You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Security issues have been observed in case multiple IPsec connections are configured. It is not an issue of strongswan itself rather than an issue of configuring IPsec connections via the webgui. The problem is that there is not a one-to-one-mapping of webgui elements to important configuration parameters.
Authentication: In some cases it is not possible to define the trust anchor of (roadwarrior) IPsec connections. This results in a missing configuration parameter (e.g. rightca) in the config file and strongswan threats all available certificate authorities as valid for a specific connection. In this case a valid user of an IPsec connection can switch to another one and possibly elevate access rights.
Regarding the following selectable authentication methods in the webgui there is no possibility to select an appropriate trust anchor: Example: Hybrid RSA + Xauth, Mutual RSA + EAP-MSCHAPv2 etc.
Instead of choosing a CA for remote endpoint authentication Opnsense should alternatively allow selecting a specific remote endpoint certificate.
Last known working Opnsense version: n/a
To Reproduce
Steps to reproduce the behavior:
Go to 'VPN -> IPsec -> Tunnel Settings'
Click on 'new phase 1 entry (or edit an exisiting one)'
Traverse all certificate related authentication schemes (IKEv1/v2 and peer-to-peer/mobile connections) and check whether a CA (or specific certificate) for remote endpoint authentication is configurable.
Compare configuration to the config file '/usr/local/etc/ipsec.conf"
Expected behavior
Configuration of a CA or a specific certificate has to be mandatory for remote endpoint in case any certificate based authentication scheme is selected.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
Security issues have been observed in case multiple IPsec connections are configured. It is not an issue of strongswan itself rather than an issue of configuring IPsec connections via the webgui. The problem is that there is not a one-to-one-mapping of webgui elements to important configuration parameters.
Authentication: In some cases it is not possible to define the trust anchor of (roadwarrior) IPsec connections. This results in a missing configuration parameter (e.g. rightca) in the config file and strongswan threats all available certificate authorities as valid for a specific connection. In this case a valid user of an IPsec connection can switch to another one and possibly elevate access rights.
Last known working Opnsense version: n/a
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The text was updated successfully, but these errors were encountered: