[Openswan dev] OpenSwan KLIPS to NETKEY
Michael Richardson
mcr at sandelman.ottawa.on.ca
Fri Dec 16 22:48:23 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> Setkey config file:
>>
>> add 192.168.1.1 192.168.0.1 ah 0x666 -A hmac-md5
>> 0x63636363636363636363636363636363; spdadd 192.168.1.1
>> 192.168.0.1 any -P out ipsec esp/transport//require; spdadd
>> 192.168.0.1 192.168.1.1 any -P in ipsec esp/transport//require;
Looks like you are truing to do some kind of ESP+AH method.
AH is not built in KLIPS by default, and besides mixing the two is
redundant.
It's possible with netkey to build encapsulations that are not
compliant to RFC2401. I guess that's a feature :-0
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ6OKhoCLcPvd0N1lAQI0LQf9ExWkCUTBnA0JaRMYFzfP0VF/s/WyWhEk
ONDZZbNMt8XXIxAn+MvPreJCdKz+n5SnKbScY8VSOmPtPtdrKU3lD0K9VdWQTSod
rBNZZlkVQJZiRD45oTA+2U0XXSpbNn2LzxM38oAAAEkVsgfj7+UtcjTbUoPB+pB/
HEYeGHxP7OFjPlpKFNLJA9CXfGrwlH1IllNxr2xSPgGJ7XuTFdYjYn50Ac4hc/ja
bRkkucKbZ35/dLEpEn7uuNoY3Ih7gPNghUApEXiW12cMftVs8mCJGPzAHE5jf/X7
Zf1+AYxZVFq9DzgdmaByWMmJP8UWRpx4MCgTHwqbajoJrHLNz/Mq/Q==
=16hf
-----END PGP SIGNATURE-----
More information about the Dev
mailing list