Hi, On Tue, Jun 13, 2006 at 04:10:08PM -0700, Spruell, Darren-Perot wrote: > > To follow that further, is it currently possible to do this kind of > road-warrior setup using ipsecctl/ipsec.conf? Doesn't it require aggressive > mode do to the unknown nature of the peer IP?
since c2k6 it almost is. There are some minor glitches, so please hang on a bit. With public key authentication (or x509) there's no need for aggressive mode. Aggressive mode is only needed when PSKs are used. ipsecctl(8) will not support aggressive mode. Please see also isakmpd.conf(5), section CAVEATS.
