Mike Tancsa wrote this message on Fri, Aug 10, 2018 at 16:44 -0400: > On 8/9/2018 4:11 PM, David P. Discher wrote: > > [ pts/0 sjc2 util201:~ ] > > [ dpd ] > sudo setkey -D > > Password: > > 10.245.0.201 10.245.0.202 > > esp mode=tunnel spi=60080461(0x0394c14d) reqid=12(0x0000000c) > > E: rijndael-cbc xxxx > ^^^^^^^^ ^^^^^^^^ ^^^^^^^^ ^^^^^^^^ > > BTW, if you use a static psk, does not the above line essentially give > someone with access to the ESP traffic a way to decode your traffic ?
Yes, this does... And the A: line gives you the ability to spoof packets as well... Hopefully there wasn't any important data encrypted w/ that key... Always X those out... > > A: hmac-sha2-256 xxx -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"