[Swan] xauthby=alwaysok discussion

Philippe Vouters philippe.vouters at laposte.net
Thu Mar 7 23:19:11 EET 2013 

Paul,

Something looks incorrect in your answer. One should not be able to get 
a user credentials even if in the same Wifi zone as the user credentials 
should be part of encrypted data whose encryption algorithm is 
negotiated between the two peers. As per my experience with IPSec, I 
have so far been unable to read my own credentials using Wireshark on 
the PC where I run the Shrew VPN client

Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 07/03/2013 21:49, Paul Wouters a écrit :
> On Thu, 7 Mar 2013, Philippe Vouters wrote:
>
>> How does Libreswan behave when 
>> http://en.wikipedia.org/wiki/IP_hijacking along with xauthby=alwaysok 
>> as well as a full copy of the Shrew VPN Client configuration files to 
>> take just Shrew VPN configuration files as an example
>
> If you have the full vpn configuration including all secrets, whether
> they are PSK secrets of RSA private keys, then you get in regardless
> of IP hijacking by using a cloned device. You will be racing against
> the real device, because you will disconnect each other. Yes, xauth is
> meant to protect against that. So it is useful. However, when using PSK,
> if you have the above information (full client vpn config) but not the
> XAUTH user/password, AND you are near the user in the same wifi zone,
> you can pretend to be the gateway and the user with authenticate to you,
> thereby losing their XAUTH credentials. If no "tokens" are used for
> XAUTH and only a static password, the attacker can go home and still
> login as you. If using token security, then the attacker can only abuse
> the existing IPsec connection when they MITM'ed you, likely keep it up
> for 8-24 hours.
>
> Almost all XAUTH configurations are either two-factor to prevent storage,
> or user/password stored on the computer/phone.
>
> As I wrote in the man page, xauthby=alwaysok should only be used in
> specific circumstances. For example when you need to use XAUTH/ModeConfig
> on embedded devices that need to bring up their tunnel without human
> interaction.
>
> For using XAUTH/ModeConfig on mobile phones with X509 certificates,
> there is no real benefit of xauthby=file, as the user/password will be
> stored on the phone anyway and will be available by the attacker of the
> device. If xauthby=pam is used, it is only adding security if two-factor
> authentication is used, forcing the user to enter their token every
> single time they use the VPN. This type of usage on phones, where the
> phone disconnects the VPN whenever the screen blancs (to save battery)
> or when you switch between wifi and 3G/LTE, makes entering the XAUTH
> token password unusable - people will simply not use the VPN.
>
> xauthby=alwaysok should never be used with PSK. And when X509 is used,
> it is very important that people who lose their device or who end up with
> a compromised phone, inform their IT department as soon as possible so
> the X509 certificate on their compromised phone can be disabled by a
> CRL update to the VPN server.
>
> The only relevance of IP hijacking in this context is the ability to
> inpersonate the VPN server when PSK (aka GroupSecret) is used.
>
> I hope this answers your concern regarding when one should, or should 
> not,
> use xauthby=alwaysok
>
> Paul
>

More information about the Swan mailing list