[Ipsec-tools-devel] Racoon and ESP Authentication

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,
I am running racoon from ipsec-tools-0.7 on 2 linux hosts running
2.6.22.

Does racoon support ESP Authentication in transport mode?

Whatever configuration I try, the resulting Wireshark packet trace shows
the "ESP SPI", the "ESP Sequence", and the encrypted IP payload only.
It does not show the ESP Trailer, or the "ESP Authentication Trailer",
which is supposed to be present if doing ESP Authentication.

The following is the racoon.conf files used on both hosts:

##
path pre_shared_key "/etc/psk.txt";

log info;

remote anonymous
{
     exchange_mode main;
     lifetime time 24 hour;
     proposal_check obey;
     proposal {
               encryption_algorithm 3des;
               hash_algorithm md5;
	       authentication_method pre_shared_key;
	       dh_group 2;
     }
}

sainfo anonymous
{
	pfs_group 2;
	lifetime time 12 hour;
	encryption_algorithm 3des, aes;
	authentication_algorithm hmac_md5, hmac_sha1, hmac_sha256;
	compression_algorithm deflate;
}

Is there a parameter that I am missing to get the results I am looking
for?

Thanks,
Phil Bellino

Phil Bellino
Software Engineer
MRV Communications, Inc.
295 Foster Street
Littleton, MA. 01460
Phone: 978-952-4807
Fax: 978-952-5444
Email: pbe...@mr... 
 <http://www.mrv.com/> 