[Openswan Users] NAT-T and PSK

Brian Candler B.Candler at pobox.com
Wed Apr 19 17:26:10 CEST 2006


On Wed, Apr 19, 2006 at 05:00:15PM +0200, Paul Wouters wrote:
> On Wed, 19 Apr 2006, Brian Candler wrote:
> 
> > > PSK security is partially based on the IP address. For NAT-T, this address
> > > changes. As a result you can only group the entire internet together in one
> > > PSK for "0.0.0.0/0", and all your clients need to know the same secret. The
> > > more clients, the more risk your secret is imposed to.
> >
> > Unless you use Aggressive Mode.
> 
> And use one connection per client? Otherwise you still need a group secret.

Either. Having multiple small groups reduces the risk you describe (i.e.
many people knowing the same secret). The limit of this is one secret per
person.

Some IPSEC implementations let you perform the IPSEC Identity to PSK
mapping in RADIUS: e.g.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fipsenc/scfike.htm#wp1008410

Even with a single shared secret, aggressive mode makes it easy to rotate
the PSK smoothly. The new key is associated with a new identity, so all the
users change to using the new identity and key. When the process is
complete, you retire the old one. In my opinion, the biggest problem with
Main Mode plus PSK and dynamic IPs is that it is too hard to change the
secret regularly, so nobody does.

Regards,

Brian.


More information about the Users mailing list