[Openswan dev] OpenSwan KLIPS to NETKEY
David McCullough
davidm at snapgear.com
Tue Dec 13 09:19:31 CET 2005
Hi Ronen,
FWIW I have done this with freeswan at least
(openswan+netkey connected to freeswan+klips) without any problems.
Cheers,
Davidm
Jivin Ronen Shitrit lays it down ...
> Hi
>
> I'm trying to manual connect OpenSwan to another machine using NETKEY
> (ipsec kernel stack), but it seems they don't do the same
> encrypt/decrypt, should this work? Any known issues? Is there any place
> giving example for howto configure both sides for this kind of
> connection.
>
> Openswan ipsec.conf:
>
> conn test_netkey
> type=transport
> authby=secret
> left=192.168.0.1 # static IP
> right=192.168.1.1 # Remote information
> auto=manual
> spi=0x666 # SPI number used for connection
> espenckey=0x63636363_63636363_63636363_63636363_63636363_63636363
> espauthkey=0x63636363_63636363_63636363_63636363
>
> Setkey config file:
>
> add 192.168.1.1 192.168.0.1 ah 0x666 -A hmac-md5
> 0x63636363636363636363636363636363;
> spdadd 192.168.1.1 192.168.0.1 any -P out ipsec esp/transport//require;
> spdadd 192.168.0.1 192.168.1.1 any -P in ipsec esp/transport//require;
>
>
> Regards
>
> Ronen Shitrit
> Marvell Semiconductor Israel Ltd
>
>
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev
--
David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
More information about the Dev
mailing list