[Openswan Users] Different PFS setting but can connect success
Ruben Laban
r.laban at ism.nl
Wed Dec 19 03:40:26 EST 2007
On Wednesday 19 December 2007, Argon_Cheng at sdc.sercomm.com wrote:
> I have two VPN stations(using openswan 2.4.4). I set PFS disable
> in left station while PFS enable in right station. But these two stations
> can establish VPN connection success. Is there anyone know the reason?
From the ipsec.conf manpage:
pfs
Whether Perfect Forward Secrecy of keys is desired on the connection's keying
channel (with PFS, penetration of the key-exchange protocol does not
compromise keys negotiated earlier); Since there is no reason to ever refuse
PFS, Openswan will allow a connection defined with pfs=no to use PFS anyway.
Acceptable values are yes (the default) and no.
Regards,
--
Ruben Laban
Systems and Network Administrator
r.laban at ism.nl
ISM eCompany
Van Nelleweg 1
Postbus 13043
3004 HA Rotterdam
+31 (0)10 243 6000 (tel)
+31 (0)10 243 6066 (fax)
www.ism.nl
Quality Solutions - Reliable Partner
More information about the Users
mailing list