[strongSwan] Questions regarding AH protocol usage

Andreas Steffen andreas.steffen at strongswan.org
Sun Apr 11 11:26:07 CEST 2010

Mohit Mehta wrote:
> Hi Andreas,
> Thanks again for your prompt reply - much appreciated. Please see my
> comments/response below.
>> AH without ESP is not possible with the IKEv1 pluto daemon. With
>> auth=ah, the optional ESP authentication checksum is replaced by an
>> additional AH header.
> Does this mean that 'AH authentication replaces authentication in
> ESP' or does it mean that 'in addition to ESP authentication, AH
> authentication also happens'? Can you please clarify this please
> since I'm not sure how to interpret 'replaced by an additional AH
> header' in your reply :-)
AH authentication replaces authentication in ESP.



Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list