The idea of an encrypted communication channel regularly changing it's key. Thus if one of the keys is ever compromised (for what ever reason), then the attacker can use that to read all future traffic, but not any older traffic.

Nifty no?

Apple's and Microsoft's L2TP/IPSec clients do not enable PFS. FreeSwan, on the other hand, enables PFS by default. (One could only speculate why PFS is not used by Apple and Microsoft as a default. Is it because of the <insert your favourite 3-letter government agency>?).

Note that FreeS/WAN will use PFS when the client asks for it, even when pfs=no is specified in the FreeS/WAN configuration. FreeS/WAN will ignore the pfs=no for that particular client because PFS is more secure and if the client supports it, why not use it? If you set pfs=no, it allows you to connect with clients that are configured with or without PFS.

See ISAKMP.

CategorySecurity