Noel Kuntze wrote: > >> Here is what I've been able to gather from some Windows networking > >> cookbooks about those knobs: > >> http://admin.sibptus.ru/~vas/SessionVsMasterPFS.png > > So, does anyone have an idea what those knobs could mean to Strongswan > > while selected/deselected in Windows independently from each other? > > > > Probably means ... > 1) master key pfs: rekey/reauth the IKE_SA every time a new CHILD_SA is > negotiated > 2) session key pfs: use an (EC)DHE KEX when negotiating new CHILD_SAs. > > To be sure we'd need to test those cases and look at what it does differently.
I'd be happy to test if I knew where and what to look for on the Strongswan side. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/
