The man page for ipsec.conf states, in regards to crypto 'suites':
"Perfect Forward Security (PFS) is enabled unless group none is specified."
So is PFS required if a group is specified or is it optional for the remote
party? And is there a way to determine if PFS is being used by an existing
connection?
I'm especially interested in OpenBSD <-> Cisco tunnels.
--
Jeff Simmons jsimm...@goblin.punk.net
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise. Are you sure you're doing it right?"
-- My Life With The Thrill Kill Kult
