1
Development and Code Review / IPSec recommendations
« on: August 03, 2016, 04:18:50 am »
Hi I've opened a couple of github issue tickets on the following, which I believe are something worthwhile to do:
1. Strongswan IPSEC charon reduction of privilege -
After startup, charon have an option to reduce its privilege from root to some unprivileged users while still working properly. This should be done in the system because if someone finds an vulnerability in charon at the moment, they could issue a remote exploit and gain root privilege via port 500 / 4500 which charon needs to opened up to listen to IKE messages.
2. IKEv2 mobile clients
Strongswan also supports IKEv2 mobile clients, in fact the support had been well documented and works through Windows, Apple iOS, macOS and Android (via strongswan). It would be great to have these support build in.
1. Strongswan IPSEC charon reduction of privilege -
After startup, charon have an option to reduce its privilege from root to some unprivileged users while still working properly. This should be done in the system because if someone finds an vulnerability in charon at the moment, they could issue a remote exploit and gain root privilege via port 500 / 4500 which charon needs to opened up to listen to IKE messages.
2. IKEv2 mobile clients
Strongswan also supports IKEv2 mobile clients, in fact the support had been well documented and works through Windows, Apple iOS, macOS and Android (via strongswan). It would be great to have these support build in.