On Mon, 4 Aug 2003, Andreas Steffen wrote: > what you experience is a well-known deficiency of vanilla FreeS/WAN that does > not have anything to do with X.509 certificate support. When a roadwarrior > initiates a connection then the freeswan gateway chooses the first roadwarrior > connection definition it finds in its chained list of connections and uses > this set of encryption/authentication parameters defined by that tentative > connection to match it against the roadwarrior proposal. Thus with the order [..] > only RSA authentication is possible. Similiar things happen when one > roadwarrior connection defines MOD1024 and another one MOD1536. FreeS/WAN > is not able to do a closest match among the available roadwarrior connection > definitions based on the actual parameters proposed by the roadwarrior.
Hy, Is it possible to get rid of this deficiency in one of the FreeS/WAN 2.x series versions or are there no plans to do so? Regards, Achim Dreyer -- A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant
