[Openswan Users] openswan with AH mode only
Paul Wouters
paul at xelerance.com
Fri May 15 16:20:26 EDT 2009
On Fri, 15 May 2009, dev nath wrote:
> We are using Openswan on linux to setup ipsec transport mode with AH
> protocol. It seems even after configuring for AH, it sends proposal for
> ESP aswell. Please let me know if Openswan supports AH only mode as of
> now.
> auth=ah
> type=transport
> According to this it seems like the AH only mode is still a feature to be
> implemented.
> http://bugs.xelerance.com/view.php?id=210
The status of that is unchanged. Unfortunately for you, we also really
don't support manual keying anymore, so the auth=ah should really be
fixed.
Many people have suggested to remove AH entirely from the ipsec specification.
Transport mode also is not really commonly deployed, due to severe NAT
security constrains and problems with NAT-T.
Because of these reasons, this bug has a very low priority for us.
Paul
More information about the Users
mailing list