[Openswan Users] Some problem in connection establishment with AH

Peter McGill petermcgill at goco.net
Fri Nov 21 09:22:12 EST 2008 

Ravi,

Do you realize that ah doesn't encrypt the traffic at all.
It secures authentication but not tunnel traffic.
I recommend using esp, not ah.

Peter

PVG Ravi Kumar wrote:
> Hello friends
> 
> I am using openswan 2.4.13 with fedora core4 system.
> 
>  
> 
> I am facing some problem when I tried to establish tunnel with AH. Its 
> always taking SHA1 (default protocol) as AH auth protocol though I 
> mention md5
> 
>  
> 
> Here is my config file
> 
> conn Remote
> 
>             type=tunnel
> 
>             authby=secret
> 
>             left=%defaultroute
> 
>             leftid=10.1.1.253
> 
>             leftsubnet=192.168.200.173/24
> 
>             right=192.168.10.183
> 
>             rightid=10.1.1.254
> 
>             rightsubnet=192.168.100.183/24
> 
>             ike=des-md5-modp1536
> 
>             auth=ah
> 
>             ah=md5
> 
>             ikelifetime=28800
> 
>             keylife=14400
> 
>             auto=add
> 
>  
> 
> It is working fine when I try with esp.
> 
>  
> 
> Is there anything wrong with the config file or any extra option should 
> be added to make AH work proper? Please suggest what to do
> 
>  
> 
>  
> 
>  
> 
> Thanks
> 
> Ravi
> 
> DISCLAIMER: This message is proprietary to D-Link (India) Limited and is 
> intended solely for the use of the individual to whom it is addressed. 
> It may contain privileged or confidential information and should not be 
> circulated or used for any purpose other than for what it is intended. 
> If you have received this message in error, please notify the originator 
> immediately. If you are not the intended recipient, you are notified 
> that you are strictly prohibited from using, copying, altering, or 
> disclosing the contents of this message. D-Link (India) Limited accepts 
> no responsibility for loss or damage arising from the use of the 
> information transmitted by this email including damage from virus.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list