get OpenBSD involved in a more the
heterogeneous testbed.
Cheers,
-Original Message-
>From: t...@fries.net
>Sent: Jan 2, 2009 11:36 AM
>To: Felipe Alfaro Solana
>Cc: fortunato.montre...@earthlink.net, misc@openbsd.org
>Subject: Re: AH+ESP and IPv6
>
>If ESP does not d
On Fri, Jan 2, 2009 at 8:36 PM, wrote:
> If ESP does not decrypt, the payload is invalid. Adding AH adds no further
> functionality other than to thwart any attempts at NAT.
AH is not meant to thwart any attempts at NAT. For that, you have IPSec over
UDP. AH prevents any tampering with the IP h
If ESP does not decrypt, the payload is invalid. Adding AH adds no further
functionality other than to thwart any attempts at NAT.
--
Todd Fries .. t...@fries.net
_
| \ 1.636.410.0632 (voice)
| Free Daemon C
On Fri, Jan 2, 2009 at 7:52 PM, Todd T. Fries wrote:
> The other answer is, ESP provides AH, therefore AH is deprecated.
What do you mean? That OpenBSD's implementation of ESP automatically uses AH
too? (payload inside AH inside ESP?) Because ESP only provides
authentication for the payload onl
The other answer is, ESP provides AH, therefore AH is deprecated.
Unless you really really want to play with AH to verify it works and such
(which the below suggests it does not) ...
--
Todd Fries .. t...@fries.net
_
|
On Tue, Dec 30, 2008 at 9:29 PM, wrote:
> I'm trying to use both AH and ESP to setup IPsec using Transport mode
> between two IPv6 OpenBSD 4.4 hosts.
>
> So far it worked for AH Transport mode or ESP Transport mode but I don't
> quite know how to do both AH and ESP. Any ideas?
>
> Here's a snippe
I'm trying to use both AH and ESP to setup IPsec using Transport mode between
two IPv6 OpenBSD 4.4 hosts.
So far it worked for AH Transport mode or ESP Transport mode but I don't quite
know how to do both AH and ESP. Any ideas?
Here's a snippet from /etc/ipsec.conf :
ike esp transport from
7 matches
Mail list logo