From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 848CF1381F3 for ; Mon, 13 May 2013 02:13:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 624E1E0948; Mon, 13 May 2013 02:13:29 +0000 (UTC) Received: from mail-ob0-f179.google.com (mail-ob0-f179.google.com [209.85.214.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 294C7E092C for ; Mon, 13 May 2013 02:13:27 +0000 (UTC) Received: by mail-ob0-f179.google.com with SMTP id xn12so5945906obc.24 for ; Sun, 12 May 2013 19:13:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=ENhfLwntoWiR3ZKu/RHPY6Puk6iZ+zP1IKKLP2Rxy9k=; b=Si0W+0bAUUzb2vpr+pLztn3U3y5FW7ufs8ycssT9iaOsz7RVmE2KMHbsjWwIXEuA85 NAllmuBI0AzCo/nJsOtIxo2RNjuWELUECO/tB4aZahs8JJLOimHTDCR7Og5dvvOqpFN5 kR2++YVBGqdzo23vWj+WcaJ6XqtPCqsGDejWvfIXJpxnqiiHQ6COE/Jzqx175qxeOPDf d+vUfix2/MK2bh3N+4Ms5ALFZrszg9PUFsGL5RbvaC71apDfDkw7nX397Qv/J649EOc1 vyrJPgWd/rCpOkMZyYgUa4L4nsXODs70huvWP9kkHNOkDTflqSwz/GnjJQvYZm3m2PbE 57JA== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.60.63.238 with SMTP id j14mr11580178oes.77.1368411207172; Sun, 12 May 2013 19:13:27 -0700 (PDT) Received: by 10.60.6.194 with HTTP; Sun, 12 May 2013 19:13:27 -0700 (PDT) In-Reply-To: <201305120842.37821.michaelkintzios@gmail.com> References: <518EFB06.4000000@gmail.com> <201305120842.37821.michaelkintzios@gmail.com> Date: Mon, 13 May 2013 12:13:27 +1000 Message-ID: Subject: Re: [gentoo-user] Traffic Intensive IPSec Tunnel From: Adam Carter To: "gentoo-user@lists.gentoo.org" Content-Type: multipart/alternative; boundary=001a11c21a8ce9085104dc900f77 X-Archives-Salt: 0592545e-e841-4c23-b73c-79069cee71c8 X-Archives-Hash: d87203c3bad2ae73608c133fe0ad4244 --001a11c21a8ce9085104dc900f77 Content-Type: text/plain; charset=ISO-8859-1 > > You can read a comparison between the *Swans here, but things have moved on > since; e.g. StrongSwan supports IKEv1 in Aggressive Mode, > Aggressive mode with pre-shared keys is vulnerable to offline dictionary attack so you might as well use main mode. If for some reason you have to use aggressive mode use a long randomly generated PSK. --001a11c21a8ce9085104dc900f77 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
You can read a comparison between the *Swans here, but things have moved on=
since; e.g. StrongSwan supports IKEv1 in Aggressive Mode,
<= /div>
Aggressive mode with pre-shared k= eys is vulnerable to offline dictionary attack so you might as well use mai= n mode. If for some reason you have to use aggressive mode use a long rando= mly generated PSK.
--001a11c21a8ce9085104dc900f77--