[Openswan Users] How to configure this?

Paul Wouters paul at xelerance.com
Thu Mar 29 14:11:14 EDT 2007

On Thu, 29 Mar 2007, ctosgh wrote:

>     I am Jacky, a beginner with openswan2.3.1. Now,I meet a big problem(may be just for me).
>     We know that ESP has two services,authentication and encryption. We can chose either or both of them.
>     What should I do if I only want ESP's authentication service with transport mode between two hosts? I do not use /etc/ipsec.conf but a scritp to configure openswan.
> When I run the following script, it tells me that "--esp" need argument like this "enc_alg-auth_alg-modp".But I just want to only use ESP's authentication service with transport mode. What should I do?

ESP and AH are seperate from Tunnel vs Transport mode. They are two
seperate things.

I think what you mean to say is you want to use ESP but no encryption? In which
Use NULL encryption. Though really, why do you not want encryption?

For tunnel mode you add --tunnel.

> Fartherly, how to configure the openswan to use AH's authentication service or ESP's own authentication if I use ESP protocol.

Openswan does not support ESP+AH because it makes no sense.

I believe you use AH if not specifying --esp.

You can always find out by configuring via ipsec.conf (eg type=transport and ah=3des) and run the _updown shell
script with debugging enabled.

See also the man pages for ipsec.conf, ipsec_spi, ipsec_whack


More information about the Users mailing list