Differences between version 25 and predecessor to the previous major change of IPSecInstallation.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 25 | Last edited on Monday, November 10, 2003 9:55:25 pm | by MichaelBordignon | Revert |
| Older page: | version 24 | Last edited on Thursday, November 6, 2003 10:45:52 am | by DanielLawson | Revert |
@@ -78,8 +78,28 @@
You may now wish to go to [IPSecConfiguration] to find out how to actually do something useful with all this!
__IMPORTANT NOTE:__ FreeS/WAN 2.x ships with OpportunisticEncryption enabled out of the box. THIS WILL CAUSE YOU PROBLEMS IF YOU DON'T HAVE CORRECT DNS RECORDS! If you install FreeS/WAN (esp. on Debian) and want to set up tunnels, or learn about it, turn OE off quickly. If it's on, you'll have /1 routes and a default route out your ipsec0 interface, and __you will no longer have a default gateway__.
+
+To do this, the following is needed in your ipsec.conf:
+
+ conn block
+ auto=ignore
+
+ conn private
+ auto=ignore
+
+ conn private-or-clear
+ auto=ignore
+
+ conn clear-or-private
+ auto=ignore
+
+ conn clear
+ auto=ignore
+
+ conn packetdefault
+ auto=ignore
----
[1]: [X509] certificate support is required if you want to interoperate with Windows. You can either get [X509 patch for vanilla FreeS/WAN|http://www.strongsec.com/freeswan/] or you can get [Super FreeS/WAN|http://www.freeswan.ca/], which has lots more patches, but tends to be a version or two behind the original FreeS/WAN release. If you don't know what you need, compile X509 in if you're going to interoperate with Windows, and don't bother otherwise.
