Aggressive mode IKE

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
karnos666
Posts: 2
Joined: Tue Oct 06, 2015 6:20 pm

Aggressive mode IKE

Post by karnos666 » Tue Oct 06, 2015 6:24 pm

Hello Everyone,

One of our vendors did security check on our network and gave us an issue about CVE-2002-1623: https://web.nvd.nist.gov/view/vuln/deta ... -2002-1623

It looks like it's related to Aggressive mode IKE being enable.

Does anyone know how to fix it?

theodisbutler
Posts: 31
Joined: Mon Feb 24, 2014 12:12 am

Re: Aggressive mode IKE

Post by theodisbutler » Thu Oct 08, 2015 12:43 am

Sure.. use a different VPN protocol.

karnos666
Posts: 2
Joined: Tue Oct 06, 2015 6:20 pm

Re: Aggressive mode IKE

Post by karnos666 » Sun Oct 11, 2015 1:26 am

Is there any other way than changing the protocol?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Aggressive mode IKE

Post by cedar » Thu Oct 22, 2015 1:06 pm

IPSec initiator side selects the IKE mode.
If you don't want to use the aggressive mode, you can configure the VPN client so.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Aggressive mode IKE

Post by thisjun » Mon Sep 12, 2016 5:41 am

Please read the manual of the your client.

roblito
Posts: 1
Joined: Sat Oct 26, 2019 5:15 pm

Re: Aggressive mode IKE

Post by roblito » Tue Nov 05, 2019 11:12 am

Has anyone answered this one? It's not a client issue.

A Nessus scan of the server reports "The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared Key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorised access to private networks."

Can anyone suggest a way to set Softether to use Main Mode instead of Aggressive Mode?

drnoelkelly
Posts: 4
Joined: Fri Apr 03, 2020 2:25 pm

Re: Aggressive mode IKE

Post by drnoelkelly » Fri Apr 03, 2020 2:28 pm

"Added the DisableIPsecAggressiveMode option. You can set "bool DisableIPsecAggressiveMode true" to disable the IPsec Aggressive Mode to moderate CVE-2002-1623."

https://www.softether.org/5-download/history

Post Reply