[Openswan dev] ESP Null (RFC 2410)
Ahsan.Kabir at freescale.com
Tue Oct 2 10:15:23 EDT 2007
Thanks Paul! I was also wandering whether authentication protocol is
tested for openswan. I am trying to run authentication protocol in a
net-to-net topology and have this ipsec.conf on the two tunnel
endpoints. I ran it without success. I am guessing may be my ipsec.conf
is not defined correctly.
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
version 2.0 # conforms to second version of ipsec.conf specification
# ?TBD: get rid of the debug settings before shipping!
# basic configuration
# Debug-logging controls: "none" for (almost) none, "all" for
# With this setting, KLIPS will pick up both its interface and the next
hop information from the settings of the Linux default route.
# Public interfaces - used by ipsec.
# This is already specified in the 'interfaces' clause above,
# unused for now. # include /etc/npvpn_iface.conf
# Default settings for all connections (npvpn conns, others).
# If you need to add any conns - outside of npvpn, add them here.
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Tuesday, October 02, 2007 9:05 AM
To: Kabir Ahsan-r9aahw
Cc: Dev at openswan.org
Subject: Re: [Openswan dev] ESP Null (RFC 2410)
On Mon, 1 Oct 2007, Kabir Ahsan-r9aahw wrote:
> Does Openswan support ESP Null? I am interested in running ESP
protocol with only authentication and no confidentiality. I thought
running ESP Null would give me that. But it seems to me that ESP null is
not supported by the Openswan kernel. In other words, in my ipsec.conf
file I put 'esp=null-sha1" and then when I execute the ipsec.conf file I
get warning mentioning that the protocol/algorithm is not supported.
> Any idea as to how I can get ESP Null working? Is there any patch?
> I am working off of Michael's git repository and I cloned the 'ocf'
Openswan 2.4.7 reintroduced ESP_NULL. I am not sure if this has been
ported to the 2.5.x or ocf series yet.
Building and integrating Virtual Private Networks with Openswan:
More information about the Dev