From owner-freebsd-questions  Mon Sep  3 13:57:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54])
	by hub.freebsd.org (Postfix) with ESMTP id E4CAA37B40B
	for <freebsd-questions@FreeBSD.ORG>; Mon,  3 Sep 2001 13:57:48 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 893A066D0A; Mon,  3 Sep 2001 13:57:48 -0700 (PDT)
Date: Mon, 3 Sep 2001 13:57:48 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: RJ45 <rj45@slacknet.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPSec on FreeBSD ??
Message-ID: <20010903135748.C36312@xor.obsecurity.org>
References: <Pine.LNX.4.21.0109030707360.19758-100000@slacknet.slacknet.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="+nBD6E3TurpgldQp"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.21.0109030707360.19758-100000@slacknet.slacknet.com>; from rj45@slacknet.com on Mon, Sep 03, 2001 at 07:08:10AM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--+nBD6E3TurpgldQp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Sep 03, 2001 at 07:08:10AM -0600, RJ45 wrote:

> But comparing it with the OpenBSD implementation I still have not found a
> way with FreeBSD to set up and ESP trasnport mode (or tunnel) enabling
> also the authentication features in ESP, seems like only the
> confidentiality features of ESP can be enabled on FreeBSD while on OpenBSD
> also the authentication part of ESP can be enabled.
> Am I wrong about it ??

I think so.

> IF not how to enable authentication of ESP in FreeBSD ??
> Suppose I Do not want to use AH but  IWant to use only ESP for
> confidentiality (Encrypt the payload) but also for the payload
> authentication which is possible according to IPSec RFCs, how
> can I enable ESP authentication on FreeBSD ??

These questions are all answered in the documentation.  You might like
to start with setkey(8) and the documentation on http://www.kame.net.

> then I Wanted to ask if racoon is a ISAKMP IKE compliant protocol

Yes.

Kris
--+nBD6E3TurpgldQp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7k+7MWry0BWjoQKURAiSkAJ9Hd+jVVtNewV6Z3Ksge0cxLjzRIgCg3rXt
Ah/G/3tRAUaSuX3ruM5YEP4=
=+VHB
-----END PGP SIGNATURE-----

--+nBD6E3TurpgldQp--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message