The other answer is, ESP provides AH, therefore AH is deprecated. Unless you really really want to play with AH to verify it works and such (which the below suggests it does not) ... -- Todd Fries .. t...@fries.net
_____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 250797 (FWD) | \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Felipe Alfaro Solana on 20090102 17:38.51, we have: | On Tue, Dec 30, 2008 at 9:29 PM, <fortunato.montre...@earthlink.net> wrote: | | > I'm trying to use both AH and ESP to setup IPsec using Transport mode | > between two IPv6 OpenBSD 4.4 hosts. | > | > So far it worked for AH Transport mode or ESP Transport mode but I don't | > quite know how to do both AH and ESP. Any ideas? | > | > Here's a snippet from /etc/ipsec.conf : | > | > ike esp transport from 2001::10 to 2001::5 psk "secret" | > | > The tried the following (and vice versa - ah vice esp). | > | > ike esp transport from 2001::10 to 2001::5 psk "secret" | > flow ah from 2001::10 to 2001::5 | > | > I'm not sure either. | | Since you can apply ESP then AH, or apply AH and then ESP (depending on | what's more important for you, the digital signature or the encryption) it's | not obvious to me how to do it. | | -- | http://www.felipe-alfaro.org/blog/disclaimer/
