FG Config

FortiGate # show vpn ipsec phase1-interface BIA

config vpn ipsec phase1-interface

 edit "BIA"

 set interface "wan1"

 set ike-version 2

 set local-gw LocalIP

 set authmethod signature

 set peertype any

 set proposal aes256-sha256

 set dpd disable

 set dhgrp 21

 set nattraversal disable

 set remote-gw RemoteIP

 set certificate "VPN3"

 next

end

FortiGate # show vpn ipsec phase2-interface BIA

config vpn ipsec phase2-interface

 edit "BIA"

 set phase1name "BIA"

 set proposal aes256-sha256

 set dhgrp 21

 set src-addr-type name

 set dst-addr-type name

 set keylifeseconds 28800

 set src-name "local_10.254.211.0"

 set dst-name "BIA_Remote"

 next

end

And still I  get signature verification Failed.

VPN3 (Local Certificate) and Remote Certificate are both signed by same CA.

Certificates have CN=Local/RemoteIP

  X509v3 Extended Key Usage:                 TLS Web Client Authentication, ipsec Internet Key Exchange  X509v3 Key Usage: critical                 Digital Signature, Key Encipherment, Data Encipherment

Manual verification of CA and certificates is ok.

Can anyone give me any tip what`s going on?

PSK works fine so it`s not a problem of Policies.

I am having this same problem. Did you ever find out what is happening? It makes absolutely no sense that "certificate validation" is successful but "signature validation" is not.

Everything is the same as your setup; IKEv2, certificates verify properly but "signature" validation fails, with no indication as to why. If I switch to using IKEv1, the connection comes up fine, so it is just a problem with IKEv2.

Anyone at Fortinet around?????

Here's what I did 

http://socpuppet.blogspot.com/2018/06/ncp-vpnclient-ikev2-with-fortios-v60.html

I use the  subject "field"  and set mandatory ca verify to disable 

Ken 

emnoc wrote:

Here's what I did 

 

http://socpuppet.blogspot.com/2018/06/ncp-vpnclient-ikev2-with-fortios-v60.html

 

I use the  subject "field"  and set mandatory ca verify to disable 

 

Ken 

I did "conf user peer", edited the peer for the remote site, did "set mandatory-ca-verify disable" and "set subject my.domain.com" (which is the exact and only value in the certificate subject name of the peer). I still receive the same error, "signature verification failed". Note that I receive the same error whether the other end is an identical Fortigate device or not - I get the same error when the other end is an ASA.

I really think it's a bug, since changing to IKEv1 (and changing NOTHING ELSE) fixes the problem. The certs are fine.

Regards of if it's RA or S2S the peer concept is the same in both types

To clarify the following;

I`ve imported Certificate via GUI and whole Chain by which this certificate is signeg (Internal CA).

So you imported the CA_Cert into  local and remote firewalls and imported  both the certificates ( end_users )  into both  fortigates?

I just look at a FGT60D to  FGT80C and we have the same setup with certificates installed for both FGT signed by a external CA. So in mine we have a chain-depth of  CA and FGT1 & FGT2  and in each FGT we imported the CA along with the certificates.

That and as long as you select the certificates for the local and peer, you should be good. I do not see the peer-certificate selected in your  cfg dump which seems strange.

Can you double check for 

config vpn  phase1-interface 

    edit < blah >

       set peer  < peer_named_cert>

    end

Ken Felix

APologies for the delay. Yes, I have exactly what you describe there. Here is the "conf vpn ipsec phase1-interface":

config vpn ipsec phase1-interface     edit "1176"         set type ddns         set interface "wan"         set ike-version 2         set keylife 28800         set authmethod signature         set proposal aes256-sha256 aes256-sha1         set localid-type asn1dn         set dpd disable         set comments "VPN: 1176 (Created by VPN wizard)"         set nattraversal forced         set remotegw-ddns "1176.pLAN9.co"         set certificate "FLA_req"         set peer "1176_peer"     next

Here is the show user peer:

config user peer     edit "1176_peer"

        set mandatory-ca-verify disable         set ca "CA_Cert_1"

        set cn "1176.pLAN9.co"     next

And "CA_Cert_1" is my CA. The CN of the other side is "CN=1176.pLAN9.co". I have tried adding the "CN=" part to the "set cn" value, and have also tried removing the "set cn" value (on IKEv1 I never had to set this value at all, nor did I have to set the "mandatory-ca-verify" option. It worked fine without these.).

Here is the debug log of a failure:

ike 0:1176:101832: initiator received AUTH msg ike 0:1176:101832: received peer identifier DER_ASN1_DN 'CN = 1176.pLAN9.co' ike 0:1176:101832: Validating X.509 certificate ike 0:1176:101832: peer cert, subject='1176.pLAN9.co', issuer='pLAN9 CA 2019-2021' ike 0:1176:101832: peer ID verified ike 0:1176:101832: building fnbam peer candidate list ike 0:1176:101832: FNBAM_GROUP_NAME candidate '1176_peer' ike 0:1176:101832: certificate validation pending ike 0:1176:101832: certificate validation complete ike 0:1176:101832: certificate validation succeeded ike 0:1176:101832: signature verification failed  

I really have no idea why it's failing - Everything looks right (as is typical with most VPN problems I encounter).

I'm probably just going to stay with IKEv1 if I can't get this to work, since IKEv1 already works with the same setup.... IKEv2 doesn't really offer much benefit in S2S setups anyway.

So I finally found the incredibly stupid and insecure solution to this: use SHA1 for the hashing algortithm in Phase 1 and Phase 2. Doing this (and making no other changes to the above config) causes the tunnel to come up without issue.

This is a pretty crap situation; I am forced to use a broken and insecure algorithm in order for the device to even function at all in a IKEv2 cert-based VPN. And this is a "security" device??

I've got a somewhat similar setup with 5.6.8, IKEv2 with certs, etc. and am not using or allowing SHA1.

I think something else must be going on with your setup.