[Openswan Users] Connection not coming up automatically
Paul Wouters
paul at xelerance.com
Mon Jul 3 19:41:47 CEST 2006
On Mon, 3 Jul 2006, Marco Berizzi wrote:
> Paul Wouters wrote:
>
> > On Tue, 27 Jun 2006, Andy wrote:
> >
> > > > It prevents your box from going down with a trivial DDOS attack when
> > > > Aggressive Mode is used.
>
> Setting USE_AGGRESSIVE?=false in Makefile.inc will prevent
> this kind of DDOS?
That is not needed if you do not have any aggressive mode connections
defined, since it will just not even start with a DH calculation.
It is the people who NEED aggressive mode that need this protection.
And of course, people using hardware accelerators will profit greatly from
using async crypto operations.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list