Tracker: Support Requests
I want to establish a connection between 2 peers and
use Racoon to secure this flow ,the security policy is
to use both ESP and AH protocols in tunnel mode :
the router of our network needs the authentication data
in the header of the packet , so the AH protocol
should be used for authentication (because ESP
authentication data is in the trailer part of the ESP
packet) , and also ESP protocol is needed for
encryption ,
this is the part of setkey.conf to obviate this goal:
spdadd 10.10.10.132 10.10.10.145 any -P in ipsec esp/
tunnel/10.10.10.132-10.10.10.145/require ah/tunnel/10.
10.10.132-10.10.10.145/require;
spdadd 10.10.10.145 10.10.10.132 any -P out ipsec esp/
tunnel/10.10.10.145-10.10.10.132/require ah/tunnel/10.
10.10.145-10.10.10.132/require;
and the sainfo part of acoon.conf :
sainfo anonymous
{
pfs_group 2;
encryption_algorithm 3des;
#lifetime byte 1000 B; # B,KB,GB
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
now the problem occurs!
Racoon uses sainfo configuration for both ESP and AH
protocols and at first authenticates and encrypts data
at first due to ESP , and then authenticates all the
new data with AH protocol , so we will have double
authentication , one for ESP and one for AH .
is there a solution to force Racoon not to authenticate
data in ESP protocol but in AH ? I mean there should be
2 seperate sainfo configuration for ESP and AH
protocol.
Nobody/Anonymous
Configuration
racoon
Public
Comments ( 2 )
|
Date: 2009-01-16 03:05:30 PST Closing all sourceforge.net bugs. If this issue has not been cared for |
|
Date: 2006-09-15 05:04:29 PDT Logged In: NO |