[Openswan dev] ESP Null (RFC 2410)

Kabir Ahsan-r9aahw Ahsan.Kabir at freescale.com
Tue Oct 2 10:15:23 EDT 2007

Thanks Paul! I was also wandering whether authentication protocol is
tested for openswan. I am trying to run authentication protocol in a
net-to-net topology and have this ipsec.conf on the two tunnel
endpoints. I ran it without success. I am guessing may be my ipsec.conf
is not defined correctly. 

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

version 2.0     # conforms to second version of ipsec.conf specification

# ?TBD: get rid of the debug settings before shipping!
# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for
# With this setting, KLIPS will pick up both its interface and the next
hop information from the settings of the Linux default route.

# Public interfaces - used by ipsec.
# This is already specified in the 'interfaces' clause above,
# unused for now. # include /etc/npvpn_iface.conf

# Default settings for all connections (npvpn conns, others).
#include /etc/npvpn_default.conf

# If you need to add any conns - outside of npvpn, add them here.

#include /etc/npvpn.conf

conn hometooffice
  leftid="@home"   leftsubnet=

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Tuesday, October 02, 2007 9:05 AM
To: Kabir Ahsan-r9aahw
Cc: Dev at openswan.org
Subject: Re: [Openswan dev] ESP Null (RFC 2410)

On Mon, 1 Oct 2007, Kabir Ahsan-r9aahw wrote:

> Does Openswan support ESP Null? I am interested in running ESP
protocol with only authentication and no confidentiality. I thought
running ESP Null would give me that. But it seems to me that ESP null is
not supported by the Openswan kernel. In other words, in my ipsec.conf
file I put 'esp=null-sha1" and then when I execute the ipsec.conf file I
get warning mentioning that the protocol/algorithm is not supported.
> Any idea as to how I can get ESP Null working? Is there any patch?
> I am working off of Michael's git repository and I cloned the 'ocf'

Openswan 2.4.7 reintroduced ESP_NULL. I am not sure if this has been
ported to the 2.5.x or ocf series yet.

Building and integrating Virtual Private Networks with Openswan:

More information about the Dev mailing list