Hello everyone,
I am trying to get null IPSec encryption to work using the ip-xfrm command because I need a barebones solution for protocol analysis on Debian Linux. Using ip xfrm I can load aes, des, etc as crypto algorithms. However, I cannot get null to work.
Example commands I have tried are:
Code:
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth sha1 0xfbe31fbb223d3d33f61e705fbd3e14fa46ff6f31b27b6f48b3c8296f0e30eeaf enc cipher_null 0X0000000000000000000000000
or
ip xfrm state add src 10.2.0.2 dst 192.168.3.2 proto esp spi 0x2de8937d reqid 0x4efc25ac mode tunnel auth sha1 0xfbe31fbb223d3d33f61e705fbd3e14fa46ff6f31b27b6f48b3c8296f0e30eeaf enc cipher_null
So far I am getting return Error messages of
Code:
RTNETLINK answers: Invalid argument
or
Error: argument "ALGO-KEY" is required
I think I am close, I know the commands do load the crypto_null module on Debian so it seems to try to execute. Perhaps someone out there has additional suggestions, advice or comments?
Thanks in advance,
Joe