[strongSwan-dev] can i apply NULL encryption with strongswan ?
Christophe LE TOQUIN
letoquinc at gmail.com
Mon Feb 7 16:09:31 CET 2011
Hi,
I try to apply NULL encryption for exchange and add following setting in
ipsec.conf on MN .
config setup
cachecrls=no
charonstart=yes
plutostart=no
dumpdir=/tmp
charondebug="ike 2, mgr 2, chd 2, net 2, enc 2,lib 2,dmn 2,cfg 2"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
ike=null-sha1-modp1024!
esp=null-sha1-modp1024!
mobike=no
forceencaps=yes
conn iwlan-wap-null
type=tunnel
modeconfig=pull
left=%defaultroute
leftsourceip=%config
leftid=www
leftauth=eap
eap=sim
eap_identity=www
right=xxx.xxx.xxx.xxx
rightid=www
rightsourceip=%any
rightsubnet=0.0.0.0/0
rightauth=none
auto=add
but i've a problem on reception of IKE_SA_INIT on strongswan client in the
derive_ike_traditional function in the c file (keymat.c)
09[CFG] received proposals: IKE:NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
09[CFG] configured proposals: IKE:NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
09[CFG] selected proposal: IKE:NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
09[IKE] ENCRYPTION_ALGORITHM NULL (key size 20) not supported!
09[IKE] key derivation failed
09[MGR] checkin and destroy IKE_SA iwlan-wap-null[1]
09[IKE] IKE_SA iwlan-wap-null[1] state change: CONNECTING => DESTROYING
i've lis the algo crypter in the list crypters.
- algo_value=12--> ENCR_AES_CBC
- algo_value=3 --> ENCR_3DES
- algo_value=2--> ENCR_DES
- algo_value=1025 --> ENCR_DES_ECB
but i dont see the value of NULL encryption (11)
i dont understand. could anyone tell me how to turn on NULL encryption on
client ?
Thanks a lot
Ch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20110207/d4552bc6/attachment.html>
More information about the Dev
mailing list