Re: ipsec.conf - format of key specification

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Stuart Henderson <stu@...>

To: Jeff Simmons <jsimmons@...>

Cc: <misc@...>

Subject: Re: ipsec.conf - format of key specification

Date: Thursday, September 13, 2007 - 3:58 pm

On 2007/09/13 11:43, Jeff Simmons wrote:

quoted text

> What is the proper format for entering manual keys directly into the
> ipsec.conf file?
>
> Test file ipsec.test:
>
> esp from 10.0.0.1 to 10.0.1.1 \
> spi 0x00001011:0x00001010 \
> auth hmac-sha1 enc aes \
> authkey "1234567890123456789012345678901234567890" \
> enckey "12345678901234567890123456789012" \

I think the doc is lacking here.

When you use the "spi 0x00000000:0x11111111" format to setup
bidirectional flows in one ipsec.conf rule, you need to specify
one key for each spi, separated by a :

See /usr/src/regress/sbin/ipsecctl/sa7.in for an example.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

ipsec.conf - format of key specification, Jeff Simmons, (Thu Sep 13, 2:43 pm)

Re: ipsec.conf - format of key specification, Stuart Henderson, (Thu Sep 13, 3:58 pm)

Navigation

Popular discussions


linux-kernel:
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Miller	Re: Announce: Linux-next (Or Andrew's dream :-))
Andrea Arcangeli	[PATCH 04 of 12] Moves all mmu notifier methods outside the PT lock (first and not...
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
git:

linux-netdev:
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Frans Pop	svc: failed to register lockdv1 RPC service (errno 97).
openbsd-misc:

Colocation donated by:

Online users

Syndicate