[conspire] Re: Building a secure inbound gateway
andy-news at schegg.org
Sat Aug 16 12:06:05 PDT 2003
Ask a question, find your own answer...
This is often how it works, though after spending 8 hours yesterday
working on this stuff I am a bit embarrassed how quickly I found a
solution after posting to this email list.
I continued to look around and found the following buried in the
freeS/WAN manual under Policy Groups:
Disabling Opportunistic Encryption
To disable OE (eg. policy groups and packetdefault), cut and paste the
following lines to /etc/ipsec.conf:
Surprise, the added routes go away. Actually something I had read
earlier implied that Opportunistic Encryption (OE) was responsible for
some of those added routes, but it was NOT clear that the above
connection types were related to this OE features. (And I had tried
other commands to turn off OE, without effect.)
Anyway, I HOPE this helps someone else in the future.
I suspect, unfortunately, that I'll be back with more questions on this
Thanks for reading!
More information about the conspire