Hi,
I use the split authentication of ikev2 (client with psk, gateway with
cert)
Keep in mind to use such a setup only with strong secrets. PSK client
authentication is subject to dictionary attacks, don't use it with
simple passwords.
in the split modus it is for an attacker also possible
Hi,
I'll have a look what's the best approach to implement a fix.
A patch is gone into SVN, see [1]. This should fix a potential DoS
attack scenario on the pool.
However, there is still no guarantee for this uniqueness check. A peer
can still set up multiple IKE_SAs at the same time, but