[Openswan Users] Different PFS setting but can connect success
stjames08 at yahoo.co.uk
Wed Dec 19 09:44:16 EST 2007
set pfs=no on both sides. this ensures that neither of the vpn server request pfs.
----- Original Message ----
From: "Argon_Cheng at sdc.sercomm.com" <Argon_Cheng at sdc.sercomm.com>
To: users at openswan.org
Sent: Wednesday, 19 December, 2007 1:29:58 PM
Subject: Re: [Openswan Users] Different PFS setting but can connect success
Is there anybody knows how to disable this feature?, I means, do not use PFS feature if I disable it.
TEL: 86-512-67612332 ext: 1220
Ruben Laban <r.laban at ism.nl>
寄件人： users-bounces at openswan.org
收件人： users at openswan.org
主旨： Re: [Openswan Users] Different PFS setting but can connect success
On Wednesday 19 December 2007, Argon_Cheng at sdc.sercomm.com wrote:
> I have two VPN stations(using openswan 2.4.4). I set PFS disable
> in left station while PFS enable in right station. But these two stations
> can establish VPN connection success. Is there anyone know the reason?
>From the ipsec.conf manpage:
Whether Perfect Forward Secrecy of keys is desired on the connection's keying
channel (with PFS, penetration of the key-exchange protocol does not
compromise keys negotiated earlier); Since there is no reason to ever refuse
PFS, Openswan will allow a connection defined with pfs=no to use PFS anyway.
Acceptable values are yes (the default) and no.
Systems and Network Administrator
r.laban at ism.nl
Van Nelleweg 1
3004 HA Rotterdam
+31 (0)10 243 6000 (tel)
+31 (0)10 243 6066 (fax)
Quality Solutions - Reliable Partner
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users