How to set PFS(Perfect Forward Secrecy) in IKE Phase 2/IPsec to None? Why OpenStack don't support 'no PFS'?

asked 2015-11-01 21:39:15 -0500

fantasyofjay gravatar image

Hi, I'm trying to establish a Sit-To-Site VPN from Openstack to Azure, Azure support Static Routing Gateway and PFS group1/No PFS. I check Neutron code, it seems that OpenStack only support PFS group2/group5/group14, could we disable PFS in IPsec phase? Just like OpenSwan: https://kvaes.wordpress.com/2015/01/26/microsoft-azure-how-to-setup-a-site-to-site-vpn-using-openswan-on-a-telenet-soho-subscription/ (https://kvaes.wordpress.com/2015/01/2...) And why OpenStack don't support No PFS option? Thanks

edit retag flag offensive close merge delete

Comments

Is there any plan or updates that OpenStack takes NO PFS as an option in the future?

harry566 gravatar imageharry566 ( 2015-11-02 03:12:28 -0500 )edit