exact insecurity of --bypass-security ?

Dipl.-Ing. C. Lechleitner christoph.lechleitner at ibcl.at
Tue Sep 2 21:47:47 CEST 2003 

Hello!

First, nice peace of work, thx ;->>

After some production server crashes with a far too early version of
FreeSWAN (abaout 3 years ago) and the unwillingness to get an OpenSSL expert
just to build a VPN, I was happy to read about the rather simple configuration
of tinc ("Linux Magazin", a monthly Linux paper published in Germany, gave an
overview of free VPN solutions in their brand new 10/2003 release).

Unfortunately, I could only get the tinc VPN working using the --bypass-security
parameter, without this switch I got "Bogus data from ... " messages in syslog.
I have tried the statical linked 1.0.1 binary as well as a self compiled
binary, both under SuSE 8.2.

The problem might be that tinc 1.0.1 relies on OpenSSL 0.9.7, while our SuSE
systems use a SuSE patched 0.9.6i release (there are no OpenSSL 0.9.7 packages
available for most Linux distributions).
Of course I upgraded to 0.9.7 temporarily, just to be able to compile tinc
myself, but I am not entirely sure if I had 0.9.7 (and only 0.9.7) active, and,
it did not help.

As we do not really need the VPN so far (ssh tunnels are quite ok for the few
linux-to-linux connections we really do need), I am not planning to invest
too much time just to get rid of the --bypass-security switch, so I would like
just to ask ...

  What _exactly_ are the consequences and risks of using --bypass-security ?

My network sniffs as well as an earlier posting here seem to show that the
packets are still not sent in clear text, but what does the --bypass-security
turn off if not encryption?

As far as I think to understand protocol_auth.c, it
- switches of the check of RSA keys
- suppresses the checking of IndirectData and TCPOnly settings
  (therefore forcing UDP usage?)

The "only" security leak seems to be that a foreign system might join the VPN,
if it has the same tinc configuration as the real partner _and_ "steels" the
real partner's IP address (by IP spoofing or by a kind of man-in-the-middle
attack).

As a conclusion, using --bypass-security would mean:
- Data still are transfered encrypted, but
- a man-in-the-middle attack would be possible and could start anytime a
  connection is (re)established

Am I correct?

Kind regards,

Christoph Lechleitner

Tinc:         Discussion list about the tinc VPN daemon
Archive:      http://mail.nl.linux.org/lists/
Tinc site:    http://tinc.nl.linux.org/

More information about the Tinc mailing list