← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1316699] [NEW] PSK in the VPNAAS is stored/displayed in Plain text

 

Public bug reported:

Pre shared key for the vpnaas is stored in plain text .
/var/lib/neutron/ipsec/$routeid/etc/ipsec.secrets"
# Configuration for myvpn1
$Site_Address $Peer_address : PSK "secret"


and also when we we perform neutron ipsec-site-connection-list
----------------+----------------------------------------------------+
| Field          | Value                                              |
+----------------+----------------------------------------------------+
| admin_state_up | True                                               |
| auth_mode      | psk                                                |
| description    |                                                    |
| dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
| id             | 981ebe4c-01e3-4b3f-8a42-42714038ac39               |
| ikepolicy_id   | a8d616f9-5f87-4ee9-88d4-d247186ba931               |
| initiator      | bi-directional                                     |
| ipsecpolicy_id | 4fc920e8-4f95-4f88-b064-076d95cdb9ec               |
| mtu            | 1500                                               |
| name           | vpnconnection2                                     |
| peer_address   | 1$Peer_address                                      |
| peer_cidrs     | $Peer_cidr                             |
| peer_id        | $peer_id                                      |
| psk            | secret                                             |
| route_mode     | static                                             |
| status         | ACTIVE                                             |
| tenant_id      | d209c7ac08304ff48c59a53c2c47516c                   |
| vpnservice_id  | 9d550160-fc3b-4a84-a702-f7b75684af49               |
+----------------+----------------------------------------------------+

secret is the psk for the ipsec site connection.
Should it not be in the encrypted format.

** Affects: neutron
     Importance: Undecided
         Status: New

** Description changed:

  Pre shared key for the vpnaas is stored in plain text .
  /var/lib/neutron/ipsec/$routeid/etc/ipsec.secrets"
+ # Configuration for myvpn1
+ $Site_Address $Peer_address : PSK "secret"
+ 
  
  and also when we we perform neutron ipsec-site-connection-list
  ----------------+----------------------------------------------------+
  | Field          | Value                                              |
  +----------------+----------------------------------------------------+
  | admin_state_up | True                                               |
  | auth_mode      | psk                                                |
  | description    |                                                    |
  | dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
  | id             | 981ebe4c-01e3-4b3f-8a42-42714038ac39               |
  | ikepolicy_id   | a8d616f9-5f87-4ee9-88d4-d247186ba931               |
  | initiator      | bi-directional                                     |
  | ipsecpolicy_id | 4fc920e8-4f95-4f88-b064-076d95cdb9ec               |
  | mtu            | 1500                                               |
  | name           | vpnconnection2                                     |
  | peer_address   | 1$Peer_address                                      |
  | peer_cidrs     | $Peer_cidr                             |
  | peer_id        | $peer_id                                      |
  | psk            | secret                                             |
  | route_mode     | static                                             |
  | status         | ACTIVE                                             |
  | tenant_id      | d209c7ac08304ff48c59a53c2c47516c                   |
  | vpnservice_id  | 9d550160-fc3b-4a84-a702-f7b75684af49               |
  +----------------+----------------------------------------------------+
  
  secret is the psk for the ipsec site connection.
  Should it not be in the encrypted format.

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316699

Title:
  PSK in the VPNAAS is stored/displayed in Plain text

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Pre shared key for the vpnaas is stored in plain text .
  /var/lib/neutron/ipsec/$routeid/etc/ipsec.secrets"
  # Configuration for myvpn1
  $Site_Address $Peer_address : PSK "secret"

  
  and also when we we perform neutron ipsec-site-connection-list
  ----------------+----------------------------------------------------+
  | Field          | Value                                              |
  +----------------+----------------------------------------------------+
  | admin_state_up | True                                               |
  | auth_mode      | psk                                                |
  | description    |                                                    |
  | dpd            | {"action": "hold", "interval": 30, "timeout": 120} |
  | id             | 981ebe4c-01e3-4b3f-8a42-42714038ac39               |
  | ikepolicy_id   | a8d616f9-5f87-4ee9-88d4-d247186ba931               |
  | initiator      | bi-directional                                     |
  | ipsecpolicy_id | 4fc920e8-4f95-4f88-b064-076d95cdb9ec               |
  | mtu            | 1500                                               |
  | name           | vpnconnection2                                     |
  | peer_address   | 1$Peer_address                                      |
  | peer_cidrs     | $Peer_cidr                             |
  | peer_id        | $peer_id                                      |
  | psk            | secret                                             |
  | route_mode     | static                                             |
  | status         | ACTIVE                                             |
  | tenant_id      | d209c7ac08304ff48c59a53c2c47516c                   |
  | vpnservice_id  | 9d550160-fc3b-4a84-a702-f7b75684af49               |
  +----------------+----------------------------------------------------+

  secret is the psk for the ipsec site connection.
  Should it not be in the encrypted format.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316699/+subscriptions


Follow ups

References