IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] AH Manual keying problem

From: Andre Fecteau (andre_at_nttmcl.com)
Date: Mon Mar 18 2002 - 22:09:58 CET

Hello Everyone,

I originally tried this with ESP and everything worked fine. Of course
take out all the AH relative stuff. Then I tried using AH with IKE and it
did not work. I was told that you cannot use auto keying with AH on
freewan. I don't know if this is true, but if it is. Could someone tell
me a good configuration for using AH in tunnel mode with manual keying. I
want to connect my win-xp box to the freeswan gateway. I don't need
encryption, but would like to prevent spoofing.

Could someone please tell me what's wrong with my configuration? I tried
to find an example, but all the examples seem to be for esp.

# basic configuration
config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn sample
        type=tunnel
        authby=secret
        
        
         auth=ah - change ah to esp, remove the rest of this section
        spi=0x600 - and this configuration worked with win-xp.
        ah=hmac-md5
        ahkey=[128 bits]
        

        pfs=yes
        left=10.10.20.1
        leftsubnet=0.0.0.0/0
        right=10.10.20.2
        rightsubnet=10.10.20.0/24
        leftid=10.10.20.1
        rightid=10.10.20.2
        auto=add

Thank You,
Andre

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST