[Openswan Users] manual keying: encryption-only connection with DES
hiren joshi
joshihirenn at gmail.com
Wed Jan 28 10:08:05 EST 2009
Hello,
I tried to setup a manually keyed encryption-only connection with DES (for
compatibility reasons).
But failed.
# ipsec spi --af inet --said esp0x2222 at 172.16.1.11 --esp des --src
172.16.3.2 --enckey 0x9876543210987654
/usr/libexec/ipsec/spi: Invalid encryption algorithm 'des' follows '--esp'
option: lead too many(2) transforms
However the following works:
Encryption-only 3DES:
# ipsec spi --af inet --said esp0x2222 at 172.16.1.11 --esp 3des --src
172.16.3.2 --enckey 0x987654321098765432109876543210987654321098765432
# ipsec spi
esp0x2222 at 172.16.1.11 ESP_3DES: dir=out src=172.16.3.2 iv_bits=64bits
iv=0x7ec36178c1bf36e7 eklen=192 life(c,s,h)=addtime(3,0,0) natencap=none
natsport=0 natdport=0 refcount=3 ref=7
DES with authentication:
# ipsec spi --af inet --said esp0x2222 at 172.16.1.11 --esp des-md5 --src
172.16.3.2 --authkey 0x98765432109876549876543210987654 --enckey
0x9876543210987654
# ipsec spi
esp0x2222 at 172.16.1.11 ESP_ID2_HMAC_MD5: dir=out src=172.16.3.2
iv_bits=64bits iv=0xb7b6e8a5328314c1 alen=128 aklen=128 eklen=64
life(c,s,h)=addtime(2,0,0) natencap=none natsport=0 natdport=0 refcount=3
ref=9
DES is available:
# ipsec auto --status
000 interface ipsec0/eth1 172.16.3.2
000 interface ipsec0/eth1 172.16.3.2
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=64, keysizemin=64,
keysizemax=64.
...
000 algorithm IKE encrypt: id=1, name=OAKLEY_DES_CBC, blocksize=8,
keydeflen=64
Any clue?
Thanks for you time.
Regards
-hiren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090128/1e5fe04a/attachment.html
More information about the Users
mailing list