diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 42 |
1 files changed, 30 insertions, 12 deletions
@@ -41,7 +41,7 @@ Contents 6.1 Loading private key files in PKCS#1 format 6.2 Entering passphrases interactively 6.3 Multiple private keys - 7. Configuring CA properties - ipsec.conf + 7. Configuring CA properties - ipsec.onf 8. Smartcard support 8.1 Configuring a smartcard-based connection 8.2 Entering the PIN code @@ -69,7 +69,8 @@ Contents 14.1 Authentication and encryption algorithms 14.2 NAT traversal 14.3 Dead peer detection - 14.4 IKE Mode Config + 14.4 IKE Mode Config Pull Mode + 14.5 IKE Mode Config Push Mode 15. Copyright statement and acknowledgements @@ -2918,8 +2919,8 @@ even if they might be supported by the responder. Currently please refer to README.NAT-Traversal document in the strongSwan distribution. - - + + 14.3 Dead peer detection -------------------- @@ -2969,14 +2970,15 @@ dpdaction=clear for dynamic roadwarrior connections. The default value is dpdaction=none, which disables DPD. -14.4 IKE Mode Config - --------------- - +14.4 IKE Mode Config Pull Mode + ------------------------- + The IKE Mode Config protocol <draft-ietf-ipsec-isakmp-mode-cfg-04.txt> allows the dynamic assignment of virtual IP addresses and optional DNS and WINS server -information to IPsec clients. Currently only "Mode Config Pull Mode" is -implemented where the client actively sends a Mode Config request to the server -in order to obtain a virtual IP. +information to IPsec clients. As a default the "Mode Config Pull Mode" is +used where the client actively sends a Mode Config request to the server +in order to obtain a virtual IP. The server answers with a Mode Config reply +message containing the requested information. Client side configuration (carol): @@ -3008,6 +3010,22 @@ the virtual IP address defined by the rightsourceip parameter. In the future an LDAP-based lookup mechanism will be supported. +14.5 IKE Mode Config Push Mode + ------------------------- + +Cisco VPN equipment uses the alternative "Mode Config Push Mode" where the +initiating clients waits for the server to push down a virtual address via +a Mode Config set message. The receipt is acknowledged by the client with a +Mode Config ack message. + +Mode Config Push Mode is activated by the parameter + + modeconfig=push + +as part of the connection definition in ipsec.conf. The default value is +modeconfig=pull. + + 15. Copyright statement and acknowledgements ---------------------------------------- @@ -3058,7 +3076,7 @@ an LDAP-based lookup mechanism will be supported. Copyright (c) 2000, Kai Martius X.509, OCSP and smartcard functionality: - +° Copyright (c) 2000, Andreas Hess, Patric Lichtsteiner, Roger Wegmann Copyright (c) 2001, Marco Bertossa, Andreas Schleiss Copyright (c) 2002, Uli Galizzi, Ariane Seiler, Mario Strasser @@ -3087,5 +3105,5 @@ an LDAP-based lookup mechanism will be supported. for more details. ----------------------------------------------------------------------------- -This file is RCSID $Id: README,v 1.34 2006/04/26 18:19:34 as Exp $ +This file is RCSID $Id: README,v 1.36 2006/10/20 15:43:51 as Exp $ |