[Openswan Users] Enabling Manually keyed IPSEC

Gangadharan G - TLS,Chennai gangadharang at hcl.in
Mon Dec 4 03:57:03 EST 2006

Hi Paul,

IMS(Internet Multimedia SubSystem) Specification mandates to use the
Manually Keyed IP-SEC(Transport Mode).

Please help me in enabling the Manually Keyed IPSEC.

I have struck with the problem "no IPsec-enabled interfaces found".


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Sunday, December 03, 2006 1:34 AM
To: Gangadharan G - TLS,Chennai
Cc: users at openswan.org
Subject: Re: [Openswan Users] Enabling Manually keyed IPSEC

On Sat, 2 Dec 2006, Gangadharan G - TLS,Chennai wrote:

> I am novice to IPSEC. Please help me by solving my below query.
> My requirement is to establishing IPSEC between My Tool and the Target
> device.
> The keys, that has to used for encryption and authentication,
> will be negotiated through Application protocol(SIP) before enabling IPSEC
> in those two machines.
> i.e., Manually Keyed IPSEC has to established between two machine on some
> particular port
> and the two machines are located in same network.

Sorry to say, but this looks like completely the wrong approach.

If your SIP would be secure enough to transport manual keys, why bother
adding IPsec? You have a catch-22 here.

Apart from that, manual keying itself has risks, such as not having Perfect
Forward Secrecy (PFS).

The proper way is to use IKE to negotiate the IPsec tunnel, and afterwards
start SIP.

The contents of this e-mail and any attachment(s) are confidential and intended for the 

named recipient(s) only. It shall not attach any liability on the originator or HCL or its 

affiliates. Any views or opinions presented in this email are solely those of the author and 

may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, 

dissemination, copying, disclosure, modification, distribution and / or publication of this 

message without the prior written consent of the author of this e-mail is strictly 

prohibited. If you have received this email in error please delete it and notify the sender 

immediately. Before opening any mail and attachments please check them for viruses and 


More information about the Users mailing list