IPSEC Security
-
Hi Everyone,
Just a question about IPSEC security.
Since all IPSEC tunnels are firewalled using a single interface tab in the firewal rules ("IPSEC"), is there the possibility that a malicious remote endpoint could "spoof" the IP range of another another remote endpoint and get access to different hosts? Or would the "Local Network" parameter in the IPSEC configuration prevent this from happening?
Thanks
-
IPsec knows what IPs are allowed to originate from each tunnel internally. It's part of how IPsec operates (SAD/SPD tables)
If traffic comes over a tunnel that doesn't match the subnets defined for that tunnel, it's ignored/dropped.
-
That's good news then :)
-
Does the same thing hold if the remote endpoint was compramised? Let's say a malicious user changed the "local subnet" field in the ipsec config, would my pfsense box still stop the traffic as my ipsec config would have a mismatched "remote subnet"?
Thanks
-
(a) if your firewall is compromised you have a lot more problems than someone messing with IPsec
(b) the subnets are defined on both sides, and they both have to agree. A tunnel will not fully negotiate unless all of these settings match.
-
Thanks jimp.
I'm worried about the remote pfsense firewall being compramised (not owned by me). Mine is safe and sound :)
-
If they can control that firewall, they could just re-route the IPs of your current tunnel however they like. As I said, you have more problems than just changing a subnet. :-)
-
Hi jimp,
Yup I fully understand :)
What I'm trying to prevent, is that compramised remote endpoint gaining access to some of my hosts that only other IPSEC tunnels have access to. It boils down to the fact that IPSEC is firewalled by one interface, and all filtering is done by IP. But if you say that it's impossible to pass traffic for a different subnet than a tunnel is configured for, unless both end agree to it, I guess this is safe enough (As my box would need compramised as well).
Thanks
