[Openswan Users] Check ESP support

Bruno Galindro da Costa bruno.galindro at gmail.com
Wed Dec 17 06:18:20 EST 2014


How can I check if my ipsec service and my *O.S.* has ESP encryption
support? I can only establish Phase 1 and 2 using 3des:

    ike=3des-sha1-modp1024
    esp=3des-sha1

# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path
          [OK]
Linux Openswan U2.6.38/K3.13.0-29-generic (netkey)
Checking for IPsec support in kernel                            [OK]
 SAref kernel support                                           [N/A]
 NETKEY:  Testing XFRM related proc values                      [OK]
    [OK]
    [OK]
Checking that pluto is running                                  [OK]
 Pluto listening for IKE on udp 500                             [OK]
 Pluto listening for NAT-T on udp 4500                          [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [WARNING]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]




2014-12-17 9:17 GMT-02:00 Bruno Galindro da Costa <bruno.galindro at gmail.com>
:
>
> How can I check if my ipsec service and my S.O. has ESP encryption
> support? I can only establish Phase 1 and 2 using 3des:
>
>     ike=3des-sha1-modp1024
>     esp=3des-sha1
>
> # ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.6.38/K3.13.0-29-generic (netkey)
> Checking for IPsec support in kernel                            [OK]
>  SAref kernel support                                           [N/A]
>  NETKEY:  Testing XFRM related proc values                      [OK]
>     [OK]
>     [OK]
> Checking that pluto is running                                  [OK]
>  Pluto listening for IKE on udp 500                             [OK]
>  Pluto listening for NAT-T on udp 4500                          [OK]
> Checking for 'ip' command                                       [OK]
> Checking /bin/sh is not /bin/dash                               [WARNING]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                                [DISABLED]
>
>
> --
> Att.
> Bruno Galindro da Costa
>


-- 
Att.
Bruno Galindro da Costa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141217/44624eac/attachment.html>


More information about the Users mailing list