Load /tmp/tmp.IBEBMao893/strongswan-2.8.0+dfsg into

branches/source-dist/debian/strongswan.

1 files changed, 30 insertions, 12 deletions

diff --git a/README b/README
index 415c002ef..c0480b069 100644
--- a/README
+++ b/README
@@ -41,7 +41,7 @@ Contents
 	6.1 Loading private key files in PKCS#1 format
 	6.2 Entering passphrases interactively
 	6.3 Multiple private keys
-   7. Configuring CA properties - ipsec.conf
+   7. Configuring CA properties - ipsec.
onf
    8. Smartcard support
 	8.1 Configuring a smartcard-based connection
 	8.2 Entering the PIN code
@@ -69,7 +69,8 @@ Contents
        14.1 Authentication and encryption algorithms
        14.2 NAT traversal
        14.3 Dead peer detection
-       14.4 IKE Mode Config
+       14.4 IKE Mode Config Pull Mode
+       14.5 IKE Mode Config Push Mode
   15. Copyright statement and acknowledgements
 
 
@@ -2918,8 +2919,8 @@ even if they might be supported by the responder.
 
 Currently please refer to README.NAT-Traversal document in the strongSwan
 distribution.
-     
-     
+
+
 14.3 Dead peer detection
     --------------------
 
@@ -2969,14 +2970,15 @@ dpdaction=clear for dynamic roadwarrior connections. The default value is
 dpdaction=none, which disables DPD.
 
 
-14.4 IKE Mode Config
-     ---------------
-     
+14.4 IKE Mode Config Pull Mode
+     -------------------------
+
 The IKE Mode Config protocol <draft-ietf-ipsec-isakmp-mode-cfg-04.txt> allows
 the dynamic assignment of virtual IP addresses and optional DNS and WINS server
-information to IPsec clients. Currently only "Mode Config Pull Mode" is
-implemented where the client actively sends a Mode Config request to the server
-in order to obtain a virtual IP.
+information to IPsec clients. As a default the "Mode Config Pull Mode" is
+used where the client actively sends a Mode Config request to the server
+in order to obtain a virtual IP. The server answers with a Mode Config reply
+message containing the requested information.
 
 Client side configuration (carol):
 
@@ -3008,6 +3010,22 @@ the virtual IP address defined by the rightsourceip parameter. In the future
 an LDAP-based lookup mechanism will be supported.
 
 
+14.5 IKE Mode Config Push Mode
+     -------------------------
+
+Cisco VPN equipment uses the alternative "Mode Config Push Mode" where the
+initiating clients waits for the server to push down a virtual address via
+a Mode Config set message. The receipt is acknowledged by the client with a
+Mode Config ack message.
+
+Mode Config Push Mode is activated by the parameter
+
+  modeconfig=push
+
+as part of the connection definition in ipsec.conf. The default value is 
+modeconfig=pull.
+
+
 15. Copyright statement and acknowledgements
     ----------------------------------------
 
@@ -3058,7 +3076,7 @@ an LDAP-based lookup mechanism will be supported.
 	               Copyright (c) 2000, Kai Martius
 
 		   X.509, OCSP and smartcard functionality:
-
+°
   Copyright (c) 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann
   Copyright (c) 2001, Marco Bertossa, Andreas Schleiss
   Copyright (c) 2002, Uli Galizzi, Ariane Seiler, Mario Strasser
@@ -3087,5 +3105,5 @@ an LDAP-based lookup mechanism will be supported.
   for more details.
 -----------------------------------------------------------------------------
 
-This file is RCSID $Id: README,v 1.34 2006/04/26 18:19:34 as Exp $
+This file is RCSID $Id: README,v 1.36 2006/10/20 15:43:51 as Exp $