[strongSwan] Is there a possiblity of MITM in this configuration?

RA ss17 at fea.st
Thu Oct 19 17:24:57 CEST 2017


I really needed an efficient & secure way to use the native Android
client to connect to my Strongswan VPN server.  After ruling out all
L2TP and PSK options, I was left with:

IPSec Hybrid RSA

Out of these I am more interested in the latter as it does not require a
user certificate (installing which has been troublesome in my exp.). The
Hybrid mode allows to check a server using a installed custom CA. But I
don't want to install to a custom CA into android as that shows a
permanent security notification/warning. Secondly I don't understand WHY
Android DOESN'T use the system CAs for IPSec. Without that I just cannot
use a public CA like Letsencrypt or any other certificate on the server,
the CA for which is already in system trust store of Android. The hybrid
modes give me these two configurables:

IPSec CA certificate: A drop-down which has "(don't verify server)" as
default along with a list of custom CAs installed (none in my case)
IPSec server certificate: A drop-down which has "(received from server)"
as default along with a list of custom certs installed.

Leaving both of these to their default selection makes the VPN connect
to server w/o any verification. Any certificate presented by the IPSec
server is accepted by Android. Best scenario for MITM I guess.

Now if I install the "server.pem" (leftcert=server.pem on Strongswan
server) into Android and select that under "IPSec server certificate",
it connects only if the VPN server presents server.pem. Is there a
possibility that a faker can also present server.pem (w/o having its
private key) and MITM the connection?

Thanks in advance for any insights and help.

More information about the Users mailing list