Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
IPSec recommendations
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSec recommendations (Read 4056 times)
mikejuni
Newbie
Posts: 1
Karma: 0
IPSec recommendations
«
on:
August 03, 2016, 04:18:50 am »
Hi I've opened a couple of github issue tickets on the following, which I believe are something worthwhile to do:
1. Strongswan IPSEC charon reduction of privilege -
After startup, charon have an option to reduce its privilege from root to some unprivileged users while still working properly. This should be done in the system because if someone finds an vulnerability in charon at the moment, they could issue a remote exploit and gain root privilege via port 500 / 4500 which charon needs to opened up to listen to IKE messages.
2. IKEv2 mobile clients
Strongswan also supports IKEv2 mobile clients, in fact the support had been well documented and works through Windows, Apple iOS, macOS and Android (via strongswan). It would be great to have these support build in.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: IPSec recommendations
«
Reply #1 on:
August 03, 2016, 07:53:46 am »
Hi,
I've added feedback on both issues. Let's discuss them where they were opened, then bring our conclusions here to avoid bouncing.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
IPSec recommendations