<P> The OpenBSD IPsec stack was the first implementation that was available under a permissive open - source license, and was therefore copied widely . In a letter which OpenBSD lead developer Theo de Raadt received on 11 Dec 2010 from Gregory Perry, it is alleged that Jason Wright and others, working for the FBI, inserted "a number of backdoors and side channel key leaking mechanisms" into the OpenBSD crypto code . In the forwarded email from 2010, Theo de Raadt did not at first express an official position on the validity of the claims, apart from the implicit endorsement from forwarding the email . Jason Wright's response to the allegations: "Every urban legend is made more real by the inclusion of real names, dates, and times . Gregory Perry's email falls into this category....I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF)." Some days later, de Raadt commented that "I believe that NETSEC was probably contracted to write backdoors as alleged....If those were written, I don't believe they made it into our tree ." This was published before the Snowden leaks . </P> <P> An alternative explanation put forward by the authors of the Logjam attack suggests that the NSA compromised IPsec VPNs by undermining the Diffie - Hellman algorithm used in the key exchange . In their paper they allege the NSA specially built a computing cluster to precompute multiplicative subgroups for specific primes and generators, such as for the second Oakley group defined in RFC 2409 . As of May 2015, 90% of addressable IPsec VPNs supported the second Oakley group as part of IKE . If an organization were to precompute this group, they could derive the keys being exchanged and decrypt traffic without inserting any software backdoors . </P> <P> A second alternative explanation that was put forward was that the Equation Group used zero - day exploits against several manufacturers' VPN equipment which were validated by Kaspersky Lab as being tied to the Equation Group and validated by those manufacturers as being real exploits, some of which were zero - day exploits at the time of their exposure . The Cisco PIX and ASA firewalls had vulnerabilities that were used for wiretapping by the NSA . </P> <P> Furthermore, IPsec VPNs using "Aggressive Mode" settings send a hash of the PSK in the clear . This can be and apparently is targeted by the NSA using offline dictionary attacks . </P>

The ipsec protocol secures data by adding encryption