[Openswan dev] OpenSwan KLIPS to NETKEY

David McCullough davidm at snapgear.com
Tue Dec 13 09:19:31 CET 2005


Hi Ronen,

FWIW I have done this with freeswan at least
(openswan+netkey connected to freeswan+klips) without any problems.

Cheers,
Davidm

Jivin Ronen Shitrit lays it down ...
> Hi
> 
> I'm trying to manual connect OpenSwan to another machine using NETKEY
> (ipsec kernel stack), but it seems they don't do the same
> encrypt/decrypt, should this work? Any known issues? Is there any place
> giving example for howto configure both sides for this kind of
> connection.
> 
> Openswan ipsec.conf:
> 
> conn test_netkey
>     type=transport
>     authby=secret
>     left=192.168.0.1               # static IP
>     right=192.168.1.1              # Remote information
>     auto=manual
>     spi=0x666                   # SPI number used for connection
>     espenckey=0x63636363_63636363_63636363_63636363_63636363_63636363
>     espauthkey=0x63636363_63636363_63636363_63636363
> 
> Setkey config file:
> 
> add 192.168.1.1 192.168.0.1 ah 0x666  -A hmac-md5
> 0x63636363636363636363636363636363;
> spdadd 192.168.1.1 192.168.0.1 any -P out ipsec esp/transport//require;
> spdadd 192.168.0.1 192.168.1.1 any -P in ipsec esp/transport//require;
> 
> 
> Regards
> 
> Ronen Shitrit
> Marvell Semiconductor Israel Ltd
> 
> 
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

-- 
David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com


More information about the Dev mailing list