AVM FRITZ (FRITZ!Box, ...) brand devices¶

The AVM FRITZ brand devices are all very restricted and only implement IKEv1 in aggressive mode with PSK authentication and optionally XAUTH in the second round.

The ciphers they implement are all considered insecure or deprecated
They transmit the following proposals in IKE:

• aes256-sha512-modp1024
• aes256-sha1-modp1024
• aes192-sha1-modp1024
• aes128-sha1-modp1024
• 3des-sha1-modp1024
• des-sha1-modp1024
• aes256-md5-modp1024
• aes192-md5-modp1024
• aes128-md5-modp1024
• 3des-md5-modp1024
• des-md5-modp1024

They also send the following vendor IDs:

• XAUTH
• DPD
• NAT-T (RFC 3947)
• draft-ietf-ipsec-nat-t-ike-02\n
• draft-ietf-ipsec-nat-t-ike-03
• a2:22:6f:c3:64:50:0f:56:34:ff:77:db:3b:74:f4:1b