I have GRE with IPSec enabled with preshared key. After OS update to 6.43.1 im getting a warning that its not secure configuration and i should use certificates.
But i don’t see option to use certificates for GRE secured with IPSec. Let say my secret is 30 symbols long so how successful hacker would be to compromise connection?
since 6.43
*) ipsec - added warning messages for incorrect peer configuration;
You can use what you want, it’s just reminder.
I understand this a reminder , I know that everything can be broken, so let say i would like to know how insecure it is now lets say in scale from 1 to 10.
These warnings were added based on this research paper which explains how pre shared keys are vulnerable to offline dictionary attacks even in main mode and IKEv2.
https://www.ei.rub.de/media/nds/veroeffentlichungen/2018/08/13/sec18-felsch.pdf
This is mainly used for VPN services and if we want to avoid this we could change to OpenVPN or IKE2 but that are not fully or not supported in RouterOS.
So we have to bear with these warnings for some time longer.
The maximum security you can get with pre-shared keys is when you use 128-byte randomly generated keys (on linux, use openssl rand -hex 128 to get a 128-byte value encoded as a string of 256 hexadecimal characters, and use that string as the secret (and another one as xauth-password if you use xauth) prepended with 0x. The warning will still be there but you’ll know you couldn’t do more.
Just i want to get more information from your link. Can you double check something doesn’t work.
Thanks