[strongSwan] Is a trusted man in the middle possible with ipsec ike v2 tunnel mode?

Bob W bob.news at non-elite.com
Mon Apr 21 18:41:34 CEST 2014


Hi all,

  please redirect me to a better list if this is not the right place to
ask the question.

Does anyone know of a product which would allow me to sit on the ip
links in bridge mode(using Linux) and become a "Trusted" man in the
middle?  Is it even possibly to be a Trusted man in the middle of an
ipsec connection if you know the pass phases, configurations, etc that
are configured in the gateway.

   By trusted, I mean that the linux box would be operated by the same
folks managing the IPsec connections, so there would be access to the
pass phrases, configurations, etc. of the security gateway.

I need access to the ip traffic which is using ipsec ike v2 tunnel mode.
 I dont want to have to reconfigure the network.  I know that Wireshark
can do some of this, for example in the ESP protocol settings.

What information would be needed from the Security gateway specifically
to be able to accomplish something like this? Can the ike v2 messaging
be watched constantly to see the negotiated pass phases that are used to
encrypt the tunnel packets?


sorry, i'm a bit new to the IPsec stuff, so please excuse the newbie.


thanks

Bob


More information about the Users mailing list