yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #24764
[Bug 1316699] Re: PSK in the VPNAAS is stored/displayed in Plain text
Considering furure advanced services spin off and the fact that this is
really a shortcut to make experimental VPN work, I'm marking this as
'Won't fix'
** Description changed:
Pre shared key for the vpnaas is stored in plain text .
/var/lib/neutron/ipsec/$routeid/etc/ipsec.secrets"
# Configuration for myvpn1
$Site_Address $Peer_address : PSK "secret"
-
and also when we we perform neutron ipsec-site-connection-list
----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 981ebe4c-01e3-4b3f-8a42-42714038ac39 |
| ikepolicy_id | a8d616f9-5f87-4ee9-88d4-d247186ba931 |
| initiator | bi-directional |
| ipsecpolicy_id | 4fc920e8-4f95-4f88-b064-076d95cdb9ec |
| mtu | 1500 |
| name | vpnconnection2 |
| peer_address | 1$Peer_address |
| peer_cidrs | $Peer_cidr |
| peer_id | $peer_id |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 9d550160-fc3b-4a84-a702-f7b75684af49 |
+----------------+----------------------------------------------------+
secret is the psk for the ipsec site connection.
- Should it not be in the encrypted format.
+ Should it not be in the encrypted format?
** Changed in: neutron
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316699
Title:
PSK in the VPNAAS is stored/displayed in Plain text
Status in OpenStack Neutron (virtual network service):
Won't Fix
Bug description:
Pre shared key for the vpnaas is stored in plain text .
/var/lib/neutron/ipsec/$routeid/etc/ipsec.secrets"
# Configuration for myvpn1
$Site_Address $Peer_address : PSK "secret"
and also when we we perform neutron ipsec-site-connection-list
----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | 981ebe4c-01e3-4b3f-8a42-42714038ac39 |
| ikepolicy_id | a8d616f9-5f87-4ee9-88d4-d247186ba931 |
| initiator | bi-directional |
| ipsecpolicy_id | 4fc920e8-4f95-4f88-b064-076d95cdb9ec |
| mtu | 1500 |
| name | vpnconnection2 |
| peer_address | 1$Peer_address |
| peer_cidrs | $Peer_cidr |
| peer_id | $peer_id |
| psk | secret |
| route_mode | static |
| status | ACTIVE |
| tenant_id | d209c7ac08304ff48c59a53c2c47516c |
| vpnservice_id | 9d550160-fc3b-4a84-a702-f7b75684af49 |
+----------------+----------------------------------------------------+
secret is the psk for the ipsec site connection.
Should it not be in the encrypted format?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316699/+subscriptions
References