Any security advantages of newer firmware for 8900AX-2400?

Discussions for BiPAC 8900 series: 8900AX-1600, 8900AX-2400, 8900X
Post Reply
rich4596
Posts: 10
Joined: Thu Nov 21, 2019 8:03 pm

Any security advantages of newer firmware for 8900AX-2400?

Post by rich4596 » Thu Aug 06, 2020 4:50 pm

Hi all.
Running ver 2.52.d27 currently.

When I travel I enable an L2TP VPN for remote mobile devices so I can reach into my home network. I notice that each time I enable the IPSEC and L2TP I get loads of attempted accesses from IPs all across the planet- such as the log appended below.

Although I'm confident that nothing is managing to get in, I just want to make sure that there are no updates in later firmware versions which provide greater resilience than the version I'm on- I can't see anything in the release notes.

Thanks!

Log excerpt-

Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: ASSERTION FAILED at /data2/416l05_4/working/userspace/public/apps/openswan-2.6.38/programs/pluto/ikev2.c:909: st
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: using kernel interface: netkey
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface lo/lo ::1
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface lo/lo 127.0.0.1
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface lo/lo 127.0.0.1
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface br0/br0 192.168.2.1
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface br0/br0 192.168.2.1
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface ppp1.1/ppp1.1 31.125.2.xxx
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: interface ppp1.1/ppp1.1 31.125.2.xxx
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: %myid = (none)
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: private address space in internal use, it should be excluded!
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234:
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234:
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8, keydeflen=64
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234:
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234:
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: "L2TP_test": 31.125.2.xxx<31.125.2.xxx>:17/1701...%any:17/%any; unrouted; eroute owner: #0
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: "L2TP_test": myip=unset; hisip=unset;
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: "L2TP_test": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: "L2TP_test": policy: PSK+ENCRYPT+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: ppp1.1;
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: "L2TP_test": newest ISAKMP SA: #0; newest IPsec SA: #0;
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234:
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: ABORT at /data2/416l05_4/working/userspace/public/apps/openswan-2.6.38/programs/pluto/ikev2.c:909
Aug 6 15:08:53 authpriv warn pluto[28734]: packet from 91.218.36.17:22234: ABORT at /data2/416l05_4/working/userspace/public/apps/openswan-2.6.38/programs/pluto/ikev2.c:909
Aug 6 15:08:53 kern warn kernel: pluto/28734: potentially unexpected fatal signal 6.
Aug 6 15:08:53 kern warn kernel: Cpu 0
Aug 6 15:08:53 kern warn kernel: $ 0 : 00000000
Aug 6 15:08:53 kern info kernel: 10008d00
Aug 6 15:08:53 kern info kernel: 00000000
Aug 6 15:08:53 kern info kernel: 00000000
Aug 6 15:08:53 kern warn kernel: $ 4 :
Aug 6 15:08:53 kern info kernel: 0000703e
Aug 6 15:08:53 kern info kernel: 00000006
Aug 6 15:08:53 kern info kernel: 00000000
Aug 6 15:08:53 kern info kernel: 00000000
Aug 6 15:08:53 kern warn kernel: $ 8 : 77083db4 7707e7e4
Aug 6 15:08:53 authpriv warn pluto[28744]: pluto_crypto_helper: helper (0) is normal exiting
Aug 6 15:08:53 daemon err ipsec__plutorun: Aborted
Aug 6 15:08:54 daemon err ipsec__plutorun: !pluto failure!: exited with error status 134 (signal 6)
Aug 6 15:08:54 daemon err ipsec__plutorun: restarting IPsec after pause...
Aug 6 15:09:04 daemon err ipsec_setup: Stopping Openswan IPsec...
Aug 6 15:09:04 daemon err ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
Aug 6 15:09:05 daemon err ipsec_setup: ...Openswan IPsec stopped
Aug 6 15:09:06 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K3.4.11-rt19...
Aug 6 15:09:06 daemon err ipsec_setup: Using NETKEY(XFRM) stack
Aug 6 15:09:08 authpriv err ipsec__plutorun: Starting Pluto subsystem...
Aug 6 15:09:09 daemon err ipsec_setup: ...Openswan IPsec started
Aug 6 15:09:09 user warn syslog: adjusting ipsec.d to /var/ipsec.d
Aug 6 15:09:09 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
Aug 6 15:09:09 authpriv warn pluto[14976]: WARNING: 1DES is enabled
Aug 6 15:09:09 authpriv warn pluto[14976]: LEAK_DETECTIVE support [disabled]
Aug 6 15:09:09 authpriv warn pluto[14976]: OCF support for IKE [disabled]
Aug 6 15:09:09 authpriv warn pluto[14976]: NSS support [disabled]
Aug 6 15:09:09 authpriv warn pluto[14976]: HAVE_STATSD notification support not compiled in
Aug 6 15:09:09 authpriv warn pluto[14976]: Setting NAT-Traversal port-4500 floating to on
Aug 6 15:09:09 authpriv warn pluto[14976]: port floating activation criteria nat_t=1/port_float=1
Aug 6 15:09:09 authpriv warn pluto[14976]: NAT-Traversal support [enabled]
Aug 6 15:09:09 authpriv warn pluto[14976]: using /dev/urandom as source of random entropy
Aug 6 15:09:09 authpriv warn pluto[14976]: starting up 1 cryptographic helpers
Aug 6 15:09:09 authpriv warn pluto[14976]: started helper pid=14977 (fd:6)
Aug 6 15:09:09 authpriv warn pluto[14977]: using /dev/urandom as source of random entropy
Aug 6 15:09:12 authpriv warn pluto[14976]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
Aug 6 15:09:12 authpriv warn pluto[14976]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
Aug 6 15:09:12 authpriv warn pluto[14976]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
Aug 6 15:09:12 authpriv warn pluto[14976]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
Aug 6 15:09:12 authpriv warn pluto[14976]: added connection description "L2TP_test"
Aug 6 15:09:12 daemon err ipsec__plutorun: 002 added connection description "L2TP_test"
Aug 6 15:09:12 authpriv warn pluto[14976]: listening for IKE messages
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface ppp1.1/ppp1.1 31.125.2.xxx:500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface ppp1.1/ppp1.1 31.125.2.xxx:4500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface br0/br0 192.168.2.1:500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface br0/br0 192.168.2.1:4500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface lo/lo 127.0.0.1:500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface lo/lo 127.0.0.1:4500
Aug 6 15:09:12 authpriv warn pluto[14976]: adding interface lo/lo ::1:500
Aug 6 15:09:12 authpriv warn pluto[14976]: loading secrets from "/var/ipsec.secrets"

billyed
Posts: 1
Joined: Wed Jul 15, 2020 4:09 am

Re: Any security advantages of newer firmware for 8900AX-2400?

Post by billyed » Sat Aug 08, 2020 11:40 am

Are you manually setting up the VPN or using servers from a VPN provider? I have done the same using Express & Ivacy manually.

rich4596
Posts: 10
Joined: Thu Nov 21, 2019 8:03 pm

Re: Any security advantages of newer firmware for 8900AX-2400?

Post by rich4596 » Mon Aug 10, 2020 9:34 pm

billyed wrote:
Sat Aug 08, 2020 11:40 am
Are you manually setting up the VPN or using servers from a VPN provider? I have done the same using Express & Ivacy manually.
Manually- the router has the capability to create its own tunnels for router/client links, so I can just use the router rather than a VPN service.

billion_fan
Posts: 5272
Joined: Tue Jul 19, 2011 4:30 pm

Re: Any security advantages of newer firmware for 8900AX-2400?

Post by billion_fan » Tue Aug 11, 2020 9:14 am

rich4596 wrote:
Mon Aug 10, 2020 9:34 pm
billyed wrote:
Sat Aug 08, 2020 11:40 am
Are you manually setting up the VPN or using servers from a VPN provider? I have done the same using Express & Ivacy manually.
Manually- the router has the capability to create its own tunnels for router/client links, so I can just use the router rather than a VPN service.
Unfortunately when setting up any type of VPN you will get login attempts, as long as your passwords are strong you should be fine.

Regarding firmware updates there have been no changes to the VPN part.

rich4596
Posts: 10
Joined: Thu Nov 21, 2019 8:03 pm

Re: Any security advantages of newer firmware for 8900AX-2400?

Post by rich4596 » Wed Aug 12, 2020 8:09 am

Rgr, thanks BF !

Post Reply