Project

General

Profile

AVM FRITZ (FRITZ!Box, ...) brand devices

The AVM FRITZ brand devices are all very restricted and only implement IKEv1 in aggressive mode with PSK authentication and optionally XAUTH in the second round.

The ciphers they implement are all considered insecure or deprecated
They transmit the following proposals in IKE:

  • aes256-sha512-modp1024
  • aes256-sha1-modp1024
  • aes192-sha1-modp1024
  • aes128-sha1-modp1024
  • 3des-sha1-modp1024
  • des-sha1-modp1024
  • aes256-md5-modp1024
  • aes192-md5-modp1024
  • aes128-md5-modp1024
  • 3des-md5-modp1024
  • des-md5-modp1024
They also send the following vendor IDs:
  • XAUTH
  • DPD
  • NAT-T (RFC 3947)
  • draft-ietf-ipsec-nat-t-ike-02\n
  • draft-ietf-ipsec-nat-t-ike-03
  • a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b