AVM FRITZ (FRITZ!Box, ...) brand devices¶
The AVM FRITZ brand devices are all very restricted and only implement IKEv1 in aggressive mode with PSK authentication and optionally XAUTH in the second round.
The ciphers they implement are all considered insecure or deprecated
They transmit the following proposals in IKE:
- aes256-sha512-modp1024
- aes256-sha1-modp1024
- aes192-sha1-modp1024
- aes128-sha1-modp1024
- 3des-sha1-modp1024
- des-sha1-modp1024
- aes256-md5-modp1024
- aes192-md5-modp1024
- aes128-md5-modp1024
- 3des-md5-modp1024
- des-md5-modp1024
- XAUTH
- DPD
- NAT-T (RFC 3947)
- draft-ietf-ipsec-nat-t-ike-02\n
- draft-ietf-ipsec-nat-t-ike-03
- a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b