<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<STYLE type=text/css>DIV {
MARGIN: 0px
}
</STYLE>
<META content="MSHTML 6.00.6000.16587" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=953144817-19122007><FONT face=Arial
color=#0000ff size=2>But really, why would you want to disable it, if your
successfully connecting, since it increases security!</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV align=left><FONT face=Arial size=2>Peter McGill</FONT></DIV>
<DIV> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Gbenga<BR><B>Sent:</B>
December 19, 2007 9:44 AM<BR><B>To:</B> users@lists.openswan.org<BR><B>Cc:</B>
Argon_Cheng@sdc.sercomm.com<BR><B>Subject:</B> Re: [Openswan Users] Different
PFS setting but can connect success<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">set
pfs=no on both sides. this ensures that neither of the vpn server request
pfs.</DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"> </DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">Rgds,<BR><BR></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif">-----
Original Message ----<BR>From: "Argon_Cheng@sdc.sercomm.com"
<Argon_Cheng@sdc.sercomm.com><BR>To: users@openswan.org<BR>Sent:
Wednesday, 19 December, 2007 1:29:58 PM<BR>Subject: Re: [Openswan Users]
Different PFS setting but can connect success<BR><BR><BR><FONT face=sans-serif
size=2>Hi,</FONT> <BR><FONT face=sans-serif size=2>
Is there anybody knows how to disable this feature?, I means, do not use PFS
feature if I disable it. </FONT><BR><FONT face=sans-serif size=2>
<BR>Best Regards<BR>Argon Cheng<BR>TEL: 86-512-67612332 ext:
1220</FONT> <BR><BR><BR>
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD>
<TD><FONT face=sans-serif size=1><B>Ruben Laban
<r.laban@ism.nl></B></FONT> <BR><FONT face=sans-serif size=1>寄件人:
users-bounces@openswan.org</FONT>
<P><FONT face=sans-serif size=1>2007-12-19 16:40</FONT> </P>
<TD><FONT face=Arial size=1> </FONT><BR><FONT
face=sans-serif size=1> 收件人:
users@openswan.org</FONT> <BR><FONT face=sans-serif
size=1> 副本抄送:
</FONT> <BR><FONT face=sans-serif size=1>
主旨: Re: [Openswan Users] Different PFS
setting but can connect
success</FONT></TD></TR></TBODY></TABLE><BR><BR><BR><FONT size=2><TT>On
Wednesday 19 December 2007, Argon_Cheng@sdc.sercomm.com wrote:<BR>>
I have two VPN stations(using openswan 2.4.4). I set PFS
disable<BR>> in left station while PFS enable in right station. But these
two stations<BR>> can establish VPN connection success. Is there anyone
know the reason?<BR><BR>>From the ipsec.conf
manpage:<BR><BR>pfs<BR><BR>Whether Perfect Forward Secrecy of keys is desired
on the connection's keying <BR>channel (with PFS, penetration of the
key-exchange protocol does not <BR>compromise keys negotiated earlier); Since
there is no reason to ever refuse <BR>PFS, Openswan will allow a connection
defined with pfs=no to use PFS anyway. <BR>Acceptable values are yes (the
default) and no.<BR><BR>Regards,<BR>-- <BR>Ruben Laban<BR>Systems and Network
Administrator<BR>r.laban@ism.nl<BR> <BR>ISM eCompany<BR>Van Nelleweg
1<BR>Postbus 13043<BR>3004 HA Rotterdam<BR>+31 (0)10 243 6000 (tel)<BR>+31
(0)10 243 6066 (fax)<BR>www.ism.nl<BR><BR>Quality Solutions - Reliable
Partner<BR>_______________________________________________<BR>Users@openswan.org<BR>http://lists.openswan.org/mailman/listinfo/users<BR>Building
and Integrating Virtual Private Networks with Openswan:
<BR>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<BR></TT></FONT><BR></DIV>
<DIV
style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times, serif"><BR></DIV></DIV><BR>
<HR SIZE=1>
Sent from <A
href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=51949/*http://uk.docs.yahoo.com/mail/winter07.html">Yahoo!</A>
- a smarter inbox.</BLOCKQUOTE></BODY></HTML>