Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-summer > 98 > 080306.html (Request Expert lists.freeswan.org Support)

Re: linux-ipsec: Phase II PFS

From: Hugh Redelmeier <hugh(at)trends.net>
Date: Mon Aug 31 1998 - 20:08:04 EDT


Thanks, Kai for your PFS changes to Pluto. I've used them as the basis for the PFS code I've just committed.

| From: Kai Martius <admin@imib.med.tu-dresden.de>
| Date: Tue, 25 Aug 1998 04:06:26 -0400

| Yesterday I managed to add PFS capability to Pluto's quick mode.

| It works well, I've

For some reason, I'm having trouble with the SSH test site. Every message they send gets repeated, somewhat confusing Pluto. Perhaps SSH's daemon is repeating because my 28K PPP link is too slow.

| However, they seem to support 768-DH-group only, or there

Right. The code you wrote used the Phase 1 group, not the negotiated one.

| Adding this stuff, I came to your SPD-things in spdb.c/h.

Do you need help?X

This code was mostly already there. I've changed it anyway :-)

| But at this point, the SPD-stuff is a

I hope that stuff will go away in the medium term. Pluto (or something) needs to support much more control and flexibility in the policy area.

| Further, if Pluto is responder in quick mode, the incoming SA

I don't think that this was the case.

| Two other "proposals":

It depends how things evolve. It is considerably smaller than when I took it over, so I'm content at the moment.

| 2. "whack" has many options in the meantime, and they will become

Do you need more help?X

This is another area that needs to evolve. There may be standards coming in this area (SNMP?).

| From: Kai Martius <admin@imib.med.tu-dresden.de>
| Date: Wed, 26 Aug 1998 06:51:52 -0400
| Subject: linux-ipsec: Snapshop Aug26 + PFS

| By Hugh's (Daniel) request, I've included the PFS stuff into the

Thanks, that helped a lot.

| Hugh (Redelmeier) should review it, if there are problems the

You'll see that this area is done differently now.

| One problem I noticed today: I tried to use both

I added encrypt+authenticate support just after the snapshot you used. There is some problem between KLIPs and Pluto in this area. We hope to fix this soon. There is also a slicing-and-dicing bug with the keying material.

Can we help you?X

| From: Kai Martius <admin@imib.med.tu-dresden.de>
| To: linux-ipsec@clinet.fi
| Date: Thu, 27 Aug 1998 05:20:44 -0400
| Subject: linux-ipsec: PFS diff

| seems, that my attachment was rejected by the listserver, becasue it

This is a good way to transmit changes. Unfortunately, the diff got mangled by your mailer.

Your original tar was a bit of a monster. It isn't a great idea to send .o or a.out files -- big AND useless. Hint: in the pluto directory,

        tar czvf pluto.tar `make distlist`
would get just the files of the distribution

Thanks again,

Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253 Received on Mon Aug 31 20:12:33 1998

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT

Can't find what you're looking for?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library