Ipsec config info
-
hi guys,
watching my pfsense log I see this:/rc.newipsecdns: WARNING: Setting i_dont_care_about_security_and_use_aggressive_mode_psk option because a phase 1 is configured using aggressive mode with pre-shared keys. This is not a secure configuration.
and what about ? why is not a secure configuration ?
thanks in advice
-
Because of how aggressive mode works with pre-shared keys. It's the nature of the protocol itself that is insecure, not anything specific to pfSense.
Use main mode and not aggressive, or use RSA auth and not PSK. Or even better, use IKEv2 if both sides support it.
There are some times you have to use aggressive+PSK, though, so it's still available, but the IPsec daemon will print that warning to let you know you're doing something that lowers your security.
-
many many thanks for your replay :) ;)