[Openswan Users] Enabling Manually keyed IPSEC
Gangadharan G - TLS,Chennai
gangadharang at hcl.in
Mon Dec 4 03:57:03 EST 2006
Hi Paul,
IMS(Internet Multimedia SubSystem) Specification mandates to use the
Manually Keyed IP-SEC(Transport Mode).
Please help me in enabling the Manually Keyed IPSEC.
I have struck with the problem "no IPsec-enabled interfaces found".
Thanks,
Gangadharan.
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Sunday, December 03, 2006 1:34 AM
To: Gangadharan G - TLS,Chennai
Cc: users at openswan.org
Subject: Re: [Openswan Users] Enabling Manually keyed IPSEC
On Sat, 2 Dec 2006, Gangadharan G - TLS,Chennai wrote:
> I am novice to IPSEC. Please help me by solving my below query.
>
> My requirement is to establishing IPSEC between My Tool and the Target
> device.
> The keys, that has to used for encryption and authentication,
> will be negotiated through Application protocol(SIP) before enabling IPSEC
> in those two machines.
> i.e., Manually Keyed IPSEC has to established between two machine on some
> particular port
> and the two machines are located in same network.
Sorry to say, but this looks like completely the wrong approach.
If your SIP would be secure enough to transport manual keys, why bother
adding IPsec? You have a catch-22 here.
Apart from that, manual keying itself has risks, such as not having Perfect
Forward Secrecy (PFS).
The proper way is to use IKE to negotiate the IPsec tunnel, and afterwards
start SIP.
Paul
DISCLAIMER
The contents of this e-mail and any attachment(s) are confidential and intended for the
named recipient(s) only. It shall not attach any liability on the originator or HCL or its
affiliates. Any views or opinions presented in this email are solely those of the author and
may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction,
dissemination, copying, disclosure, modification, distribution and / or publication of this
message without the prior written consent of the author of this e-mail is strictly
prohibited. If you have received this email in error please delete it and notify the sender
immediately. Before opening any mail and attachments please check them for viruses and
defect.
More information about the Users
mailing list