[Openswan dev] OpenSwan KLIPS to NETKEY

Ronen Shitrit rshitrit at marvell.com
Mon Dec 12 14:59:57 CET 2005


Hi

I'm trying to manual connect OpenSwan to another machine using NETKEY
(ipsec kernel stack), but it seems they don't do the same
encrypt/decrypt, should this work? Any known issues? Is there any place
giving example for howto configure both sides for this kind of
connection.

Openswan ipsec.conf:

conn test_netkey
    type=transport
    authby=secret
    left=192.168.0.1               # static IP
    right=192.168.1.1              # Remote information
    auto=manual
    spi=0x666                   # SPI number used for connection
    espenckey=0x63636363_63636363_63636363_63636363_63636363_63636363
    espauthkey=0x63636363_63636363_63636363_63636363

Setkey config file:

add 192.168.1.1 192.168.0.1 ah 0x666  -A hmac-md5
0x63636363636363636363636363636363;
spdadd 192.168.1.1 192.168.0.1 any -P out ipsec esp/transport//require;
spdadd 192.168.0.1 192.168.1.1 any -P in ipsec esp/transport//require;


Regards

Ronen Shitrit
Marvell Semiconductor Israel Ltd




More information about the Dev mailing list