Project

General

Profile

Actions

Regression #11564

closed

strongSwan configuration always contains user EAP/PSK values

Added by Viktor Gurov about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
02/27/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

/var/etc/ipsec/swanctl.conf always contains users eap/psk keys:

...
secrets {
    ike-1 {
        secret = 0sMTIzNDU=
        id-0 = %any
        id-1 = pfuser1
    }
    eap-2 {
        secret = 0scGFzczEyMzQ1
        id-0 = eapuser1
    }
}

even if you don't have an IPsec Mobile entry or it's not set to EAP-MSChapv2/Mutual-PSK mode.

Actions #2

Updated by Jim Pingle about 1 year ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next

The pre-shared key tab entries have uses with site-to-site tunnels they aren't solely for mobile setups.

EAP entries could be skipped if there is nothing using EAP-MSCHAPv2, and PSK entries on users can be skipped if mobile IPsec isn't using PSKs, but the PSK tab entries should always be included.

Though really it's harmless to include the secrets like this even if they aren't being actively used, it is nicer to leave them out.

Actions #3

Updated by Renato Botelho about 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #4

Updated by Jim Pingle about 1 year ago

  • Target version changed from CE-Next to 2.6.0
Actions #5

Updated by Jim Pingle about 1 year ago

  • Plus Target Version set to 21.05
Actions #6

Updated by Jim Pingle about 1 year ago

Already in 21.05 branch.

Actions #7

Updated by Jim Pingle about 1 year ago

  • Subject changed from swanctl always contains users eap/psk keys to strongSwan configuration always contains user EAP/PSK values

Updating subject for release notes.

Actions #8

Updated by Jim Pingle 12 months ago

  • Target version changed from 2.6.0 to 2.5.2
Actions #9

Updated by Jim Pingle 12 months ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF