On Wed, 23 Nov 2016, Florian Schlichting wrote:
Hi Benoit,
> While debugging an issue connecting with vpnc to a mikrotik firewall, I more
> or less pinpointed the problem in vpnc only trying aggressive mode
> and not 'main' mode.
>
> Could a config option be added to also allow main mode?
I'm not sure what 'aggressive mode' is and I cannot find anything about
that in the source. But if you're able to develop a patch (and if
possible, post that patch to the upstream development list in addition
to this bug report), I can certainly add that patch to the Debian
package.
Florian
Well, maybe it's too late for some explanations. Anyway, these three
documents on the internet (among others) may explain the difference
between main mode and aggressive mode:
* https://www.ipsec-howto.org/x202.html#AEN283
* https://www.internet-computer-security.com/VPN-Guide/Aggressive-Mode.html
*
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/217432-understand-ipsec-ikev1-protocol.html
I've searched the internet because I am not quite sure about it; but if I
remember correctly then Cisco has preferred or used by default aggressive
mode. Please remember that vpnc was developed as a replacement to Cisco's
proprietary client to have a free alternative for connecting to Cisco
IPSec/VPN servers from any platform having similar simplicity in terms of
configuration and usage.
Yet you may decide for a different VPN software that provides much more
features for tweaking the IPSec connection exactly the way you need or
want it, libreswan or strongswan for instance. Both support main mode and
aggressive mode and are packaged for Debian.
Best regards,
Thomas Uhle
