[Openswan Users] Openswan support for Ipsec v3
Gupta, Deepak (Deepak)
deepak.dg.gupta at alcatel-lucent.com
Wed Nov 4 14:14:57 EST 2009
Paul,
Its really good to know that all these algs are supported, however, are these named differently in the man pages? Or perhaps these just haven't been updated in the ipsec.conf man page? Is there a place I can get a complete list of esp and ike algs (including pfsgroups)?
Regarding support for Ipsec v3, the openswan docs do not list the 4301 and 4303 RFC's in the list of supported RFC's. Is this because the doc is outdated, or, is it that openswan implements the earlier original RFC's and has some features added from the new RFC's, but not comprehensive support of the new RFC's? Pardon my ignorance, but, I am not intricately aware of all the differences between the 2 main RFC's (the old and the new), so I can't ask you of support for particular features. We have a requirement to support Ipsec v3, does openswan 2.6.14 basically "meet" that?
Thanks,
-Deepak
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Wednesday, November 04, 2009 4:15 AM
To: Gupta, Deepak (Deepak)
Cc: 'users at openswan.org'
Subject: Re: [Openswan Users] Openswan support for Ipsec v3
On Tue, 3 Nov 2009, Gupta, Deepak (Deepak) wrote:
> Can someone shed some light on openswan's support for Ipsec version 3 (RFC4301 & RFC4303)? Does openswan 2.6.14 support these RFC's fully?
I'm not sure about "fully".
> Aes128-cbc for enc
Yes.
> HMAC SHA 256 for integrity
Yes.
> 2048RSA-SHA256 for peer auth
This is not esp but ike?
> For IKE:
>
> HMAC-SHA1
Yes
> 2048modp (DH Group)
Yes
> HMAC-SHA256 for integrity
Yes
> 2048RSA-SHA256 for peer auth
Yes.
Paul
More information about the Users
mailing list