Debian Bug report logs -
#578595
network-manager-strongswan: PSK support
Reported by: Paul Wise <pabs@debian.org>
Date: Wed, 21 Apr 2010 06:30:01 UTC
Severity: wishlist
Tags: fixed-upstream, wontfix
Fixed in version 1.3.1-2
Done: Harald Dunkel <harri@afaics.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Martin Willi <martin@strongswan.org>:
Bug#578595; Package network-manager-strongswan.
(Wed, 21 Apr 2010 06:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Wise <pabs@debian.org>:
New Bug report received and forwarded. Copy sent to Martin Willi <martin@strongswan.org>.
(Wed, 21 Apr 2010 06:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: network-manager-strongswan
Severity: wishlist
It would be great if the strongswan NM plugin could support
authentication via PSK.
I need this in two situations:
Connecting to a customer's VPN. I have no say in the choice of PSK for
authentication.
Connecting to the test VPN I'm setting up for someone else. I got PSK
working but haven't yet had time to convert it to X.509 certificates.
--
bye,
pabs
http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Martin Willi <martin@strongswan.org>:
You have taken responsibility.
(Wed, 21 Apr 2010 09:03:07 GMT) (full text, mbox, link).
Notification sent
to Paul Wise <pabs@debian.org>:
Bug acknowledged by developer.
(Wed, 21 Apr 2010 09:03:07 GMT) (full text, mbox, link).
Message #10 received at 578595-done@bugs.debian.org (full text, mbox, reply):
Hi Paul,
> It would be great if the strongswan NM plugin could support
> authentication via PSK.
PSK authentication is insecure if it is used with passwords. The NM
plugin is designed for end user remote-access, so people _will_ use weak
passwords. I won't implement PSK authentication in the NM plugin, this
is a political decision.
If you want password authentication, use one of the EAP methods.
> Connecting to a customer's VPN. I have no say in the choice of PSK for
> authentication.
Please keep in mind that the NM plugin supports IKEv2 tunnels only.
IKEv2 is not widely deployed yet, are you sure your customer uses IKEv2?
Best regards
Martin
Information forwarded
to debian-bugs-dist@lists.debian.org, Martin Willi <martin@strongswan.org>:
Bug#578595; Package network-manager-strongswan.
(Wed, 21 Apr 2010 11:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Paul Wise <pabs@debian.org>:
Extra info received and forwarded to list. Copy sent to Martin Willi <martin@strongswan.org>.
(Wed, 21 Apr 2010 11:09:04 GMT) (full text, mbox, link).
Message #15 received at 578595@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
reopen 578595
tags 578595 + wontfix
thanks
On Wed, 2010-04-21 at 09:58 +0200, Martin Willi wrote:
> PSK authentication is insecure if it is used with passwords. The NM
> plugin is designed for end user remote-access, so people _will_ use weak
> passwords. I won't implement PSK authentication in the NM plugin, this
> is a political decision.
That is a shame, I guess I have to implement it myself or find something
else that does. openswan-nm looks like it might do that actually.
I hope you don't mind, but I think this bug should stay open to document
your (upstream) decision to not allow PSK support.
I would suggest that password strength checking and notifications would
address your concerns about people using weak passwords.
> Please keep in mind that the NM plugin supports IKEv2 tunnels only.
> IKEv2 is not widely deployed yet, are you sure your customer uses IKEv2?
I did not know that. Apparently they use openswan 2.4, so no IKEv2.
--
bye,
pabs
http://wiki.debian.org/PaulWise
[signature.asc (application/pgp-signature, inline)]
Did not alter fixed versions and reopened.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 21 Apr 2010 11:09:05 GMT) (full text, mbox, link).
Added tag(s) wontfix.
Request was from Paul Wise <pabs@debian.org>
to control@bugs.debian.org.
(Wed, 21 Apr 2010 11:09:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Martin Willi <martin@strongswan.org>:
Bug#578595; Package network-manager-strongswan.
(Wed, 03 Dec 2014 12:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Pierre Schweitzer <pierre@reactos.org>:
Extra info received and forwarded to list. Copy sent to Martin Willi <martin@strongswan.org>.
