OPNsense Forum

English Forums => Development and Code Review => Topic started by: mikejuni on August 03, 2016, 04:18:50 am

Title: IPSec recommendations
Post by: mikejuni on August 03, 2016, 04:18:50 am: Hi I've opened a couple of github issue tickets on the following, which I believe are something worthwhile to do:

1. Strongswan IPSEC charon reduction of privilege -
After startup, charon have an option to reduce its privilege from root to some unprivileged users while still working properly. This should be done in the system because if someone finds an vulnerability in charon at the moment, they could issue a remote exploit and gain root privilege via port 500 / 4500 which charon needs to opened up to listen to IKE messages.

2. IKEv2 mobile clients
Strongswan also supports IKEv2 mobile clients, in fact the support had been well documented and works through Windows, Apple iOS, macOS and Android (via strongswan). It would be great to have these support build in.
Title: Re: IPSec recommendations
Post by: franco on August 03, 2016, 07:53:46 am: Hi,

I've added feedback on both issues. Let's discuss them where they were opened, then bring our conclusions here to avoid bouncing. :)

Cheers,
Franco

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy