Hello,
I have been trying to figure out how I can setup null encryption within IPSec for protocol testing. I was originally referred to StrongSwan but raccoon seemed simpler to use. I am currently testing on Debian 7.4.
My configuration file basically looks like this:
Code:
log notify;
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
remote 192.168.3.1 {
exchange_mode main,aggressive;
proposal {
encryption_algorithm null_enc;
# hash_algorithm sha1;
authentication_method pre_shared_key;
# dh_group 2;
}
generate_policy off;
}
sainfo address 10.3.0.0/16 any address 10.2.0.0/16 any {
pfs_group 2;
lifetime time 1 hour;
encryption_algorithm null_enc;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
By changing encryption to des I can get IPSec to work. However, using null or null_enc I get error messages such as:
Quote:
Jan 16 18:30:01 tester racoon: INFO: Reading configuration from "/etc/racoon/racoon.conf"
Jan 16 18:30:01 tester racoon: ERROR: /etc/racoon/racoon.conf:26: ";" algorithm mismatched 1
Jan 16 18:30:01 tester racoon: ERROR: fatal parse failure (1 errors)
|
I know I have Kernel module support for NULL encryption so at this point I don't know exactly what to do. Perhaps someone has some suggestions or comments?
Thanks,
Joe