[Swan] Is it possible to not be strict with rightid?

Paul Wouters paul at nohats.ca
Mon Apr 30 16:13:13 UTC 2018 

On Thu, 26 Apr 2018, Xinwei Hong wrote:

> Thank you Paul.So, seems it cannot be more tolerant if right !=%any. Right?

Do you understand that making it more tolerant is a security issue?

Image a cloud with web.example, mail.example.com and client.example.com.
All have certificates.

Now web.example.com gets compromised. It takes over the IP of
mail.example.com. Now when client.example.com connects to the IP
of mail.example.com, and the compromised web.example.come uses
the ID of mail.example.com. Then when it comes time to present a
valid certificate, since it does not have the cert for mail, it
will present its own web.example.com certificate. This cert is
valid and verifies properly. And now the client will send email
to the compromised web server.

This is why there is a restriction so that the ID presented during
an IKE exchange, when using certificates, MUST be present as an ID
(either CN= or subjectAltName) in the certificate it will use.

When doing authby=secret this restriction does not apply, since there
are no certificates in place and both parties can decide on whatever
strings they like.

> In our case, we do provide both left and right with specific IP. 

Note there is a difference between right/left and rightid/leftid

You can still use:

 	left=1.2.3.4
 	right=5.6.7.8
 	authby=secret
 	leftid=@server
 	rightid=@remoteusers

In this case, the right ID tend to be called "group ID" since every
client in this group will use the same ID (and the same secret/PSK)

Paul

> Thanks,
> Xinwei
> 
> 
> On Thu, Apr 26, 2018 at 2:01 PM, Paul Wouters <paul at nohats.ca> wrote:
>       On Thu, 26 Apr 2018, Xinwei Hong wrote:
>
>             Currently, 'rightid' is default to 'left'. However, a lot of time the remote peer software cannot send
>             out correct rightid (e.g. internal private IP
>             was used). When we were using racoon, racoon seems to be more tolerant and works OK when rightid
>             mismatches. With pluto, we would have to specific
>             rightid= whatever the other end sends. Is there a global switch that we can turn libreswan to have
>             similar behavior as racoon, i.e. be more tolerant
>             with rightid?
> 
>
>       We already did that when specifying right=%any and authby=secret. We
>       know this really means a "group PSK" where ID of IP makes no sense.
>
>       But that code is post 3.23 so please try either a pre-release from
>       download.libreswan.org/development/ or wait a couple of days for 3.24 ?
>
>       Paul
> 
> 
> 
>

More information about the Swan mailing list