> > You can read a comparison between the *Swans here, but things have moved on > since; e.g. StrongSwan supports IKEv1 in Aggressive Mode, >
Aggressive mode with pre-shared keys is vulnerable to offline dictionary attack so you might as well use main mode. If for some reason you have to use aggressive mode use a long randomly generated PSK.
