Danger of leaked PSK (password) in IPsec tunnel
-
Let us say I have a IPSEC tunnel between a Pfsense firewall and a Cisco firewall. In the Pfsense panel, when configuring a Site-to-site VPN between them, there is a PSK which is common in both ends, and other configuration options - the encryption algorithm is AES-256and hash is SHA1; the authentication method is mutual PSK.
My question is related to the PSK or Pre-Shared key. What happens if it is a weak password? Can people create a second IPSEC tunnel with one of the both ends? Or is it just that people who sniffs traffic between the two endpoints in the connection can decrypt the packets? I ask because I see the message "This key should be long and random to protect the tunnel and its contents. A weak PSK can lead to a tunnel compromise"
Let me know if more information is necessary
-
The PSK could be used to decrypt traffic if someone can capture packets between the endpoints. A weak key, in theory, could be brute forced. There is a lot of info around about this on the web by people much more familiar with the crypto than I.
The PSK could also be used by someone in the right position to MITM or intrude over the VPN, but depending on your settings they would likely have to be able to intercept and spoof addresses in between for that to happen. If you have loose/weak P1 settings (e.g. your remote is "any"/0.0.0.0.0 for example) then the danger is increased. As above, weak keys could be brute forced.
Using certificates is much more secure, as is using strict P1 settings to ensure only specific remotes can connect.
