Page 1 of 1

Aggressive mode IKE

Posted: Tue Oct 06, 2015 6:24 pm
by karnos666
Hello Everyone,

One of our vendors did security check on our network and gave us an issue about CVE-2002-1623: https://web.nvd.nist.gov/view/vuln/deta ... -2002-1623

It looks like it's related to Aggressive mode IKE being enable.

Does anyone know how to fix it?

Re: Aggressive mode IKE

Posted: Thu Oct 08, 2015 12:43 am
by theodisbutler
Sure.. use a different VPN protocol.

Re: Aggressive mode IKE

Posted: Sun Oct 11, 2015 1:26 am
by karnos666
Is there any other way than changing the protocol?

Re: Aggressive mode IKE

Posted: Thu Oct 22, 2015 1:06 pm
by cedar
IPSec initiator side selects the IKE mode.
If you don't want to use the aggressive mode, you can configure the VPN client so.

Re: Aggressive mode IKE

Posted: Mon Sep 12, 2016 5:41 am
by thisjun
Please read the manual of the your client.

Re: Aggressive mode IKE

Posted: Tue Nov 05, 2019 11:12 am
by roblito
Has anyone answered this one? It's not a client issue.

A Nessus scan of the server reports "The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared Key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorised access to private networks."

Can anyone suggest a way to set Softether to use Main Mode instead of Aggressive Mode?

Re: Aggressive mode IKE

Posted: Fri Apr 03, 2020 2:28 pm
by drnoelkelly
"Added the DisableIPsecAggressiveMode option. You can set "bool DisableIPsecAggressiveMode true" to disable the IPsec Aggressive Mode to moderate CVE-2002-1623."

https://www.softether.org/5-download/history