So I have two generic questions that I don't seem to be able to gather the
answers from via the documentation -- sorry in advance if these have been
My first question is with regards to authentication / encryption options.
In my 'sainfo' I can define multiple authentication algorithms seemingly. I
am trying to do an implementation to meet a particular standard that 'X'
phase1 settings are tried (3DES/SHA1 --> 3DES/MD5 --> DES/SHA1 --> DES/MD5
--> FAIL). I am not sure that is exactly possible, I realize that I can
define multiple options under 'authentication_algorithm', but seemingly only
one under 'encryption_algorithm' (which makes sense to an extent). The
problem I have is that once I get past phase1 and into phase2 I am forced
into only being able to select 1 'encryption_algorithm' and
'hash_algorithm'. How can I have the above (X --> Y --> Z --> FAIL) in both
P1 and P2?
My second question deals with specific ports allocated to a tunnel...
Realistically I am doing only host-2-host transports. No subnets behind the
gateways are traversing. The goal is to secure some insecure protocols
(i.e. telnet / FTP). I *only* want those services to run across the IPSec
tunnel. I am totally confused as to how to do this with ipsec-tools. My
only other alternatives are the *SWANs, but the racoon config file looks
more like *real* IPSec to me (previously I've usually done IPSec from the
Cisco / Juniper / Nokia platforms, so this seems rather convoluted to me
Any help is greatly appreciated... :)