[Click] Problem with IPsecDES
Eddie Kohler
kohler at cs.ucla.edu
Thu Jun 7 14:39:55 EDT 2007
Great!! Thank you very much.
Eddie
Dimitris Syrivelis wrote:
> Hi all,
>
> Eddie, i have improved the commentary of the simple-ipsec.click that it is
> located at the Wiki:
> http://www.read.cs.ucla.edu/click/examples/simple-ipsec.click
>
> In terms of click configuration it is the same as the ipsec-router.click in
> the CVS sources so it can be replaced.
>
>
> Dimitris
>
>> Hi,
>>
>> I've gone ahead and removed the ipsec-des{,3}.click files from the
>> repository; sounds like they were out of date.
>>
>> Dimitris, I'd really appreciate it if you were to update the
>> ipsec-router.click file's comments. RIght now it claims that it is
>> ip-router.click (it isn't), and there aren't a lot of comments
>> explaining the tunneling.
>>
>> Thanks!
>> Eddie
>>
>> Dimitris Syrivelis wrote:
>>> Hello,
>>>
>>> The Documentation on IPsecDES and this particular configuration file
>>> (ipsec-des.click) are outdated because the modules have been recently
>>> revised. Despite that, if this configuration suits your needs you may use
>>> click-1.5.0 release or earlier.
>>> In the current release click has a Security Association Database and the
>>> keys for encryption and authentication are stored there and are passed to
>>> each IPsec module via the click annotation space mechanism.
>>> This database (it is a click hashtable) resides in RadixIPsecLookup
>>> routing table module.
>>> You should check the ipsec-router.click configuration example as well
>>> as the click documentation for IPsec which is here:
>>> http://www.read.cs.ucla.edu/click/docs/ipsec-doc
>>>
>>> If you have any questions please post them here because i will use the
>>> feedback to improve documentation.
>>>
>>> If you will be using commodity PCs to create pairs of IPSec security
>>> gateways, note that you should decrease the Ethernet MTU size of all the
>>> machines that use these gateways to 1400 bytes because IPsec ESP
>>> encapsulation increases the packet size.
>>>
>>> Dimitris
>>>
>>>> Hello,
>>>>
>>>> in the context of my diploma thesis I want to use the ipsec package to
>>>> send encrypted data over an ethernet network. While trying to play
>>>> around with the example configurations in the "conf" directory I get the
>>>> following errors in usermode:
>>>>
>>>> # click conf/ipsec-des.click
>>>> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: IPsecDES':
>>>> too many arguments; expected 'int'
>>>> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: IPsecDES':
>>>> too many arguments; expected 'int'
>>>> Router could not be initialized!
>>>>
>>>> Corresponding to the element documentation the syntax "IPsecDES(1,
>>>> 0123456789012345)" and "IPsecDES(0, 0123456789abcdef)" is correct. I
>>>> couldn't find any other mistake in the ipsec-des.click configuration.
>>>>
>>>> I'm using the current CVS-version. Click is configured with "./configure
>>>> --disable-linuxmodule --enable-ipsec" and runs under gentoo linux with
>>>> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm doing wrong?
>>>>
>>>> Best regards,
>>>> Marco.
>>>>
>>>> ----------------------------------------------------------------
>>>> This message was sent using IMP, the Internet Messaging Program.
>>>> _______________________________________________
>>>> click mailing list
>>>> click at amsterdam.lcs.mit.edu
>>>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>> --
>>>
>>> Dimitris Syrivelis
>>> Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
>>> University of Thessaly
>>> Volos
>>> Greece
>>> Tel +302421074973
>>>
>>> _______________________________________________
>>> click mailing list
>>> click at amsterdam.lcs.mit.edu
>>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>
>
More information about the click
mailing list