[Openswan Users] need your comment on PFS group of Openswan 2.4.8
Paul Wouters
paul at xelerance.com
Thu Jul 26 10:49:31 EDT 2007
On Thu, 26 Jul 2007, Utkarsh Shah wrote:
> Currently I am working on Openswan2.4.8.
> I have simple roadwarrior connection in which roadwarrior is behind NAT box.
>
> Connection got established even though my pfsgroup is mismatched.
> Kindly comment on this.
I believe openswan always accepts a higher PF group, because there is
no harm in doing so. In fact, even with pfs=no, openswan will still
accept pfs requests - it will just not ask for them.
> Can I have list of parameters which if mismatched then tunnel will not get
> established or conditions in which it will fail due to mismatched
> configuration.
See openswan-2.4.x/testing/pluto/
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list