[conspire] Re: Building a secure inbound gateway
Andy Schwartz
andy-news at schegg.org
Sat Aug 16 12:06:05 PDT 2003
Ask a question, find your own answer...
This is often how it works, though after spending 8 hours yesterday
working on this stuff I am a bit embarrassed how quickly I found a
solution after posting to this email list.
I continued to look around and found the following buried in the
freeS/WAN manual under Policy Groups:
----------------
Disabling Opportunistic Encryption
To disable OE (eg. policy groups and packetdefault), cut and paste the
following lines to /etc/ipsec.conf:
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
-----------------
Surprise, the added routes go away. Actually something I had read
earlier implied that Opportunistic Encryption (OE) was responsible for
some of those added routes, but it was NOT clear that the above
connection types were related to this OE features. (And I had tried
other commands to turn off OE, without effect.)
Anyway, I HOPE this helps someone else in the future.
I suspect, unfortunately, that I'll be back with more questions on this
support shortly.
Thanks for reading!
Andy
More information about the conspire
mailing list