[Swan] libreswan ah+esp
Paul Wouters
paul at nohats.ca
Thu Dec 1 13:46:59 UTC 2016
On Thu, 1 Dec 2016, Кузнецов Константин wrote:
> Sorry, forget to mention that transport mode is using.
> Hi! I have a Centos 6 and i REALLY NEED to make AH+ESP on libreswan-3.15-5.3.el6.x86_64
>
> Is there any way to do it? I m trying to make 2 conf files one fpr ah and one for esp and in this way only AH works, if i delete
> ah.conf, then esp conf works perfectly. But both AH and ESP does not work.
If you provide two configurations with the only difference being
type=esp versus type=ah, then you are creating two conflicting
configurations and the result is undefined.
People often mistakenly think they need AH+ESP. Libreswan does not
support ESP without authentication, so it is always authenticated
but it is not via AH+ESP. Only some very old racoon daemons are
still known to use AH+ESP.
So the important question is, are you really really sure you mean
AH+ESP?
Paul
More information about the Swan
mailing list