[Swan-dev] AH and ESP

Paul Wouters paul at nohats.ca
Fri Apr 18 01:07:38 EEST 2014

On Thu, 17 Apr 2014, D. Hugh Redelmeier wrote:

> I learned from Paul on Tuesday that Libreswan does not support AH with
> ESP.
> Is this true for IKEv1 and IKEv2?

The code does not make a difference between the two.

> I went to a lot of work when writing the v1 code to get the
> combinatorics of AH and ESP right.  I imagine that the code can be
> simplified if there is no combining of AH and ESP.

Having seperate failures for authentication versus encryption leads to
various attacks - one reason the IPsec world is moving towards AEAD

I think we do allow some AH+ESP mode, because it was needed to be
compatible with some (mis?)configurations of racoon.

> If they cannot be combined, why bother with AH at all?

People have tried to kill AH a number of times. There are always people
who insist it still supports some things ESP does not support. For the
most recent iteration of that, see:


> That ought to
> be an even more significant simplification.

Also, it would mean we're not longer RFC compliant. We want to be RFC
compliant. The document that is supposed to change the status of various
IPsec bits is currently in Working Group Last Call if you want to add to
the discussion:



More information about the Swan-dev mailing list