|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: linux-ipsec: Pluto/IKE policy configuration?
Date: Wed Dec 23 1998 - 18:24:23 EST
| From: Ian Calderbank <ianc@uk.uu.net>
|
| I ran into a snag when trying to esablish isakmp via pluto to a Cisco
Yes.
| If so then this causes me a problem, as the
Pluto can support plain DES.
What hashing does your router support? Pluto will only work with MD5 or SHA1.
The proposals are generated from tables in spdb.c. These tables are initialized variables. You need to change the initializers.
There are two kinds of proposals: one for Main Mode, and one for Quick Mode. Main Mode proposals cover the IKE communication; Quick Mode proposals cover the IPsec communication.
The Main Mode proposal is generated from the value ot the variable oakley_pc. It makes more sense to add an entry to oakley_trans, which is a list of alternatives in preference order. Add a line something like
{ KEY_IKE, AD(ot1024desmd5) },
as an additional alternative (perhaps after line 137). For this to
work, there must be a definition for ot768desmd5; there is, but it is
suppressed by a "#if 0" -- change that to "#if 1" (line 75).
The Quick Mode proposal is generated from the value of the variable ipsec_sadb, an array subscripted by the "goal". If you don't specify --encrypt to whack, no encryption will be used. (If you wanted encryption, you wouldn't want 3DES :-). If you do want 3DES, you could replace every "ESP_3DES" in lines 182 to 196 with "ESP_DES".
[None of this advice is tested!]
Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253
Received on Wed Dec 23 18:49:29 1998
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:09 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |