[Swan] AH and ESPmop
David Shwatrz
dshwatrz at gmail.com
Tue Aug 13 02:19:17 EEST 2013
Paul,
Thank a lot for your quick response.
I am now learning the kernel code and i thought about this AH and ESP as a
way of using stackable dst entries. Maybe i should have started with this:
Is there a way to use libreswan so the skb dst will be a linked list of 3
elements? As i undrstand, when working with only Esp there are 2 elements
im each dst list
Regards
David
On Tuesday, August 13, 2013, Paul Wouters <paul at nohats.ca> wrote:
> On Tue, 13 Aug 2013, David Shwatrz wrote:
>
>> How should I configure /etc/ipsec.conf so that i will have both AH and
ESP in an ipsec session ?
>
> That is a non-standard configuration that should not be used. I am not
> sure if the man page is correct, but you can try ah+esp:
>
> phase2
> Sets the type of SA that will be produced. Valid options are:
> esp for encryption (the default), ah for authentication only,
> and ah+esp for nested AH+ESP. Note that ESP already includes
> AH - the ah+esp option is for double ah headers, and should
> only be used when connecting to some racoon configurations
> that do this.
>
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130813/0fe4b014/attachment.html>
More information about the Swan
mailing list