SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000211: openswan configuration in 2.1/2.1.1 - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000211Endian FirewallNetwork related (VPN, uplinks)public2007-07-03 18:192007-12-31 19:15
Thomas Heimann 
peter-endian 
normalfeaturealways
closedfixed 
2.1 
2.2-beta2 
0000211: openswan configuration in 2.1/2.1.1
the IPSEC settings in EFW 2.1 has changed
but the resulting settings in ipsec.conf are still wrong.
If i choose phase 1 group as esp group in the webinterface the setting in
ipsec.conf is pfs =no
if i choose anything other the setting in ipsec.conf is pfs=yes and pfsgroup is
set.

But the pfsgroup can't be set in openswan 2.4.x. it's always the phase 1 group.
So the whole pfsgroup option is deprecated.
The only option is to disable the ESP Group with pfs=no. Default is pfs=yes.

So the ESP group setting should be removed from the interface and replaced by a
an option pfs yes or no.
No tags attached.
jpg openswan.jpg (94,565) 2007-07-03 18:19
https://bugs.endian.com/file_download.php?file_id=37&type=bug
jpg
Issue History
2007-07-03 18:19Thomas HeimannNew Issue
2007-07-03 18:19Thomas HeimannFile Added: openswan.jpg
2007-10-28 14:19peter-endianStatusnew => resolved
2007-10-28 14:19peter-endianFixed in Version => 2.2
2007-10-28 14:19peter-endianResolutionopen => fixed
2007-10-28 14:19peter-endianAssigned To => peter-endian
2007-10-28 14:19peter-endianNote Added: 0000593
2007-12-31 19:15raphael-endianFixed in Version2.2-beta1 => 2.2-beta2
2007-12-31 19:15raphael-endianStatusresolved => closed

Notes
(0000593)
peter-endian   
2007-10-28 14:19   
current 2.2 beta does not contain the fix, however we upgraded to the current ipcop version. Will be released with the next beta