[Openswan Users] Microsoft L2TP

Trevor Benson tbenson at a-1networks.com
Sun Mar 14 11:42:08 CET 2004

I just finished reading through notes from Microsoft on PFS.  It appears
it is not required by default by the client.  This however does not mean
that PFS will not enable if the server requests it.

I removed the pfs=no line in my ipsec.conf file and brought down the
tunnel, and back up. I connected and had no issues after requiring pfs
from openswan.  More security can be configured if you wish to require
pfs at the workstation, but it should follow suite from the ipsec server
it connects to.

Trevor Benson

More information about the Users mailing list