),
        gateway_ip: Ipv4Addr::new(10, 8, 0, 1),
        virtual_dns: Ipv4Addr::new(1, 1, 1, 1),
        auth: Box::new(move |challenge| {
            let alice_key = alice_key;
            Box::pin(async move {
                // Look up the auth_key for this identity in your DB. The
                // example below approves anyone presenting "alice".
                if challenge.identity() == b"alice" {
                    challenge.approve_with(&alice_key)
                } else {
                    AuthDecision::Reject
                }
            })
        }),
    })
    .await;

    // Each iOS device that connects yields a `Client`.
    while let Some(mut client) = server.accept().await {
        println!("connected: {}", client.identity_str());
        tokio::spawn(async move {
            // TCP from gateway_ip:<random> to virtual_ip:62078 over IPsec.
            let mut stream = client.connect(62078).await.unwrap();
            stream.write_all(b"hello\n").await.unwrap();
            let mut buf = [0u8; 256];
            let n = stream.read(&mut buf).await.unwrap();
            println!("got {} bytes", n);
            // Dropping `client` sends an IKE DELETE.
        });
    }
}
```

A more complete runnable demo lives in `examples/probe.rs`:

```bash
JKIPSEC_PUBLIC_IP=1.2.3.4 \
JKIPSEC_PSK=secret \
JKIPSEC_PROBE_PORTS=12345 \
cargo run --example probe
```

### iOS profile

Configure on the device (Settings -> VPN -> Add VPN Configuration):

- **Type**: IKEv2
- **Server**: your server's public IP
- **Remote ID**: must match `JkispecConfig.identity`
- **Local ID**: any string - this becomes the `identity` in `AuthChallenge`
- **User Authentication**: None
- **Use Certificate**: off
- **Secret**: set to the raw PSK whose `derive_auth_key(...)` you stored

For older iOS, the same flow works; jkipsec falls back to AES-CBC + HMAC.

## Architecture notes

- **Single server task** owns all IKE/ESP state. UDP readers, UDP writers,
  per-session outbound ESP encryptors, and the application code all
  communicate through lockless [`crossfire`](https://crates.io/crates/crossfire)
  channels - no `Arc<Mutex<...>>` on hot paths.
- **Per-session outbound ESP** runs in its own task, owning its keys and
  using `UdpSocket::send_to` directly. ESP fast-path therefore avoids any
  channel hop on send.
- **`EspTunnel` wraps `MAsyncRx` + `MTx`** to satisfy jktcp's `Sync`
  bound. The single `std::sync::Mutex` it holds is uncontended (only
  `poll_read` touches it) and exists solely to bridge the trait bound.
- **NAT-T**: detected automatically; iOS will float to UDP/4500 with the
  4-byte non-ESP marker. We bind both ports.
- **Split tunnel**: TSr in IKE_AUTH is narrowed to a `/32` for `gateway_ip`,
  so iOS only routes traffic destined for that single address through the
  tunnel - your gateway code is the only thing the device sees.

## Testing

```bash
cargo test           # unit tests + doctests
cargo clippy --all-targets
cargo run --example probe
```

22 unit tests cover the IKE parser, crypto primitives, ESP round-trips for
both suites, and an end-to-end IKE_SA_INIT round-trip against a captured iOS
packet.

## License

MIT - see [`LICENSE`](LICENSE).