[Swan] xauthby=alwaysok discussion
Philippe Vouters
philippe.vouters at laposte.net
Thu Mar 7 23:10:11 EET 2013
Dear Paul,
Your answer now satisfies me. I do think a special strong warning about
the use of xauthby=alwaysok should be made by someone in some public
document. xauthby=alwaysok does indeed break a two-level security
leaving the security to a one-level with information (PSK secret or RSA
keys) which can be copied by unauthorized. Would you volunteer to gather
up such a strong warning document ? In a document on Libreswan Web site ?
Regards,
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
Le 07/03/2013 21:49, Paul Wouters a écrit :
> On Thu, 7 Mar 2013, Philippe Vouters wrote:
>
>> How does Libreswan behave when
>> http://en.wikipedia.org/wiki/IP_hijacking along with xauthby=alwaysok
>> as well as a full copy of the Shrew VPN Client configuration files to
>> take just Shrew VPN configuration files as an example
>
> If you have the full vpn configuration including all secrets, whether
> they are PSK secrets of RSA private keys, then you get in regardless
> of IP hijacking by using a cloned device. You will be racing against
> the real device, because you will disconnect each other. Yes, xauth is
> meant to protect against that. So it is useful. However, when using PSK,
> if you have the above information (full client vpn config) but not the
> XAUTH user/password, AND you are near the user in the same wifi zone,
> you can pretend to be the gateway and the user with authenticate to you,
> thereby losing their XAUTH credentials. If no "tokens" are used for
> XAUTH and only a static password, the attacker can go home and still
> login as you. If using token security, then the attacker can only abuse
> the existing IPsec connection when they MITM'ed you, likely keep it up
> for 8-24 hours.
>
> Almost all XAUTH configurations are either two-factor to prevent storage,
> or user/password stored on the computer/phone.
>
> As I wrote in the man page, xauthby=alwaysok should only be used in
> specific circumstances. For example when you need to use XAUTH/ModeConfig
> on embedded devices that need to bring up their tunnel without human
> interaction.
>
> For using XAUTH/ModeConfig on mobile phones with X509 certificates,
> there is no real benefit of xauthby=file, as the user/password will be
> stored on the phone anyway and will be available by the attacker of the
> device. If xauthby=pam is used, it is only adding security if two-factor
> authentication is used, forcing the user to enter their token every
> single time they use the VPN. This type of usage on phones, where the
> phone disconnects the VPN whenever the screen blancs (to save battery)
> or when you switch between wifi and 3G/LTE, makes entering the XAUTH
> token password unusable - people will simply not use the VPN.
>
> xauthby=alwaysok should never be used with PSK. And when X509 is used,
> it is very important that people who lose their device or who end up with
> a compromised phone, inform their IT department as soon as possible so
> the X509 certificate on their compromised phone can be disabled by a
> CRL update to the VPN server.
>
> The only relevance of IP hijacking in this context is the ability to
> inpersonate the VPN server when PSK (aka GroupSecret) is used.
>
> I hope this answers your concern regarding when one should, or should
> not,
> use xauthby=alwaysok
>
> Paul
>
More information about the Swan
mailing list