[Openswan Users] DSL modems in bridge mode and UDP fragmentat
TBouwer at pfn.com
Mon Jan 5 19:21:19 CET 2004
Today I found a business class Verizon DSL connection on the East Coast
where I can test several modems and determine (with no routers and ACL's)
whether the Westell 2100 and friends are at fault.
The option to not send certs is very attractive but would involve upgrading
the machines in Washington state (these boxes are still using superfreeswan
1.99) so this looks like something worth persuing a bit further down the
line. An option to not send CR's configurable per connection is also
appealing. I can find out if someone over here can look into adding a flag
in the code to stop sending CR's if the cert is held locally and is still
Thanks for the advice. I'll post findings after testing some modems on Wed.
From: Michael Richardson [mailto:mcr at sandelman.ottawa.on.ca]
Sent: Monday, January 05, 2004 5:54 PM
To: Tim Bouwer
Cc: users at lists.openswan.org
Subject: Re: [Openswan Users] DSL modems in bridge mode and UDP
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tim" == Tim Bouwer <TBouwer at pfn.com> writes:
Tim> How do you stop openswan from sending the cert or requesting the
X.509 is not always well documented, alas.
I'm sorry, I lie. There is no user-accessible option to prevent sending
certificate. I'm actually surprised here. I'm too close to the inside of the
It should really be a per-conn initiator option.
I can add it to OSW 2.x.x if you'd like to test with that.
Or, you can hack code in ipsec_doi.c, main_inR2_outI3.
Tim> Is there some magic that I am missing in ipsec.conf? We do not use
Tim> ldap or dns provided certs.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device
] panic("Just another Debian GNU/Linux using, kernel hacking, security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
Users mailing list
Users at lists.openswan.org
More information about the Users