[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: Re: [Openswan dev] [Openswan Users] auth=ah broken on 2.4.12
From: Paul Wouters <paul () xelerance ! com>
Date: 2008-09-04 17:14:50
Message-ID: alpine.LFD.1.10.0809041313060.31537 () newtla ! xelerance ! com
[Download RAW message or body]
On Wed, 3 Sep 2008, austinxxh-ipsec@yahoo.com wrote:
> If I switch "auth=esp" to "auth=ah" in ipsec.conf, all other settings stay the \
> same, the AH+ESP tunnel is set up correctly, however, when I ping from PC1 to PC2, \
> I can only observe "ICMP request" from PC1 all the way to RIGHT_GATEWAY when I run \
> "tcpdump -i eth0" on LEFT_GATEWAY and RIGHT_GATEWAY, there is never an "ICMP reply" \
> was seen on the wire.
Note that "AH+ESP" is ambiguous. ESP contains some AH-like constructs, but "AH+ESP" \
(something you can mistakenly configure with racoon/ipsec-tools) is something you \
should never do.
> Considering "auth=esp" works fine, and the only change I made is to change "esp" to \
> "ah", does that mean "auth=ah" mode is not working under 2.4.12 release?
I guess that might be the case. I think there is some open bug report on ah not \
working with auto= and only with manual=.
Paul
_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic