Ike

Router Bugs - IKE NAT Traversal

QA Cafe is constantly testing as many home networking devices as we can find, both to make sure CDRouter is the best testing product around and to find new and interesting tests to write. During that time, we have learned that the quality level of home and business routers/gateways on the market varies considerably. We know the world of networking protocols is complex and nuanced, and often a slight oversight in a standard or interpretation of a standard can mean the difference between a functioning home networking product and a high-tech paperweight. Read more...

Short Diffie-Hellman Secrets Can Break IKE Interoperability

Although IKE has been out for a long time, and considered by the Internet community to be a mature protocol, there are still low-level problems affecting interoperability. Specifically at issue is how an implementation represents internal keying material that is shorter than expected. Here we take an in-depth look at the cause of the problem, and offer ways to detect it in existing implementations using the CDRouter IKE test suite from QA Cafe. Read more...

What is IPSEC SPI Tracking?

SPI tracking is a technique some vendors use to support IPSEC pass through with multiple IPSEC streams. It is not perfect since SPI conflicts can still occur and the router can not change the SPI, but it does work most of the time. The router can look at the SPI to distinguish one IPSEC stream from another. For more information please see http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx

IPSEC pass through testing

IPSEC pass through is a technique for allowing IPSEC packets to pass through a NAT router. By itself, IPSEC does not work when it travels through NAT. Newer IKE and IPSEC implementations support NAT-Traversal which is a technique to detect NAT and switch to UDP encapsultion for IPSEC ESP packets. However, many router vendors have developed a “pass through” technique that allows IPSEC packets to pass through NAT without NAT-T support. Read more...