Allow users to specify aggressive mode for IKEv1 key exchanges

Although strongly not recommended by the developers of strongSwan,
sometimes remote VPN gateways requires this because of interop
reasons or a network admin who doesn't have an idea on why
aggressive mode is bad.

1 files changed, 6 insertions, 0 deletions

diff --git a/templates/vpn/ipsec/ike-group/node.tag/mode/node.def b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def
new file mode 100644
index 0000000..f302d3d
--- /dev/null
+++ b/templates/vpn/ipsec/ike-group/node.tag/mode/node.def
@@ -0,0 +1,6 @@
+help: IKEv1 Phase 1 Mode Selection 
+type: txt
+default: "main"
+syntax:expression: $VAR(@) in "main", "aggressive"; "must be main or aggressive"
+val_help: main; Use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default)
+val_help: ikev2; Use Aggressive mode for Key Exchanges in the IKEv1 protocol - We do not recommend users to use aggressive mode as it is much more insecure compared to Main mode.