tech-net: NULL encryption for IPSec ESP

Subject: NULL encryption for IPSec ESP
To: None <tech-net@netbsd.org>
From: Hendra Widarta <hwidarta@yahoo.com>
List: tech-net
Date: 03/13/2002 07:29:47

Hi,

According to RFC-2410, there's NULL encryption for IPSec ESP.

My ipsec configuration is:
add a.b.c.d p.q.r.s esp 0x2222 -A hmac-md5 "authentication!!" ;
add p.q.r.s a.b.c.d esp 0x5555 -A hmac-md5 "authentication!!" ;
spdadd a.b.c.d p.q.r.s any -P out ipsec esp/transport//require ;

R# setkey -f ipsec.conf
The result of line 1: Invalid argument.
The result of line 2: Invalid argument.

Security policy is created, but there is no SAD.
Is that possible to make IPSec/Manual-key connection through
"ESP Null encryption"? Is "ESP Null encryption" only for IKE?

FYI, I have tried null_enc for IKE/racoon (phase-2), and it's OK.

Thanks,
Hendra



__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/