Mike Tancsa wrote this message on Fri, Aug 10, 2018 at 16:44 -0400:
> On 8/9/2018 4:11 PM, David P. Discher wrote:
> > [ pts/0 sjc2 util201:~ ]
> > [ dpd ] > sudo setkey -D
> > Password:
> > 10.245.0.201 10.245.0.202
> > esp mode=tunnel spi=60080461(0x0394c14d) reqid=12(0x0000000c)
> > E: rijndael-cbc xxxx
> ^^^^^^^^ ^^^^^^^^ ^^^^^^^^ ^^^^^^^^
>
> BTW, if you use a static psk, does not the above line essentially give
> someone with access to the ESP traffic a way to decode your traffic ?
Yes, this does... And the A: line gives you the ability to spoof
packets as well...
Hopefully there wasn't any important data encrypted w/ that key...
Always X those out...
> > A: hmac-sha2-256 xxx
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
