You probably want to turn
*Negotiation mode:* Aggressive
off. (That is, you want Negotiation mode: Main)
If you can install packet filters toward the IPSEC peer, that helps too.
The m0n0 documentation probably needs a bit of an update this:
> Negotiation mode: This is the type of authentication security that
> will be used. Unless you are under close watch by someone with
> paranormal like craziness, just leave this as aggressive. It is indeed
> far faster and will insure that your VPN tunnel will rebuild itself
> down when the resource on the other end was requested. (more about
> that under Lifetime)
found on: http://doc.m0n0.ch/handbook/ipsec-tunnels.html
probably needs updating to reflect the new information.
Bradley Van Peursem wrote:
>Does this newly publicized ISAKMP IPSEC flaw affect monowall?
>May be a dumb question, but did not know the answer.