[Openswan dev] [PATCH 0/2] ESP_NULL support for openswan-2.4.6

JuanJo Ciarlante jjo-ipsec at mendoza.gov.ar
Wed Sep 27 17:03:02 EDT 2006

On Mon, Sep 25, 2006 at 12:59:50PM -0400, Michael Richardson wrote:
> Hash: SHA1
> >>>>> "JuanJo" == JuanJo Ciarlante <jjo-ipsec at mendoza.gov.ar> writes:
>     JuanJo> It's been a looong time... nice to actually have something to
>     JuanJo> contribute again :-)
>     JuanJo> I made this patch for a coleague with the following scenario:
>     JuanJo> 1) VoIP streams inside VPN (asterisks with private addressing)
>     JuanJo> 2) Deployment migrating from openswan-1.x to openswan-2.x
>     JuanJo> They were tunneling voip streams over esp=null-md5 SAs with
>     JuanJo> BW usage between ~44-48kbps.
>   While I'm not a fan of the non-standard nature of IAX2, I do
> understand the need for trunking.  May I ask if this was SIP or IAX2?

np, I'll ask him and let you know.

>     JuanJo> This is the main reason for ESP_NULL; with any current CBC cipher
>     JuanJo> the ~12bytes space added (8 for IV + 4 statistically for padding)
>     JuanJo> happens to be quite relevant for the ~90bytes VoIP datagram.
>   I can understand this... I will accept your patches, if you'll write
> the test cases for them.

ughh... I miss that good'ol'times of nonQA devel :-S

I'll dig into testing/ and learn... the path starts there and under
docs/HACKING, right?  (tips&tricks for the task pretty welcome ;)

Regards !

#  Juan Jose Ciarlante (JuanJo) jjo ;at; mendoza.gov.ar                     #
#  GnuPG Public Key: gpg --keyserver wwwkeys.eu.pgp.net --recv-key 66727177 #
#   Key fingerprint: 0D2F 3E5D 8B5C 729E 0560  F453 A3F7 E249 6672 7177     #

More information about the Dev mailing list