summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README42
1 files changed, 30 insertions, 12 deletions
diff --git a/README b/README
index 415c002ef..c0480b069 100644
--- a/README
+++ b/README
@@ -41,7 +41,7 @@ Contents
6.1 Loading private key files in PKCS#1 format
6.2 Entering passphrases interactively
6.3 Multiple private keys
- 7. Configuring CA properties - ipsec.conf
+ 7. Configuring CA properties - ipsec.onf
8. Smartcard support
8.1 Configuring a smartcard-based connection
8.2 Entering the PIN code
@@ -69,7 +69,8 @@ Contents
14.1 Authentication and encryption algorithms
14.2 NAT traversal
14.3 Dead peer detection
- 14.4 IKE Mode Config
+ 14.4 IKE Mode Config Pull Mode
+ 14.5 IKE Mode Config Push Mode
15. Copyright statement and acknowledgements
@@ -2918,8 +2919,8 @@ even if they might be supported by the responder.
Currently please refer to README.NAT-Traversal document in the strongSwan
distribution.
-
-
+
+
14.3 Dead peer detection
--------------------
@@ -2969,14 +2970,15 @@ dpdaction=clear for dynamic roadwarrior connections. The default value is
dpdaction=none, which disables DPD.
-14.4 IKE Mode Config
- ---------------
-
+14.4 IKE Mode Config Pull Mode
+ -------------------------
+
The IKE Mode Config protocol <draft-ietf-ipsec-isakmp-mode-cfg-04.txt> allows
the dynamic assignment of virtual IP addresses and optional DNS and WINS server
-information to IPsec clients. Currently only "Mode Config Pull Mode" is
-implemented where the client actively sends a Mode Config request to the server
-in order to obtain a virtual IP.
+information to IPsec clients. As a default the "Mode Config Pull Mode" is
+used where the client actively sends a Mode Config request to the server
+in order to obtain a virtual IP. The server answers with a Mode Config reply
+message containing the requested information.
Client side configuration (carol):
@@ -3008,6 +3010,22 @@ the virtual IP address defined by the rightsourceip parameter. In the future
an LDAP-based lookup mechanism will be supported.
+14.5 IKE Mode Config Push Mode
+ -------------------------
+
+Cisco VPN equipment uses the alternative "Mode Config Push Mode" where the
+initiating clients waits for the server to push down a virtual address via
+a Mode Config set message. The receipt is acknowledged by the client with a
+Mode Config ack message.
+
+Mode Config Push Mode is activated by the parameter
+
+ modeconfig=push
+
+as part of the connection definition in ipsec.conf. The default value is
+modeconfig=pull.
+
+
15. Copyright statement and acknowledgements
----------------------------------------
@@ -3058,7 +3076,7 @@ an LDAP-based lookup mechanism will be supported.
Copyright (c) 2000, Kai Martius
X.509, OCSP and smartcard functionality:
-
Copyright (c) 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann
Copyright (c) 2001, Marco Bertossa, Andreas Schleiss
Copyright (c) 2002, Uli Galizzi, Ariane Seiler, Mario Strasser
@@ -3087,5 +3105,5 @@ an LDAP-based lookup mechanism will be supported.
for more details.
-----------------------------------------------------------------------------
-This file is RCSID $Id: README,v 1.34 2006/04/26 18:19:34 as Exp $
+This file is RCSID $Id: README,v 1.36 2006/10/20 15:43:51 as Exp $