Comments (1)
dkosovic
commented on September 16, 2024
I thought Aggressive Mode is mainly recommended for use with XAUTH and not with PSK to avoid offline brute force attack of the PSK, which isn't an issue with Main Mode as it doesn't leak the ID in clear text.
Extract from:
- https://libreswan.org/man/ipsec.secrets.5.html
An additional complexity arises in the case of authentication by preshared secret in IKEv1 Main Mode: the responder will need to look up the secret before the Peer's ID payload has been decoded, so the ID used will be the IP address. IKEv1 Aggressive Mode (
aggrmode=yes) can be used to work around this, at the price of leaking the ID in the clear and allowing a brute force attack against the PSK to be performed offline. PSKs are the least secure authentication method and should be avoided.
As the Windows built-in L2TP VPN client doesn't use Aggressive Mode, would there be many L2TP servers that use Aggressive Mode, or IPsec IKEv1 servers that use Aggressive mode but don't use XAUTH?
The NetworkManager-vpnc and NetworkManager-libreswan VPN clients I believe use Aggressive Mode with XAUTH (or in the NetworkManager-libreswan case just for IKEv1 and not IKEv2).
from networkmanager-l2tp.
Related Issues (20)
- Link Error xl2tpd HOT 1
- Assertation failed and segmentation fault when connecting to Check Point VPN HOT 20
- Consider new release for ppp-2.5.0 support HOT 4
- VPN connection is up, but the servers arenβt fully reachable after some time HOT 26
- After changing the IP address of the Gateway, the old one is still used HOT 4
- Spell in the dialogues title L2TP HOT 3
- Vpn HOT 1
- Problem to connect L2TP Server with MPPE-128 Cryptographic HOT 28
- User name with space HOT 1
- Disconnected right after I opened connection HOT 2
- NetworkManager failed to connect: 'Timeout was reached' (Manjaro) HOT 10
- MPPE fails on Manjaro/Arch HOT 6
- After upgrade to 1.20.12-1 this issue occurs: no config named HOT 8
- ipsec VPN connection error: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed HOT 5
- IPv6 IPsec servers won't be contacted HOT 2
- 1.20.14 fails with libreswan version 4.15 HOT 5
- Does not properly call ipsec HOT 1
- Use IKEv2 Key Exchange Checkbox in Debian Bookworm HOT 2
- Unable to connect to L2TP+IPSec from Ubuntu 24.04 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from networkmanager-l2tp.