[Openswan Users] DSL modems in bridge mode and UDP fragmentat ion
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Jan 5 22:28:46 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tim" == Tim Bouwer <TBouwer at pfn.com> writes:
Tim> The option to not send certs is very attractive but would involve
Tim> upgrading the machines in Washington state (these boxes are still
Tim> using superfreeswan 1.99) so this looks like something worth
The code is now in OSW 2.xx HEAD.
Tim> persuing a bit further down the line. An option to not send CR's
Tim> configurable per connection is also appealing. I can find out if
Tim> someone over here can look into adding a flag in the code to stop
Tim> sending CR's if the cert is held locally and is still valid.
Well, as an interim measure, you could hack the one line of code that
causes the cert to be sent, recompile pluto and try it for a half hour. That
would tell if you that was really the problem.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBP/orZYqHRg3pndX9AQGpPwQA47Jsqt+WgVGcGUoEH/5LrNlB+zNrJtzM
MTJUuPv3pIvU+moVWpssP4OPV4l3IZ6eamA3WclSrjGVOFqbeatrcisLADhL+7vC
YlRD6xxmn7LpPv58zZn1rmd32BwDIT3sIBqbK23/59w+EfH4vIzuJ9eI0u0Jo7yf
LQI2uVtAFaI=
=Gz3+
-----END PGP SIGNATURE-----
More information about the Users
mailing list