[Openswan Users] INVALID_HASH_INFORMATION when remote peer is set to %any

Paul Wouters paul at xelerance.com
Wed Apr 29 12:28:58 EDT 2009


On Wed, 29 Apr 2009, Benny Amorsen wrote:

> Paul Wouters <paul at xelerance.com> writes:
>
>> You can send ID's in main mode, but it is not quick enough to determine who is who when
>> using PSK (instead of RSA or X.509). So for PSK, yes you need aggressive mode.
> Is this fixed with IKEv2?

Fixed as in ikev2 mode uses the 4 packet exchange of aggressive mode
per default and a 6 msg "under dos attack" fallback mechanism.

Paul


More information about the Users mailing list