Is Aggressive Mode "standards bloat" Yes. or is it a necessary addition to do what Ben wants to do? It appears that what Ben wants to do is to use shared secret authentication by "identity" rather than ip address. it should be possible to do this with main mode; we should figure out how to tweak Main Mode to make this possible. - Bill