[Openswan Users] FW: VPN works, but you can't eBay ;-)
Paul Wouters
paul at xelerance.com
Tue May 17 17:33:44 CEST 2005
On Tue, 17 May 2005, Miguel Dilaj wrote:
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!{re
> ad note below}/24
Doesnt it warn you about this line? It should be !%v4:range/24 and not
%v4:!range/24. It might be disabling NAT-T on this machine (or just ignore
the last exclusion)
> enable PFS
> DH group 2
> enable replay detection (I still wonder what's that ;-)
Usually the replay detection/prevention vendors mean is just PFS. I am
not sure what else it should/could be, if they do not mean pfs.
Paul
More information about the Users
mailing list