Your message did not contain a Subject field. They are recommended and
useful because the title of a Bug is determined using this field.
Please remember to include a Subject field in your messages in future.
(Wed, 03 Dec 2014 12:51:05 GMT) (full text, mbox, link).
Message #24 received at 578595@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
According to [1], there is now support for PSK in StrongSwan NM
plugin, starting with 1.3.1. Sid is currently at 1.3.0. Would it be
possible to consider upgrading to 1.3.1?
I also need this.
Thanks.
Cheers,
Pierre
[1]: https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
- --
Pierre Schweitzer <pierre@reactos.org>
System & Network Administrator
Senior Kernel Developer
ReactOS Deutschland e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUfwDfAAoJEHVFVWw9WFsLD8gQAJN1mNeoR34eqBzEmHVtePMQ
9cgi3PLbOkiugjJbqtNlwjfCa42UtVnRCwOd+xSWPhq6Rm9nVXmc7BjTVVVbQ4a2
O4+xb1u03RBJ/Ev51UrkgYPlbAxGtiH3HdzidXsndOFxHkZXY9RNFsFMlMTxUFGq
eOPl6PM8u1efDumq0Ga9+zCv/H1g3hmQAeJLgt07bY32q2X4PaXzyxuA3f8tI0NB
Pln0YEzGNfy22YAIPFyKQen7tmaAN8Fm00tqb1QrplwZdZDph1hGyZwLhuQoKpbq
ykf5vSYwiKsIMN/QCmozjcIjDqMtOpzSuXahK0kUvn9kegaixHeeMhlih1DI0Jpd
VEo7eATIIO/V6MsNMGpZtbihxsxiCSQTYeK7lQT7b0hXONRbNQVDpgisF1Y0jc0R
wGre/FQxBMVb41FWNpqUZdA1/ZI27ZtqkUxDizc5M6IH5EIL4BXnVVIbBqvfwFQs
7Ig2hfGZO0ob6xfIhB7pqCmr0XhVauIy3DEGnQB0xLj/uE3AggvjD6W+IhM9j8oz
Z7uFuKPiC7BVSQ89RhQqccYOCTuvZXfmtuuX11lIFwuXGNjN7rGdG7uP7xreFH+/
rMJbx3hceXypehqPow7wPsCJZhPGzv9a5b/50rqjUqhq8cFVCy9cve9YrmPSM0xO
3PhybsIulYR5WWQXBBtn
=N0w4
-----END PGP SIGNATURE-----
Added tag(s) fixed-upstream.
Request was from Pierre Schweitzer <pierre@reactos.org>
to control@bugs.debian.org.
(Wed, 03 Dec 2014 13:21:17 GMT) (full text, mbox, link).
Reply sent
to Harald Dunkel <harri@afaics.de>:
You have taken responsibility.
(Fri, 30 Sep 2016 12:36:03 GMT) (full text, mbox, link).
Notification sent
to Paul Wise <pabs@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Sep 2016 12:36:03 GMT) (full text, mbox, link).
Message #31 received at 578595-done@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Version: 1.3.1-2
PSK support is in, AFAICS.
Regards
Harri
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJX7lnhAAoJEAqeKp5m04HLle4H/R5mk18laza8WGUMaBkTNggH
FUbqeSMpDDHM5kSxDyEWzzolhvcG07j74GUawlMZCmWu80Ip4nUDN9V75vpmqwJ+
I9f4g2kPfKg/9gvrLB6GMLhggb3Gm5B/FHzkWa2fxKBiIr5KFxEtm8Dngb8oofCy
/KYYGiQFvrk5ONMgIgK4xUOAeLy3perMZVQ/pFkgdWtTwjKyaspAQTUj3nljZo1+
1o2P2LrCFZfp9twE1a9Z0Bk4DNpbBT1skuLIQf1pQApEYs0//As9q5w1t7J1taoi
JlKV8o+orC2LH/7zH5wquQWfLstGt/VL7nL4TqYC4Q/PAhO6q701VLR9MoTXhkU=
=6RBz
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 29 Oct 2016 07:32:42 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jan 3 15:57:07 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.