On Thu, 29 Mar 2007, ctosgh wrote:
> I am Jacky, a beginner with openswan2.3.1. Now,I
meet a big problem(may be just for me).
> We know that ESP has two services,authentication
and encryption. We can chose either or both of them.
> What should I do if I only want ESP's
authentication service with transport mode between two
hosts? I do not use /etc/ipsec.conf but a scritp to
configure openswan.
> When I run the following script, it tells me that
"--esp" need argument like this
"enc_alg-auth_alg-modp".But I just want to only
use ESP's authentication service with transport mode. What
should I do?
ESP and AH are seperate from Tunnel vs Transport mode. They
are two
seperate things.
I think what you mean to say is you want to use ESP but no
encryption? In which
Use NULL encryption. Though really, why do you not want
encryption?
For tunnel mode you add --tunnel.
> Fartherly, how to configure the openswan to use AH's
authentication service or ESP's own authentication if I use
ESP protocol.
Openswan does not support ESP+AH because it makes no sense.
I believe you use AH if not specifying --esp.
You can always find out by configuring via ipsec.conf (eg
type=transport and ah=3des) and run the _updown shell
script with debugging enabled.
See also the man pages for ipsec.conf, ipsec_spi,
ipsec_whack
Paul
_______________________________________________
Users openswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan:
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
|
