services.strongswan-swanctl.swanctl.connections.<name>.aggressive

Enables Aggressive Mode instead of Main Mode with Identity Protection. Aggressive Mode is considered less secure, because the ID and HASH payloads are exchanged unprotected. This allows a passive attacker to snoop peer identities, and even worse, start dictionary attacks on the Preshared Key.

StrongSwan default: false

Type

null or boolean

Default

null

Declared

<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>