LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page Help Using Linux IP-XFRM Command With Null Cipher
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-21-2016, 10:00 PM   #1
danmartinj
Member
 
Registered: Oct 2009
Posts: 117

Rep: Reputation: 1
Help Using Linux IP-XFRM Command With Null Cipher

Hello everyone,

I am trying to get null IPSec encryption to work using the ip-xfrm command because I need a barebones solution for protocol analysis on Debian Linux. Using ip xfrm I can load aes, des, etc as crypto algorithms. However, I cannot get null to work.

Example commands I have tried are:

Code:
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth sha1 0xfbe31fbb223d3d33f61e705fbd3e14fa46ff6f31b27b6f48b3c8296f0e30eeaf enc cipher_null 0X0000000000000000000000000

or 
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth sha1 0xfbe31fbb223d3d33f61e705fbd3e14fa46ff6f31b27b6f48b3c8296f0e30eeaf enc cipher_null
So far I am getting return Error messages of

Code:
RTNETLINK answers: Invalid argument
or
Error: argument "ALGO-KEY" is required
I think I am close, I know the commands do load the crypto_null module on Debian so it seems to try to execute. Perhaps someone out there has additional suggestions, advice or comments?

Thanks in advance,

Joe
 
Old 02-17-2016, 08:11 AM   #2
guysh
LQ Newbie
 
Registered: Feb 2016
Posts: 1

Rep: Reputation: Disabled
The solution for this is to add an empty string as the "ALGO-KEY" parameter:
Code:
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth sha1 0xfbe31fbb223d3d33f61e705fbd3e14fa46ff6f31b27b6f48b3c8296f0e30eeaf enc cipher_null ""
If you want to skip authentication as well, you can use the 'digest_null' as the auth algorithm:
Code:
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth digest_null "" enc cipher_null ""
Guy.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to handle kernel NULL pointer dereference at (null) in linux kernel 3.14.43 Krishna Dwivedi Linux - Embedded & Single-board computer 0 09-08-2015 09:45 AM
[SOLVED] How to set up ipsec esp tunnel between two linux host machine using ip xfrm samiran.linux Linux - Networking 14 04-08-2014 01:02 AM
How do you change cipher list order with openssl cipher command? markseger Linux - Security 1 03-20-2013 04:45 AM
[SOLVED] Hostname command prints nothing a null value pratapsingh Linux - Newbie 6 02-27-2012 12:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:00 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration