Darren Reed wrote: > Interesting, the use of ipsecconf to manage TCP MD5. > > Can I specify that my application will use TCP MD5 > over an IPsec tunnel, all in the same .conf file? > Well not in the same .conf file. When you have defined a much secure IPsec policy between the two end points then having TCP MD5 protection between the same two end points is redundant and is quite an odd configuration. The IPsec policy overrides the TCP MD5 policy as it is more secure.
RFC 2385 was defined to provide protection to BGP traffic using TCP MD5. But if you are using IPsec between the end points than TCP MD5 will be irrelevant and is not required. However, you could combine transport mode TCP MD5 and a tunnel-mode IPsec. An IPsec policy (ESP and/or AH) will be attached to the tunnel and TCP MD5 is applied to the packets near End-host. But I don't know why one would do that? ~Girish > Darren > > _______________________________________________ > networking-discuss mailing list > [email protected] > _______________________________________________ networking-discuss mailing list [email protected]
