[Openswan Users] Enabling Manually keyed IPSEC

Paul Wouters paul at xelerance.com
Sat Dec 2 15:04:26 EST 2006


On Sat, 2 Dec 2006, Gangadharan G - TLS,Chennai wrote:

> I am novice to IPSEC. Please help me by solving my below query.
>
> My requirement is to establishing IPSEC between My Tool and the Target
> device.
> The keys, that has to used for encryption and authentication,
> will be negotiated through Application protocol(SIP) before enabling IPSEC
> in those two machines.
> i.e., Manually Keyed IPSEC has to established between two machine on some
> particular port
> and the two machines are located in same network.

Sorry to say, but this looks like completely the wrong approach.

If your SIP would be secure enough to transport manual keys, why bother
adding IPsec? You have a catch-22 here.

Apart from that, manual keying itself has risks, such as not having Perfect
Forward Secrecy (PFS).

The proper way is to use IKE to negotiate the IPsec tunnel, and afterwards
start SIP.

Paul


More information about the Users mailing list