ike – Page 2 – WindowsTechs.com

Why does IKE have two phases?

Posted on December 30, 2020 by Paul Draper

Why does have IKE have two phases, two levels of security associations, two sets of authentication and encryption algorithms, two sets of options around lifetimes and renogiations?
It seems duplicative.
AFAIK OpenVPN doesn’t have two diffe… Continue reading Why does IKE have two phases?→

Why does IKE have two phases?

Posted on December 30, 2020 by Paul Draper

What does it mean that Ikev1 (IPSec) protects peer identities in main mode?

Posted on December 5, 2020 by hehehe

Does it mean that the source IP is replaced with something else (like if in IP spoofing) so intermediate routers don’t know who is sending the packet?

Continue reading What does it mean that Ikev1 (IPSec) protects peer identities in main mode?→

Difference between IKEv1 and IKEv2?

Posted on October 21, 2020 by KingsNeverDie

Can someone tell me the difference between IKEv1 and IKEv2 in terms of security functionality?
Wherever I refer it was mentioned as IKEv1 has 9 messages while IKEv2 has 4 messages, IKEv2 has less RTT etc. But how has the security been enha… Continue reading Difference between IKEv1 and IKEv2?→

Windows 10 IPSec VPN not respecting configured parameters (notably: encryption method)

Posted on October 1, 2020 by Binarus

I am currently trying to establish a VPN connection from my Windows 10 Enterprise 1909 to a remote VPN gateway, using the built-in Windows VPN / IPSec client. Since the UI does not provide all options I need, I have created and fine-tuned … Continue reading Windows 10 IPSec VPN not respecting configured parameters (notably: encryption method)→

How does IKEv2 work on Android without raw sockets

Posted on June 18, 2020 by Siddharth Kamaria

I was exploring the IKEv2 StrongSwan client implementation for Android. What I fail to understand is that Android and Java do not support raw sockets, whilst the IKEv2/IPSec works below the transport layer, which seems counter-intuitive. H… Continue reading How does IKEv2 work on Android without raw sockets→

How to properly use FakeIKEd (fiked) tool (IPSec attack)

Posted on April 5, 2020 by Maray97

I’m studying IKEv1+XAUTH+Aggressive vulnerabilities and I’ve found the fiked tool that knowing preshared and group id can steal user credentials.
I’m trying to use this tool, but it doesn’t work and I can’t explain why.
This is my setup:

… Continue reading How to properly use FakeIKEd (fiked) tool (IPSec attack)→

VPN on Virtual Machine pentest lab setup

Posted on March 30, 2020 by Maray97

I’m trying to setup an Ikev1 XAUTH lab in order to test some attacks (in particular the aggressive mode and Fake Ike attack).

I have three virtual machines:
-A Fedora 31 machine running this container https://github.com/hwdsl2/docke… Continue reading VPN on Virtual Machine pentest lab setup→

Why is the Diffie-Hellman exchange not enough to authenticate the communication partners in IKE_SA_INIT?

Posted on December 14, 2019 by thestruggleisreal

The IKE_SA_INIT does create a key seed SKEYSEED from the Diffie-Hellman values and nonces. Since the exchange does sharing the secret between the communication partners, I do not understand why it is not enough for authentication.

Continue reading Why is the Diffie-Hellman exchange not enough to authenticate the communication partners in IKE_SA_INIT?→

Does Juniper have an equivalent of ‘show security pki local-certificate’ for remote certificates? [migrated]

Posted on November 30, 2019 by Ben Aveling

On a Juniper Firewall, the command show security pki local-certificate will give all sorts of detail for a local certificate. (The sort of certificate you would use to stand up an IKE connection)

My question is, is there an… Continue reading Does Juniper have an equivalent of ‘show security pki local-certificate’ for remote certificates? [migrated]→