Project

General

Profile

Actions

Regression #11564

closed

strongSwan configuration always contains user EAP/PSK values

Added by Viktor Gurov over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
02/27/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

/var/etc/ipsec/swanctl.conf always contains users eap/psk keys:

...
secrets {
    ike-1 {
        secret = 0sMTIzNDU=
        id-0 = %any
        id-1 = pfuser1
    }
    eap-2 {
        secret = 0scGFzczEyMzQ1
        id-0 = eapuser1
    }
}

even if you don't have an IPsec Mobile entry or it's not set to EAP-MSChapv2/Mutual-PSK mode.

Actions #2

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Pull Request Review
  • Target version set to CE-Next

The pre-shared key tab entries have uses with site-to-site tunnels they aren't solely for mobile setups.

EAP entries could be skipped if there is nothing using EAP-MSCHAPv2, and PSK entries on users can be skipped if mobile IPsec isn't using PSKs, but the PSK tab entries should always be included.

Though really it's harmless to include the secrets like this even if they aren't being actively used, it is nicer to leave them out.

Actions #3

Updated by Renato Botelho over 3 years ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Viktor Gurov

PR has been merged. Thanks!

Actions #4

Updated by Jim Pingle over 3 years ago

  • Target version changed from CE-Next to 2.6.0
Actions #5

Updated by Jim Pingle over 3 years ago

  • Plus Target Version set to 21.05
Actions #6

Updated by Jim Pingle over 3 years ago

Already in 21.05 branch.

Actions #7

Updated by Jim Pingle over 3 years ago

  • Subject changed from swanctl always contains users eap/psk keys to strongSwan configuration always contains user EAP/PSK values

Updating subject for release notes.

Actions #8

Updated by Jim Pingle over 3 years ago

  • Target version changed from 2.6.0 to 2.5.2
Actions #9

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF