Re: linux-ipsec: Transport mode in ipsec-0.7

What version of kernel are you using?
My ipnsec implementation is not that much different (so far) in the interface to the rest of kernel and that works with 2.0.33 without any problems (while talking to hosts on the same LAN). It is known not to work while talking to anyone more than 1 hop away in transport mode.

That problem is supposed to be fixed in ipnsec to be released next week (hopefully).

ipnsec is a merge of ipsec-0.7 for Linux and IPsec from OpenBSD. it is designed to be interoperable with OpenBSD and other current IPSec implementations. The KLIPS team (ie. further development of ipsec-0.7 by the Canadian team) seems to have a new version (which is not publicly available yet), which interworks with OpenBSD at least using some transformations.

You can find ipnsec at ftp://ftp.eunet.cz/icz/ipnsec

Regards,

Petr Novak
ICZ a.s.
Praha, Czech republic

On Thu, 16 Apr 1998,
David Poole wrote:

> I've been tinkering with this for several days now and while I've
> increased my understanding of the Linux kernel, I still can't
> get the IPSEC transport mode to work.
>
> First off, does it even work!? There are comments in the Tunnel
> section of INSTALL.txt that imply it does not but nothing in the
> Transport Mode section says it doesn't.
>
> I'm sending the ESP packets correctly except the source ethernet
> address is 00:00:00:00:00:00.
>
> Assuming one interface (eth0) with IP 192.168.42.3, my setup is:
>
> ./tncfg attach ipsec0 eth0
> ifconfig ipsec0 192.168.42.4 netmask 255.255.255.0
> route del 192.168.42.0
> route add -net 192.168.42.0 dev ipsec0
>
> Then I add an SA to another IP address (without IPSEC--I'm just
> trying to send the packets correctly to start with) just as
> shown in INSTALL.txt then ping that address. The packets are
> ok (encrypted etc) sent to the correct HW&IP address, the
> syslog messages look ok...just the source HW address is broken.
>
> Argh.
>
> DaveP
> davep@fortytwo.tierranet.com
>
Received on Fri Apr 17 05:11:26 1998

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek