Collaborate Disseminate
My guess is that with IPSec/IKEv1, since it doesn’t support NAT, you either have to manually configure routes from your machine, or use a layer 2 tunnel (such as l2tp) to talk with devices on the network you’re connecting to…. Continue reading Why doesn’t IKEv2 use L2TP?
I’m learning about IPSec at the moment. Unfortunately there’s a few roadblocks to my understanding:
I’ve made a lot of progress, but I’m sure I don’t understand some things completely since I can’t answer these questions:
If you can help me fill in the gap/s on why this is the case.
IPSec vs L2TP question 1 – in my opinion not answered: What’s are the advantages of L2TP/IPSEC over plain IPSEC?
IPSec vs L2TP question 2 – in my opinion not answered: why use L2TP/IPsec insted of just IPsec
NordVPN on the value of IKEv2 (touches on L2TP): https://nordvpn.com/blog/ikev2ipsec/
Cisco Next-Generation Encryption (NGE): https://www.cisco.com/c/en/us/about/security-center/next-generation-cryptography.html
Juniper docs on IPSec and IKE: https://www.juniper.net/documentation/en_US/junos/topics/concept/vpn-security-overview.html
Article on IPSec: https://cromwell-intl.com/networking/what-is-ipsec.html
Continue reading Understanding IPSec, L2TP, IKEv1, and IKEv2
I have read many comparisons of IPsec Transport vs. Tunnel mode, and there is a clear understanding that when two gateways are exchanging routed traffic they should use Tunnel mode. In other words, Transport mode should be us… Continue reading How to use IPsec Transport mode between two gateways
A team of researchers has found vulnerabilities in implementations of the Internet Key Exchange version 1 (IKEv1) protocol in firewalls and other networking gear that support IPsec VPN tunnels. If exploited, the flaw can allow attackers to bypass auth… Continue reading IKEv1 Vulnerabilities Break IPsec VPN Security in Cisco, Huawei, ZyXEL Gear
The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions. Continue reading Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw
I am looking for a deep down technical explanation of how it works.
My understanding is its an SSL VPN and works as follows:
– Anyconnect creates a TLS session to the configured remote servers, authenticate the user and fet… Continue reading How does Cisco Anyconnect VPN work?
There is a WiFi network that I regularly use, and it seems to be blocking all VPN traffic other than IKEv2. I tested this by downloading many of the free/freemium VPN apps from the Google Play Store on my phone. Only apps that use IKEv2 wo… Continue reading Differentiating between IKEv2 and OpenVPN Traffic
I’m working on an application that will have access to API keys supplied by our users. The application makes API calls on behalf of our users.
The API we’re using allows users to whitelist IP addresses that can use their API… Continue reading Is IP address whitelisting useful if the IP address is not “secret”?
The strongSwan FAQ states:
NAT-Traversal with IPsec transport mode has some inherent security risks.
What kind of security risks is the documentation referring to?
(links to other resources are welcome too)
Continue reading IPsec Transport Mode NAT Traversal Security Risks
Why is rekeying after a certain period of time, or after a certain volume of data transfer, often implemented in modern secure transport protocols such as ESP or TLS?
What are the security risks of using a symmetric key for … Continue reading Why rekey long-lived connections?