[Design] snapshot with new OE behavior

From: Sam Sgro <sam(at)freeswan.org>
Date: Thu Mar 13 2003 - 06:09:33 EST

-----BEGIN PGP SIGNED MESSAGE----- I've just cut a new 2.X snapshot - a "samshot", excuse the humor - that contains some of the (experimental) changes to OE behavior coded by DHR:

• - The new "myid=" code has been pulled up. This allows quick deployment of initiator-only OE by having to edit one line, as opposed to redefining all the policy group conns.
• - All OE connections will be preceded by a "self" KEY/TXT lookup, to verify that the host is OE capable.
• - a new "packetdefault" implicit conn has been added. This should allow 2.X machines to still function as gateways when doing host-only OE.

conn packetdefault

        type=tunnel
        left=%defaultroute
        # leftid is affected by myid=
        leftsubnet=0.0.0.0/0
        right=%opportunistic
        failureshunt=passthrough
        keyingtries=3
        ikelifetime=1h
        keylife=1h
        rekey=no
        auto=route

• -- Sam Sgro sam@freeswan.org

-----BEGIN PGP SIGNATURE-----

Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPnBm70OSC4btEQUtAQFy1wQAvV8MxY7GSOPR8DqyqHK0CUF/UwlHQO3m YckKxQql7x1yifJsoZJ6noE0If7v5j+c7elU5gL/bAVdlMdMGQtOv+zVTM679ZzG LHRy/UTsYiOsiCuK67Tcrj8tlWu6Xc4LmTjq+YktLO/dHTkd2MZFphGjYA43/zz5 K7AWaNkbYWM=
=+K9z
-----END PGP SIGNATURE-----

---

Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Thu Mar 13 07:08:43 2003