Bug ID 685442

Bug Tracker
ID 685442

Bug ID 685442: racoon daemon for IPsec IKEv1 listens on 0.0.0.0

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
14.0.0

Opened: Sep 26, 2017

Severity: 2-Critical

Symptoms

The racoon daemon binds to all addresses on the Linux host.

Impact

- IPsec tunnels may be established on unexpected IP addresses on the BIG-IP system. - Port scans or security audits may show the IPsec service on unexpected IP addresses.

Conditions

When the IKEv1 racoon daemon processes the config file written by tmipsecd.

Workaround

No workaround.

Fix Information

The auto-generated racoon daemon config file no longer listens to 0.0.0.0 'any' addresses.

Behavior Change

In previous releases, the racoon daemon would bind to all addresses on the Linux host. In this version, The IKEv1 racoon daemon no longer listens on 0.0.0.0.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips