[Openswan Users] DSL modems in bridge mode and UDP fragmentat ion

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Tim" == Tim Bouwer <TBouwer at pfn.com> writes:
    Tim> How do you stop openswan from sending the cert or requesting the
    Tim> cert?

  X.509 is not always well documented, alas.
  I'm sorry, I lie. There is no user-accessible option to prevent sending the
certificate. I'm actually surprised here. I'm too close to the inside of the 
code.

  It should really be a per-conn initiator option. 

  I can add it to OSW 2.x.x if you'd like to test with that.

  Or, you can hack code in ipsec_doi.c, main_inR2_outI3.

    Tim> Is there some magic that I am missing in ipsec.conf?  We do not use
    Tim> ldap or dns provided certs.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBP/nq8IqHRg3pndX9AQE8OwQA2y3K9+pAy1jaqloYqbeEBeQjjzyuVA6V
TXD0+7sbhmEsscJfayoEO/y/ArxzxoBluJktFtJZbhtH5SKyE1Jq74Btsjld4T6o
BnyJDyeN+bMSdomZNReyebncFbXGyJbQgvqBkjFilb5HmaB4PhZrNyCuKh3JtcHJ
x5viQpfWuFM=
=SEiB
-----END PGP SIGNATURE-----