[conspire] Re: Building a secure inbound gateway

Andy Schwartz andy-news at schegg.org
Sat Aug 16 12:06:05 PDT 2003

Ask a question, find your own answer...

This is often how it works, though after spending 8 hours yesterday 
working on this stuff I am a bit embarrassed how quickly I found a 
solution after posting to this email list.

I continued to look around and found the following buried in the 
freeS/WAN manual under Policy Groups:

Disabling Opportunistic Encryption

To disable OE (eg. policy groups and packetdefault), cut and paste the 
following lines to /etc/ipsec.conf:

conn block

conn private

conn private-or-clear

conn clear-or-private

conn clear

conn packetdefault

Surprise, the added routes go away.  Actually something I had read 
earlier implied that Opportunistic Encryption (OE) was responsible for 
some of those added routes, but it was NOT clear that the above 
connection types were related to this OE features.  (And I had tried 
other commands to turn off OE, without effect.)

Anyway, I HOPE this helps someone else in the future.

I suspect, unfortunately, that I'll be back with more questions on this 
support shortly.

Thanks for reading!


More information about the conspire mailing list