Hi,
I came across some more odd things (on 2.4.7). Configs for
testcase attached:
Specifying "auth=ah" works as expected. You get
AH+ESP:
004 "west-east-ah-default" #2: STATE_QUICK_I2:
sent QI2, IPsec SA established
{ESP=>0x0b2eb5ac <0xfdd36811 xfrm=3DES_0-
AH=>0x0b2eb5ab <0xfdd36810 NATD=none
DPD=none}
Now add "esp=3des" and you will get ESP only:
004 "west-east-ah-3des" #2: STATE_QUICK_I2: sent
QI2, IPsec SA established
{ESP=>0x0b2eb5ae <0x34c920b4 xfrm=3DES_0-HMAC_MD5
NATD=none DPD=none}
>From the first glance it also looks that the
"ah=" config parameter has no
influence anywhere. Well, I know that ah is almost unused
(and Freeswan
dropped it at some point in time). But let me know if you
think this should be
fixed and I'll try to contribute a patch.
One more thing I noticed: Setup
"west-east-esp-tunnel" on East which will
configure "auth=esp" and "type=tunnel".
On West run "west-east-ah-transport"
which will use the opposite ("auth=ah" and
"type=transport"). You will get a
working transport mode AH+ESP connection. Is it on purpose
that auth= and
type= are considered by the initiator only?
Cheers,
Frank
_______________________________________________
Dev mailing list
Dev openswan.org
http:/
/lists.openswan.org/mailman/listinfo/dev
|
