IKE agressive mode


#1

Greetings!

So I’m trying to set up a IPSec tunnel between our Amazon VPC using the VyOS AMI from the Marketplace back to our datacenter, and our IT guys say that they need us to use IKE Phase 1 aggressive mode (ugh). What do I need to set in VyOS to get it to use aggressive mode rather than main?

I tried searching the forum, and found nil. I’m also striking out with Google. Any help would be greatly appreciated.


#2

As far as I know you cannot.

Agressive mode has been removed from Vyatta (before fork to VyOs) since it’s too weak.

Your “IT guy” should use main mode… if it’s not supported and this is for business purpose the IT should consider changing the endpoint at the other side !


#3

Your post to God’s ears. He claims that his concentrator supports IKEv2, so maybe I can convince him to go that route - he has some problem with main mode for some reason.

Thanks for the quick reply!