[strongSwan] FW: Is that a security Issue?
michalle OY
michalle_oy at hotmail.com
Mon Sep 20 03:25:59 CEST 2010
--Forwarded Message Attachment--
From: michalle_oy at hotmail.com
To: dev at lists.strongswan.org
Subject: Is that a security Issue?
Date: Sun, 19 Sep 2010 08:19:18 +0000
Hi all,
I am a strongswan newbie. I recently implement a IPsec/Ikev2 and want to do the interoperibility test with
strongswan by Tunnel mode. The issue is that after the SA for tunnel mode established bewteen
my implemenationand and strongswan, my implementation use the vitrual IP (192.168.201.1) ping strongswan (192.168.200.2),
there will be a plain text of ICMP echo request (which decrypyt the orignial ESP packet from my implementation) in the network.
And this package was sent by strongswan. Is that a security issue, since it is dangerous to decryption the packet and send out it.
I have attached the test scenario, the ipsec.conf file and the packets captured by wireshark. I just give a sample base on the
IPv4 , the IPv6 has the same issue.
StrongSwan version: 4.2.4-5ubuntul
Thank
Michalle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100920/5c5e41fe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IKE Peer StrongSwan.doc
Type: application/msword
Size: 351744 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100920/5c5e41fe/attachment.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Inter-StrongSwan
Type: application/octet-stream
Size: 14829 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100920/5c5e41fe/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 776 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100920/5c5e41fe/attachment-0001.obj>
More information about the Users
mailing list