[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 02665) Re: IPSEC configuration for ESP
Hello, Pawan,
At Tue, 02 Dec 2003 13:02:32 +0900,
Pawan Kakwani <shivamtech@xxxxxxxx> wrote:
>
> Hello,
>
> I am using the USAGI stable 20030214 kit. The configuration of IPSEC is
> done as follows:
>
> pfkey -A sa -s <local> -d <remote> -T esp -S 0x138a -p any --esp des-cbc
> --espkey 0x61757468656e7469
>
> pfkey -A sa -d <local> -s <remote> -T esp -S 0x1389 -p any --esp des-cbc
> --espkey 0x61757468656e7469
>
> pfkey -A sp -s <local> -d <remote> -T esp -S 0x138a -p any
>
> pfkey -A sp -d <local> -s <remote> -T esp -S 0x1389 -p any
>
> My queries, about the packet sent from <local> to <remote>, are -
>
> 1. Will ESP Packet contain Authentication data as well? If yes, what
> algorithm will be used for Authentication?
No.
If you want to use ESP Authentication, you have to use '--auth' option
like this:
pfkey -A sa -T esp -S 0x1234 -s <local> -d <remote> \
--auth hmac-md5 --authkey 0xabc... --esp 3des-cbc --espkey 0xabc...
> 2. Does Payload Data of ESP Packet contain the IV as well?
Yes.
-mk