[strongSwan] Is a trusted man in the middle possible with ipsec ike v2 tunnel mode?
noel at familie-kuntze.de
Mon Apr 21 19:11:08 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
What I forgot to mention: You need to actively impersonate a peer, because the keys are negotiated over DH with an identity proof (See RFC4 306).
That means you need the secrets of your side.
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 21.04.2014 18:41, schrieb Bob W:
> Hi all,
> please redirect me to a better list if this is not the right place to
> ask the question.
> Does anyone know of a product which would allow me to sit on the ip
> links in bridge mode(using Linux) and become a "Trusted" man in the
> middle? Is it even possibly to be a Trusted man in the middle of an
> ipsec connection if you know the pass phases, configurations, etc that
> are configured in the gateway.
> By trusted, I mean that the linux box would be operated by the same
> folks managing the IPsec connections, so there would be access to the
> pass phrases, configurations, etc. of the security gateway.
> I need access to the ip traffic which is using ipsec ike v2 tunnel mode.
> I dont want to have to reconfigure the network. I know that Wireshark
> can do some of this, for example in the ESP protocol settings.
> What information would be needed from the Security gateway specifically
> to be able to accomplish something like this? Can the ike v2 messaging
> be watched constantly to see the negotiated pass phases that are used to
> encrypt the tunnel packets?
> sorry, i'm a bit new to the IPsec stuff, so please excuse the newbie.
> Users mailing list
> Users at lists.strongswan.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Users