[Swan] AH and ESP
Paul Wouters
paul at nohats.ca
Tue Aug 13 01:23:06 EEST 2013
On Tue, 13 Aug 2013, David Shwatrz wrote:
> How should I configure /etc/ipsec.conf so that i will have both AH and ESP in an ipsec session ?
That is a non-standard configuration that should not be used. I am not
sure if the man page is correct, but you can try ah+esp:
phase2
Sets the type of SA that will be produced. Valid options are:
esp for encryption (the default), ah for authentication only,
and ah+esp for nested AH+ESP. Note that ESP already includes
AH - the ah+esp option is for double ah headers, and should
only be used when connecting to some racoon configurations
that do this.
Paul
More information about the Swan
mailing list