[Openswan Users] Reg AH n ESP configuration using whack
Paul Wouters
paul at xelerance.com
Sun Mar 4 22:52:02 EST 2007
On Mon, 5 Mar 2007, shyam wrote:
> I have configured a test ipsec tunnel between two systems
> the tunnel is established. But im not able to c any AH header im able to
> view only ESP header.
>
> How can i modify the below setup so that i can have only AH
> or both AH and ESP
see man ipsec_whack:
--encrypt
All proposed or accepted IPsec SAs will include non-null ESP.
The actual choices of transforms are wired into pluto.
--authenticate
All proposed IPsec SAs will include AH. All accepted IPsec SAs
will include AH or ESP with authentication. The actual choices
of transforms are wired into pluto. Note that this has nothing
to do with IKE authentication.
> just by removing --encrypt and adding --authenticate options isnt
> showing any effect
That should work, though I personally never whack manually. Try configuring
an ipsec.conf with esp= and with ah=, and and change the "auto" shell script
to include -e so it displays the exact whack commands?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list