[Openswan Users] Openswan: ip xfrm policy shows different data than /etc/ipsec.conf
Ian Brown
ianbrn at gmail.com
Thu Jan 31 05:09:20 EST 2008
Hello,
I am running on Fedora Core 8 with openswan-2.4.9-2
(from openswan-2.4.9-2.fc8 rpm).
I have two connections defined in /etc/ipsec.conf:
conn linux-to-linux-1
left=10.0.0.1
leftrsasigkey=0sAQNwbr3H8CuBBm+2r12iYh3n6i...
right=10.1.0.2
rightrsasigkey=0sAQNwbr3H8CuBBm+2r12iYh3n6iUE...
type=tunnel
auto=start
auth=esp
conn linux-to-linux-2
left=10.0.0.1
leftrsasigkey=0sAQNwbr3H8CuBBm+2r12iYh3n6iUEGbU5rP...
right=10.1.0.3
rightrsasigkey=0sAQNwbr3H8CuBBm+2r12iYh3n6iUEGbU5rPXS...
type=tunnel
auto=start
auth=ah
As you can see, the only different besides the connection name is the auth type
(esp in the first and ah in the second) and the ip of the right side.
After I start the ipsec service, I run:
ip xfrm policy show
and I get:
src 10.0.0.1/32 dst 10.1.0.3/32
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 10.0.0.1/32 dst 10.1.0.2/32
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0 ptype main
...
...
...
My question is : why do we see "proto esp" in both policies, whereas
I have "auth=ah" in the second ?
Why do wee see "mode transport" in both "tmpl" (template) lines of these
two policies, whereas I have "type=tunnel" in both connections in this
/etc/ipsec.conf
file ?
Regards,
Ian
More information about the Users
mailing list