<![CDATA[Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them.]]>Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. Just a thought. If you aren't sure if you are exposed, today seems like a good day to find out.

Just a moment...

favicon

(www.shodan.io)

]]>https://board.circlewithadot.net/topic/3483de7b-609e-40be-bacf-3e0592e1c7b0/random-reminder-that-if-you-are-exposing-ike-to-the-internet-for-static-site-to-site-tunnels-maybe-allowlist-only-your-peer-endpoints-and-don-t-allow-full-internet-access-to-them.RSS for NodeFri, 15 May 2026 01:52:32 GMTTue, 12 May 2026 13:49:33 GMT60<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Wed, 13 May 2026 13:57:02 GMT]]>@nyanbinary @cR0w Mike asked for his return... he did not tell us why.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/ap/users/116093572746253175/statuses/116567613271544887https://board.circlewithadot.net/post/https://infosec.exchange/ap/users/116093572746253175/statuses/116567613271544887Wed, 13 May 2026 13:57:02 GMT<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Wed, 13 May 2026 13:51:21 GMT]]>@cR0w who is Ike & why are we trying to keep them off the internet?

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116567590925401083https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116567590925401083Wed, 13 May 2026 13:51:21 GMT<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Tue, 12 May 2026 17:11:18 GMT]]>@cR0w @fuzzyfuzzyfungus

Thanks to DYNDNS, my home based S2S WireGuard tunnels only allow the specific FQDN I need.

ISP DHCP based IP change is roughly a 1hr downtime window. My ZFS replications can handle that fine.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/kajer/statuses/116562714838778832https://board.circlewithadot.net/post/https://infosec.exchange/users/kajer/statuses/116562714838778832Tue, 12 May 2026 17:11:18 GMT<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Tue, 12 May 2026 13:59:28 GMT]]>@fuzzyfuzzyfungus As of today it's a general good practice reminder. But we never know what tomorrow may bring.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116561960563339214https://board.circlewithadot.net/post/https://infosec.exchange/users/cR0w/statuses/116561960563339214Tue, 12 May 2026 13:59:28 GMT<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Tue, 12 May 2026 13:57:24 GMT]]>@cR0w Is this a good practice reminder apropos of nothing super particular; or has one of the Enterprise Gateway Widget vendors covered themselves in glory again?

]]>https://board.circlewithadot.net/post/https://cyberplace.social/users/fuzzyfuzzyfungus/statuses/116561952415648368https://board.circlewithadot.net/post/https://cyberplace.social/users/fuzzyfuzzyfungus/statuses/116561952415648368Tue, 12 May 2026 13:57:24 GMT<![CDATA[Reply to Random reminder that if you are exposing IKE to the Internet for static site-to-site tunnels, maybe allowlist only your peer endpoints and don't allow full Internet access to them. on Tue, 12 May 2026 13:53:50 GMT]]>@cR0w Hmm.

Link Preview Image
]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116561938369271790https://board.circlewithadot.net/post/https://infosec.exchange/users/Sempf/statuses/116561938369271790Tue, 12 May 2026 13:53:50 GMT