10:54 "Feature" in the implementation of ipsec vpn router draytek | |
| Draytek - relatively new to the Russian segment of the company, which occupies a niche of inexpensive compact router All-in-one. Here and here you can read the review of the two most popular models of routers the company's Series 2820 and 2910 (which, incidentally, are positioned as a «security firewall»). Among the other advantages of the routers, the most delicious is the hardware support for encryption (AES/DES/3DES) and authentication (MD5, SHA-1), so that we can, like, set up a VPN between two points, and sleep soundly. But not so simple as it seems. Going to just stand - 1 gateway Draytek, a VPN server on fryahe (connected directly): data Draytek 2910: LAN: 192.168.9.1/24 WAN : 99.99.99.99/24 GW: 99.99.99.100 (necessarily) FreeBSD: LAN: 192.168.3.32/24 WAN: 99.99.99.100/24 ?? As a server I took the FreeBSD security/racoon2. Raise the VPN, after some time or omit spmd (disable racoon2 on fryahe), ping the internal address fryahi (previously running tcpdump) with Draytek'a. Ping! Oh hell, how can this be? Simulate an ideal situation - 2 router from prozvoditelya (2910 and 2820), a gateway in the middle (same fryaha with tcpdump'om): Data 1 Draytek 2910 LAN: 192.168. 9.1/24 WAN: 192.168.51.2 GW: 192.168.51.1 2 Draytek 2820 LAN: 192.168.10.1/24 WAN: 192.168.52.2 GW: 192.168.52.1 3 FreeBSD gw a WAN 192.168.51.1 2 WAN 192.168.52.1 sysctl: net.inet.ip.forwarding: 1 When you disable the VPN channel (assuming the network dropped at the ISP) on the 2 router, a router deletes the encrypted tunnel and ... begins to broadcast the address of the packet to the external interface! This test Draytek Vigor 2910VG and 2820Vn, the same behavior. I think all of these series routers vulnerable to this issue - after the termination of the tunnel starts listening addresses of outgoing packets that need to be encrypted. Do not look at only ICMP traffic in a video broadcast all IP traffic, it can be seen on http packets in end of the video (laptop for draytek 2910 [ip address of 192.168.9.2]). Mark warned. Correspondence with him: anyone support@draytek.com Date August 27, 2010 18:05 theme bug in your routers I found bug in your routers (I think this bug present in other xx routers too). I create test configuration: 192.168.3.0/24 | 192.168.1.10 (freebsd) - 192.168.1.2 (router) | 192.168.9.0/24 in left side I use freebsd os with racoon2 port (ipsec-tools too) Bug is very serious: when I create vpn tunnel with ESP encryption between hosts and after some time stop spmd (on freebsd), router clear his policies (connection management page is blank) and start NAT 192.168.3.0/24 net traffic to freebsd external interface. All NAT'ed traffic is unencrypted! You can download video from xxx. I attach router (admin without password) and racoon2 config files. If you don't answer to this letter until monday, I publish it in bugtrackers. Few letters Date September 2, 2010 8:20 subject Re: [Ticket # 2010082810002448] Fwd: bug in your routers Dear Sir, Thank you for the information. Although the current mechanism may violate the standard, it provides flexibility for many applications. For example when vpn is up, a public server is accessed through a vpn tunnel and routed to the Internet by remote vpn gateway. When vpn is down, the same public server can be accessed directly from local wan connection. This kind of usage is useful in VoIP implementation. Anyone Draytek Support <support@draytek.com> Date September 2, 2010 17:15 Topic Re: [Ticket # 2010082810002448] Fwd: bug in your routers and how disable it? Date September 3, 2010 7:31 subject Re: [Ticket # 2010082810002448] Fwd: bug in your routers Dear Sir, Sorry this mechanism cannot be changed. These are the ears that's feints at the expense of standards. And such feints, as you know, do not pass without leaving a trace. IPSEC - have a very serious standard that ensures the security of transmitted information, and there exists a bug "feature". P.S. Publish only because I want to warn those who use these routers in prodakshene. | |
|
| |
| Total comments: 0 | |