[Openswan Users] need your comment on PFS group of Openswan 2.4.8
Utkarsh Shah
utkarsh at elitecore.com
Fri Jul 27 03:20:37 EDT 2007
Hi,
Paul Wouters wrote:
> On Thu, 26 Jul 2007, Utkarsh Shah wrote:
>
>
>> Currently I am working on Openswan2.4.8.
>> I have simple roadwarrior connection in which roadwarrior is behind NAT box.
>>
>> Connection got established even though my pfsgroup is mismatched.
>> Kindly comment on this.
>>
>
> I believe openswan always accepts a higher PF group, because there is
> no harm in doing so. In fact, even with pfs=no, openswan will still
> accept pfs requests - it will just not ask for them.
>
But even if at initiator side have lower group it establishes connection
and vice-e-versa.
>
>> Can I have list of parameters which if mismatched then tunnel will not get
>> established or conditions in which it will fail due to mismatched
>> configuration.
>>
>
> See openswan-2.4.x/testing/pluto/
>
Thanks for your help..
> Paul
>
Regards,
Utkarsh Shah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070727/b9966e4f/attachment-0001.html
More information about the Users
mailing list