[Swan] AH and ESPmop

[David Shwatrz]

Paul,
Thank a lot for your quick response.

I am now learning the kernel code and i thought about this AH and ESP as a
way of using stackable dst entries.  Maybe i should have started with this:
Is there a way to use libreswan so the skb dst will be a  linked list of 3
elements?  As i undrstand,  when working with only Esp there are 2 elements
im each  dst list
Regards
David




On Tuesday, August 13, 2013, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 13 Aug 2013, David Shwatrz wrote:
>
>> How should I configure /etc/ipsec.conf so that i will have both AH and
ESP in an ipsec session ?
>
> That is a non-standard configuration that should not be used. I am not
> sure if the man page is correct, but you can try ah+esp:
>
>       phase2
>            Sets the type of SA that will be produced. Valid options are:
>            esp for encryption (the default), ah for authentication only,
>            and ah+esp for nested AH+ESP. Note that ESP already includes
>            AH - the ah+esp option is for double ah headers, and should
>            only be used when connecting to some racoon configurations
>            that do this.
>
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130813/0fe4b014/attachment.html>