[Swan] xauthby=alwaysok discussion

Paul Wouters pwouters at redhat.com
Thu Mar 7 22:49:39 EET 2013 

On Thu, 7 Mar 2013, Philippe Vouters wrote:

> How does Libreswan behave when http://en.wikipedia.org/wiki/IP_hijacking 
> along with xauthby=alwaysok as well as a full copy of the Shrew VPN Client 
> configuration files to take just Shrew VPN configuration files as an example

If you have the full vpn configuration including all secrets, whether
they are PSK secrets of RSA private keys, then you get in regardless
of IP hijacking by using a cloned device. You will be racing against
the real device, because you will disconnect each other. Yes, xauth is
meant to protect against that. So it is useful. However, when using PSK,
if you have the above information (full client vpn config) but not the
XAUTH user/password, AND you are near the user in the same wifi zone,
you can pretend to be the gateway and the user with authenticate to you,
thereby losing their XAUTH credentials. If no "tokens" are used for
XAUTH and only a static password, the attacker can go home and still
login as you. If using token security, then the attacker can only abuse
the existing IPsec connection when they MITM'ed you, likely keep it up
for 8-24 hours.

Almost all XAUTH configurations are either two-factor to prevent storage,
or user/password stored on the computer/phone.

As I wrote in the man page, xauthby=alwaysok should only be used in
specific circumstances. For example when you need to use XAUTH/ModeConfig
on embedded devices that need to bring up their tunnel without human
interaction.

For using XAUTH/ModeConfig on mobile phones with X509 certificates,
there is no real benefit of xauthby=file, as the user/password will be
stored on the phone anyway and will be available by the attacker of the
device. If xauthby=pam is used, it is only adding security if two-factor
authentication is used, forcing the user to enter their token every
single time they use the VPN. This type of usage on phones, where the
phone disconnects the VPN whenever the screen blancs (to save battery)
or when you switch between wifi and 3G/LTE, makes entering the XAUTH
token password unusable - people will simply not use the VPN.

xauthby=alwaysok should never be used with PSK. And when X509 is used,
it is very important that people who lose their device or who end up with
a compromised phone, inform their IT department as soon as possible so
the X509 certificate on their compromised phone can be disabled by a
CRL update to the VPN server.

The only relevance of IP hijacking in this context is the ability to
inpersonate the VPN server when PSK (aka GroupSecret) is used.

I hope this answers your concern regarding when one should, or should not,
use xauthby=alwaysok

Paul

More information about the Swan mailing list