This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Has this known issue been fixed???

ID376 o 4.000 Pfsgroup variable is set even when PFS is disabled
----------------------------------------------------------------
Description:  For IPsec connections with PFS disabled, the variable
              'pfs' is set to 'no', but 'pfsgroup' also defaults to
              'modp1024'. This may cause trouble with interoperability.
Workaround:   ---
Fix:          ---

This thread was automatically locked due to age.

Parents

0 Gert Hansen over 22 years ago

Hi there,

the important parameter is pfs=yes/no.
The default value of pfsgroup, if set or not, is always modp1024!
There should not be an interoperability problems.
But to keep the configuration file clean, we addressed this issue in up2date
4.001 which is available since 03/10/03.

kind regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Gert Hansen over 22 years ago

Hi there,

the important parameter is pfs=yes/no.
The default value of pfsgroup, if set or not, is always modp1024!
There should not be an interoperability problems.
But to keep the configuration file clean, we addressed this issue in up2date
4.001 which is available since 03/10/03.

kind regards
Gert
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data