[Openswan dev] Re: openswan 3DES+SHA1+XAUTH
Paul Wouters
paul at xelerance.com
Fri Dec 10 11:49:09 CET 2004
On Fri, 10 Dec 2004, Bas Huisman wrote:
>> Why do you have pfs=no?
>
> Because I have some printscreens from the configuration on the server
> side, and the checkbox for "Enable Perfect Forward Secrecy" is not
> checked on the server.
Suddenly I realise you are an xauth client to safenet server, not the
other way around....
>> But you should try to not use xauth=yes but leftxauthserver=yes
>
> Are you sure? In my configuration I am the leftside (I am the client)
> (the Sonic Wall IPSEC server is on the right side)
Sorry. so use leftxauthclient=yes
If you do not see a vendorid in the logs for Dead Peer Detection being
received, then the Safenet remote peer doesn't support it, or has it
disabled.
Paul
--
Math is case-sensitive
--- Ian Goldberg
More information about the Dev
mailing list