[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03114) Linux-IPSEC : Does IPSEC implementation in Linux support mode IPSEC_MODE_ANY ?

Hi,
I'm a newbie in IPSEC linux.
I'm using setkey and libipsec in usagi to test IPSEC. My linux version is the latest 2.6.9
I have a setkey configuration as :
 
add 10.53.4.104 10.53.4.204 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
in my setkey configuration : ipsec.conf
After run setkey -f ipsec.conf
I check the SA using setkey -D, I have
 

#setkey -D

source=10.53.4.104 destination=10.53.4.204

        protocol=ah mode=transport spi=512(0x00000200) reqid=0(0x00000000)

        auth-algo=hmac-md5

        auth-key=c0291ff014dccdd03874d9e8e4cdf3e6

        replay-window=0 flags=0x00000040 state=mature seq=0 pid=10809

        created=2005-11-15/15:16:27 current=2005-11-15/15:22:04 elapsed=337(s)

        hard-lifetime=infinite expiration=never

        soft-lifetime=infinite renewal=never

        last-use=never

        bytes-processed=0 hard-lifebyte=0 soft-lifebyte=0
 
When looking in setkey manpage, I see option -m mode
mode can be tunnel, transport and any. If there is no mode, the default mode is any.
 
I'd to use one line as the config line I give above for both tunnel and transport mod, but I can not. If I use this key for tunnel mode , I have to add -m tunnel , as
 
add 10.53.4.104 10.53.4.204 ah 0x200 -m tunnel -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
 
How can I use one key for both mode : transport and tunnel ?
 
Thanks,
Trung

Do you Yahoo!?
Check out the new Yahoo! Front Page. www.yahoo.com