[Openswan Users] Ah only
Brian Foody
brian.foody2 at mail.dcu.ie
Thu Aug 3 14:38:05 EDT 2006
Hi
I have read multiple topics about this and have been trying for ages without
joy to configure openswan with AH only. I need to do it for a college experiment.
Every time I try to do it ESP seems to be enabled without me even trying.
I have the Openswan book but this obviously stays away from the subject of
AH only. Here is my ipsec.conf
conn west-east
left=136.206.18.61
right=136.206.18.62
type=transport
spi=0x111
auth=ah
ah=hmac-sha1-96
ahkey=ahahahahahahahahahahah
leftrsasigkey=XXXXXXXX
rightrsasigkey=YYYYYYYYYY
auto=start
And here's the established SA:
Aug 3 19:34:23 linux pluto[16546]: packet from 136.206.18.62:500: received
Vendor ID payload [Dead Peer Detection]
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: responding to Main Mode
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: Main mode peer ID is
ID_IPV4_ADDR: '136.206.18.62'
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: I did not send a certificate
because I do not have one.
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 3 19:34:23 linux pluto[16546]: "west-east" #3: sent MR3, ISAKMP SA established
Aug 3 19:34:23 linux pluto[16546]: "west-east" #4: responding to Quick Mode
Aug 3 19:34:23 linux pluto[16546]: "west-east" #4: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 3 19:34:23 linux pluto[16546]: "west-east" #4: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 3 19:34:23 linux pluto[16546]: "west-east" #4: IPsec SA established
{ESP=>0xf8507fb8 <0xd52232b0 AH=>0x3b6974a8 <0x335ffb01}
Both ESP and AH have been enabled. How can i get rid of ESP encryption??
More information about the Users
mailing list