<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">set pfs=no on both sides. this ensures that neither of the vpn server request pfs.</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Rgds,<BR><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">----- Original Message ----<BR>From: "Argon_Cheng@sdc.sercomm.com" <Argon_Cheng@sdc.sercomm.com><BR>To: users@openswan.org<BR>Sent: Wednesday, 19 December, 2007 1:29:58 PM<BR>Subject: Re: [Openswan Users] Different PFS setting but can connect success<BR><BR><BR><FONT face=sans-serif size=2>Hi,</FONT> <BR><FONT face=sans-serif size=2> Is there anybody knows how to disable this feature?, I means, do not use PFS feature if I disable it. </FONT><BR><FONT face=sans-serif size=2> <BR>Best Regards<BR>Argon Cheng<BR>TEL: 86-512-67612332 ext: 1220</FONT> <BR><BR><BR>
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD>
<TD><FONT face=sans-serif size=1><B>Ruben Laban <r.laban@ism.nl></B></FONT> <BR><FONT face=sans-serif size=1>寄件人: users-bounces@openswan.org</FONT>
<P><FONT face=sans-serif size=1>2007-12-19 16:40</FONT> </P>
<TD><FONT face=Arial size=1> </FONT><BR><FONT face=sans-serif size=1> 收件人: users@openswan.org</FONT> <BR><FONT face=sans-serif size=1> 副本抄送: </FONT> <BR><FONT face=sans-serif size=1> 主旨: Re: [Openswan Users] Different PFS setting but can connect success</FONT></TR></TBODY></TABLE><BR><BR><BR><FONT size=2><TT>On Wednesday 19 December 2007, Argon_Cheng@sdc.sercomm.com wrote:<BR>> I have two VPN stations(using openswan 2.4.4). I set PFS disable<BR>> in left station while PFS enable in right station. But these two stations<BR>> can establish VPN connection success. Is there anyone know the reason?<BR><BR>>From the ipsec.conf manpage:<BR><BR>pfs<BR><BR>Whether Perfect Forward Secrecy of keys is desired on the
connection's keying <BR>channel (with PFS, penetration of the key-exchange protocol does not <BR>compromise keys negotiated earlier); Since there is no reason to ever refuse <BR>PFS, Openswan will allow a connection defined with pfs=no to use PFS anyway. <BR>Acceptable values are yes (the default) and no.<BR><BR>Regards,<BR>-- <BR>Ruben Laban<BR>Systems and Network Administrator<BR>r.laban@ism.nl<BR> <BR>ISM eCompany<BR>Van Nelleweg 1<BR>Postbus 13043<BR>3004 HA Rotterdam<BR>+31 (0)10 243 6000 (tel)<BR>+31 (0)10 243 6066 (fax)<BR>www.ism.nl<BR><BR>Quality Solutions - Reliable Partner<BR>_______________________________________________<BR>Users@openswan.org<BR>http://lists.openswan.org/mailman/listinfo/users<BR>Building and Integrating Virtual Private Networks with Openswan: <BR>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<BR></TT></FONT><BR></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR></DIV></div><br>
<hr size=1> Sent from <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=51949/*http://uk.docs.yahoo.com/mail/winter07.html">Yahoo!</a> - a smarter inbox.</body></html>