Project

General

Profile

Actions

Regression #11564

closed

strongSwan configuration always contains user EAP/PSK values

Added by Viktor Gurov over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Viktor Gurov
Category:
IPsec
Target version:
Start date:
02/27/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

/var/etc/ipsec/swanctl.conf always contains users eap/psk keys:

...
secrets {
    ike-1 {
        secret = 0sMTIzNDU=
        id-0 = %any
        id-1 = pfuser1
    }
    eap-2 {
        secret = 0scGFzczEyMzQ1
        id-0 = eapuser1
    }
}

even if you don't have an IPsec Mobile entry or it's not set to EAP-MSChapv2/Mutual-PSK mode.

Actions

Also available in: Atom PDF