[Openswan Users] Ah only
Paul Wouters
paul at xelerance.com
Thu Aug 3 16:05:14 EDT 2006
On Thu, 3 Aug 2006, Brian Foody wrote:
> I have read multiple topics about this and have been trying for ages without
> joy to configure openswan with AH only. I need to do it for a college experiment.
> Every time I try to do it ESP seems to be enabled without me even trying.
> I have the Openswan book but this obviously stays away from the subject of
> AH only.
And with good reason :P
> conn west-east
> left=136.206.18.61
> right=136.206.18.62
> type=transport
> spi=0x111
> auth=ah
> ah=hmac-sha1-96
> ahkey=ahahahahahahahahahahah
> leftrsasigkey=XXXXXXXX
> rightrsasigkey=YYYYYYYYYY
> auto=start
You are using auto=, which means automatic keying, using pluto, which means that
it defaults to encrypt=yes, which means ESP.
replace auto=start with manual=start
Paul
More information about the Users
mailing list