ipsec – Page 3 – WindowsTechs.com

firewalld: Block non-ESP packets on interface in GNU/Linux similar to OpenBSD

Posted on October 16, 2021 by gecko

I am trying to "enforce" IPSec (StrongSwan) traffic on openSUSE.
On OpenBSD, with the IKE daemon iked and the packet filter pf, I employ a ruleset like the following, to ensure only encapsulated traffic passes the interface, prac… Continue reading firewalld: Block non-ESP packets on interface in GNU/Linux similar to OpenBSD→

firewalld: Block non-ESP packets on interface in GNU/Linux similar to OpenBSD

Posted on October 16, 2021 by gecko

Trying to understand transport-mode IPSec and VPNs

Posted on October 10, 2021 by Sabuncu

Disclaimer: My understanding of the types of VPNs and IPSec is limited.
What I am struggling to understand is the fact that the IP header is not encrypted in transport-mode IPSec.
My understanding of VPNs: There is a well-known VPN server,… Continue reading Trying to understand transport-mode IPSec and VPNs→

FortiEMS: problem of unlicensed endpoint without uninstall and install forticlient [closed]

Posted on August 5, 2021 by tester2020

We have a problem with the forticlient These last week many of our endpoints lose their licenses, we have to uninstall and reinstall the agent on the endpoint to reactivate the license.
I want to know what are the best solutions to correct… Continue reading FortiEMS: problem of unlicensed endpoint without uninstall and install forticlient [closed]→

Reasonable VPN authentication token timeout [closed]

Posted on August 2, 2021 by haxogen

When operating remote work roadwarrior VPN connections the world has changed in the last two years.
Now I am operating a Client-to-Site portal with around 600 permanently connected users and we have strongly invested into robustness and se… Continue reading Reasonable VPN authentication token timeout [closed]→

What is the role of a CA server in a PKI?

Posted on July 10, 2021 by RRHS

I’m confused how the CA server helps with the digital signature and the PKI workflow. Here’s an example topology:
A and B are the 2 devices using PKI to authenticate each other for VPN, and then there is a CA server (will refer to it as CA… Continue reading What is the role of a CA server in a PKI?→

What’s the significance of including port number in IPsec ESP mode?

Posted on July 8, 2021 by tarun14110

In the AH mode for IPsec, we include the IP header to ensure data origin authentication, and in the ESP, we exclude the IP header.

what are the security properties we lose by not authenticating the IP address in the ESP mode?
What securit… Continue reading What’s the significance of including port number in IPsec ESP mode?→

IPsec IkeV2 tunnels won’t come up on GNS3 [migrated]

Posted on May 25, 2021 by Nerdy01

I have been through the process of setting up IPsec tunnels twice now and both times have failed. I am unsure what the issue is as following tutorials online, they claim everything should work.
I have two networks, one on the 192.168.1.0 r… Continue reading IPsec IkeV2 tunnels won’t come up on GNS3 [migrated]→

IPSec MTU DDos attack

Posted on April 26, 2021 by Kuze

I have this configuration:
HOST-A <—> GAT-A <—> MiTM <—> GAT-B <—> HOST-B

I’m doing a security project on MTU-IPsec vulnerabilities and following this guide of Hal-Inria, I’m able to inject a packet to the … Continue reading IPSec MTU DDos attack→

Should users have access to the IPsec pre-shared key?

Posted on March 9, 2021 by Wouter

We are in the process of switching from Hamachi to Meraki VPN by Cisco. Hamachi was managed internally, but this new VPN solution is managed by an external party and they have set it up as L2TP/IPsec with a pre-shared key and authenticatio… Continue reading Should users have access to the IPsec pre-shared key?→