Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Fixed In:
14.0.0
Opened: Sep 26, 2017 Severity: 2-Critical
The racoon daemon binds to all addresses on the Linux host.
- IPsec tunnels may be established on unexpected IP addresses on the BIG-IP system. - Port scans or security audits may show the IPsec service on unexpected IP addresses.
When the IKEv1 racoon daemon processes the config file written by tmipsecd.
No workaround.
The auto-generated racoon daemon config file no longer listens to 0.0.0.0 'any' addresses.
In previous releases, the racoon daemon would bind to all addresses on the Linux host. In this version, The IKEv1 racoon daemon no longer listens on 0.0.0.0.