Questions tagged [ipsec]

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

220 questions

votes

1 answer

How credible are the rumors that the NSA has compromised IPSec?

Part of the Snowden revelations was that the NSA had targeted IPSec. But I'm having trouble separating FUD from legitimate issues. How credible is this? Are there ways to use IPSec to be confident against it being broken? I like IPSec because it's…

ipsec

asked Dec 29 '20 at 19:08

Paul Draper

1,010
10
19

votes

2 answers

Ipsec Native VPN on Windows 8 or 10

I have a Cisco PIX, and have been using the Cisco VPN client on windows however I would like to enable this to work with the native Windows 8/10 VPN client. It works fine with the native clients for Android (using IPsec Xauth PSK) and iOS (IPsec).…

ipsec

asked Aug 03 '15 at 20:21

user2641043

votes

2 answers

Performance comparison between AES256 GCM vs AES 256 SHA 256

I understand GCM Crypto uses ESP Encryption only for ESP and Authentication algorithm. whereas AES 256 SHA256 uses AES for ESP Encrypt and SHA256 for Auth algorithm. Could someone help clarify the reason of getting a better performance with…

ipsec

asked Jul 04 '20 at 03:40

ShubhaBrata

votes

1 answer

Difference between IPSEC SA and CHILD SA

Let us consider two network entities. Linux1 (eth0)=============IPSEC=============Linux2(eth0) 192.168.1.1 192.168.1.2 The IPSEC Tunnel is V4 over V4. When i set up this tunnel through IKE…

ipsec

asked Apr 15 '15 at 15:31

kishore .

votes

6 answers

Why Use IPSEC AH vs ESP?

I am refreshing my understanding of IPSEC. IPSec is an IETF defined set of security services that use open standards to provide data confidentiality, integrity, and authentication between peers. IPsec involves two security services: Authentication…

ipsec

asked May 25 '15 at 03:05

Ronnie Royston

votes

1 answer

Best Practice: frequency to change IPSec pre-shared key

Is there any Best Practice as far as changing IPSec pre-shared keys for security purposes? Obviously, larger companies would have a issue changing these and then pushing the new key out to the user machines. Any thoughts?

ipsec

asked Oct 17 '14 at 13:02

George Coles

votes

1 answer

Does IPSec authenticate identity?

I know that SSL/TLS authenticates the identity of a server (and/or client) by presenting a certificate which the client sends to a CA to check the validity. This happens before the SSL/TLS connection is made, so the client knows if it is actually…

ipsec

asked Dec 10 '15 at 18:03

Soulrot

votes

1 answer

ip xfrm limit in iproute2 for ipsec

I am using ip xfrm state and ip xfrm policy commands from iproute2 tool to implement IPSec. I have read documentation of iproute2 (PDF) and ip-xfrm man page. The man page states: LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT LIMIT := { time-soft |…

ipsec

asked Jun 17 '15 at 11:43

Zaksh

votes

1 answer

what is a security association and how does it relate to ipsec?

I am learning IPSec. My class notes define a security association as a one way relationship between sender and receiver that (1) affords security for traffic flow and (2) is identified by the destination address in the IP header, the SPI and the…

ipsec

asked Apr 23 '13 at 23:43

bernie2436

1,457
10
22
29

votes

2 answers

why use L2TP/IPsec insted of just IPsec

Why someone would use L2TP with IPsec ? I mean I understand, that we would use it along with IPsec because L2TP does not provide confidentiality or strong authentication by itself but why not just use IPsec itself??

ipsec

asked Dec 06 '16 at 15:24

cyzczy

1,578
5
23
42

votes

2 answers

IPsec using pre-shared keys

I am trying to understand why do we really use those pre-shared keys when creating a IPSec tunnel. From all the reading that I have done the DH group creates the keys that are used to do the actual data encryption, hope I am correct. If yes, the…

ipsec

asked Aug 15 '13 at 08:34

Nik

votes

1 answer

strongswan setup for ipsec environment

I have created two virtualbox ubuntu clones for the purpose of setting up a test strongswan ipsec network; I'm trying to follow this guide. The virtualbox machines are on a bridged adapter and i verify that they can connect by pinging to the ip of…

ipsec

asked Apr 13 '11 at 00:26

lurscher

1,230
1
11
15

votes

2 answers

What is meant by IPSec is "transparent"

While reading a guide on IPSec, i came across this sentence: IPSec is transparent to the user and the applications. Can someone please tell me what is meant by being transparent from security view point?

ipsec

asked Apr 26 '18 at 18:06

Ibrahim Nadir

votes

2 answers

How can IPSec provide confidentiality between two hosts on private networks?

Can you use transport mode with IPsec processing to provide confidentiality between two hosts in geographically separate private IP networks? I have read somewhere that transport mode is the default mode to use to provide end to end confidentiality…

ipsec

asked May 12 '16 at 15:53

ellefc

votes

0 answers

Possibility of widespread deployment of IPsec

I want to know if IPsec is a candidate for a widespread deployment in the Internet. So far IPsec seems to be adopted merely in VPN networks. IPsec seems to have problems with NAT-traversal and another disadvantage (in my opinion) is that it is…

ipsec

asked Jun 14 '15 at 08:04

jannikb

2 3 Next