[Openswan Users] DSL modems in bridge mode and UDP fragmentat ion
mcr at sandelman.ottawa.on.ca
Mon Jan 5 17:53:37 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tim" == Tim Bouwer <TBouwer at pfn.com> writes:
Tim> How do you stop openswan from sending the cert or requesting the
X.509 is not always well documented, alas.
I'm sorry, I lie. There is no user-accessible option to prevent sending the
certificate. I'm actually surprised here. I'm too close to the inside of the
It should really be a per-conn initiator option.
I can add it to OSW 2.x.x if you'd like to test with that.
Or, you can hack code in ipsec_doi.c, main_inR2_outI3.
Tim> Is there some magic that I am missing in ipsec.conf? We do not use
Tim> ldap or dns provided certs.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Users