Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Danger of leaked PSK (password) in IPsec tunnel

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 895 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ricardojoserf
      last edited by

      Let us say I have a IPSEC tunnel between a Pfsense firewall and a Cisco firewall. In the Pfsense panel, when configuring a Site-to-site VPN between them, there is a PSK which is common in both ends, and other configuration options - the encryption algorithm is AES-256and hash is SHA1; the authentication method is mutual PSK.

      My question is related to the PSK or Pre-Shared key. What happens if it is a weak password? Can people create a second IPSEC tunnel with one of the both ends? Or is it just that people who sniffs traffic between the two endpoints in the connection can decrypt the packets? I ask because I see the message "This key should be long and random to protect the tunnel and its contents. A weak PSK can lead to a tunnel compromise"

      Let me know if more information is necessary

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The PSK could be used to decrypt traffic if someone can capture packets between the endpoints. A weak key, in theory, could be brute forced. There is a lot of info around about this on the web by people much more familiar with the crypto than I.

        The PSK could also be used by someone in the right position to MITM or intrude over the VPN, but depending on your settings they would likely have to be able to intercept and spoof addresses in between for that to happen. If you have loose/weak P1 settings (e.g. your remote is "any"/0.0.0.0.0 for example) then the danger is increased. As above, weak keys could be brute forced.

        Using certificates is much more secure, as is using strict P1 settings to ensure only specific remotes can connect.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.