Subject: Re: NULL encryption for IPSec ESP
To: Hendra Widarta <hwidarta@yahoo.com>
From: None <itojun@iijlab.net>
List: tech-security
Date: 03/14/2002 11:29:32
>According to RFC-2410, there's NULL encryption for IPSec ESP.
>
>My ipsec configuration is:
>add a.b.c.d p.q.r.s esp 0x2222 -A hmac-md5 "authentication!!" ;
>add p.q.r.s a.b.c.d esp 0x5555 -A hmac-md5 "authentication!!" ;
>spdadd a.b.c.d p.q.r.s any -P out ipsec esp/transport//require ;
>
>R# setkey -f ipsec.conf
>The result of line 1: Invalid argument.
>The result of line 2: Invalid argument.
>
>Security policy is created, but there is no SAD.
>Is that possible to make IPSec/Manual-key connection through
>"ESP Null encryption"? Is "ESP Null encryption" only for IKE?
>
>FYI, I have tried null_enc for IKE/racoon (phase-2), and it's OK.

	try the following.  you'll need "-E simple" to indicate NULL encryption.

add ::1 ::1 esp 9999 -E simple -A hmac-md5 "hogehogehogehoge";

itojun