[Openswan Users] Connection not coming up automatically
paul at xelerance.com
Mon Jul 3 19:41:47 CEST 2006
On Mon, 3 Jul 2006, Marco Berizzi wrote:
> Paul Wouters wrote:
> > On Tue, 27 Jun 2006, Andy wrote:
> > > > It prevents your box from going down with a trivial DDOS attack when
> > > > Aggressive Mode is used.
> Setting USE_AGGRESSIVE?=false in Makefile.inc will prevent
> this kind of DDOS?
That is not needed if you do not have any aggressive mode connections
defined, since it will just not even start with a DH calculation.
It is the people who NEED aggressive mode that need this protection.
And of course, people using hardware accelerators will profit greatly from
using async crypto operations.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users