[Openswan Users] manual keying: encryption-only connection with DES

hiren joshi joshihirenn at gmail.com
Wed Jan 28 10:08:05 EST 2009


I tried to setup a manually keyed encryption-only connection with DES (for
compatibility reasons).
But failed.

# ipsec spi --af inet --said esp0x2222 at --esp des --src --enckey 0x9876543210987654
/usr/libexec/ipsec/spi: Invalid encryption algorithm 'des' follows '--esp'
option: lead too many(2) transforms

However the following works:

Encryption-only 3DES:
# ipsec spi --af inet --said esp0x2222 at --esp 3des --src --enckey 0x987654321098765432109876543210987654321098765432
# ipsec spi
esp0x2222 at ESP_3DES: dir=out src= iv_bits=64bits
iv=0x7ec36178c1bf36e7 eklen=192 life(c,s,h)=addtime(3,0,0) natencap=none
natsport=0 natdport=0 refcount=3 ref=7

DES with authentication:
# ipsec spi --af inet --said esp0x2222 at --esp des-md5 --src --authkey 0x98765432109876549876543210987654 --enckey
# ipsec spi
esp0x2222 at ESP_ID2_HMAC_MD5: dir=out src=
iv_bits=64bits iv=0xb7b6e8a5328314c1 alen=128 aklen=128 eklen=64
life(c,s,h)=addtime(2,0,0) natencap=none natsport=0 natdport=0 refcount=3

DES is available:
# ipsec auto --status
000 interface ipsec0/eth1
000 interface ipsec0/eth1
000 %myid = (none)
000 debug none
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=64, keysizemin=64,
000 algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8,

Any clue?

Thanks for you time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090128/1e5fe04a/attachment.html 

More information about the Users mailing list