<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1028330913;
mso-list-type:hybrid;
mso-list-template-ids:2123123338 -1193371796 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:16;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Arial;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I understand StrongSWAN doesn’t support AGGRESSIVE-MODE (AM) on purpose as it is less secure.<o:p></o:p></p><p class=MsoNormal>From StrongSWAN FAQ:<o:p></o:p></p><p class=MsoNormal>“<strong><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>Q:</span></strong><span class=apple-converted-space><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'> </span></span><em><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>Does strongSwan support IKEv1 Aggressive Mode?</span></em><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'><o:p></o:p></span></p><p><strong><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>A:</span></strong><span class=apple-converted-space><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'> </span></span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>Quote from Andreas Steffen:<br>bq. No, strongSwan does<span class=apple-converted-space> </span></span><strong><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>not</span></strong><span class=apple-converted-space><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'> </span></span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>support IKEv1 Aggressive Mode and<span class=apple-converted-space> </span></span><strong><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>never</span></strong><span class=apple-converted-space><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'> </span></span><span style='font-size:7.5pt;font-family:"Verdana","sans-serif";color:#36000C'>will. Otherwise we would have called the project "weakSwan".”<o:p></o:p></span></p><p class=MsoNormal>AM is very very common in the industry especially with remote-clients (“roadwariors”). <o:p></o:p></p><p class=MsoNormal>The alternatives for AM are not that easy, market shift to IKEv2 will probably take a while and RSA authentication requires PKI management.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Lack of AM probably prevents wide implantation of the package.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Adding AM will make StrongSWAN a complete VPN Solution and the 1<sup>st</sup> choice (when googling comparison with other packages it always appears as StrongSWAN’s big minus). Consider even somehow adding it disabled by default (e.g. use require WEAK compilation flag or even as a patch) – so one that will need it will need to be aware of it an actively enable it. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Are there considerations to add it to StrongSWAN’s roadmap? <o:p></o:p></p><p class=MsoNormal>Anyone known to be working on it?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanx,<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span dir=LTR></span>Ido<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>