[Click] Problem with IPsecDES
Marco Wenzel
marco.wenzel at stud.tu-ilmenau.de
Fri Jun 8 04:48:58 EDT 2007
Hi Dimitris,
thanks for this explicitly explanation. After reading some more
documents about IPSec and playing around with the Click-IPSec elements,
I decided, that IPSec is not a suitable encryption-technique for my project.
I think SSL/TLS is a better solution for me. Did anyone implement Click
elements, which can realize a SSL/TLS connection? After searching in the
CVS and the official releases with the additional packages, I did not
find any.
Best regards,
Marco.
Dimitris Syrivelis wrote:
> Hello,
>
> The Documentation on IPsecDES and this particular configuration file
> (ipsec-des.click) are outdated because the modules have been recently
> revised. Despite that, if this configuration suits your needs you may use
> click-1.5.0 release or earlier.
> In the current release click has a Security Association Database and the keys
> for encryption and authentication are stored there and are passed to each
> IPsec module via the click annotation space mechanism.
> This database (it is a click hashtable) resides in RadixIPsecLookup routing
> table module.
> You should check the ipsec-router.click configuration example as well as the
> click documentation for IPsec which is here:
> http://www.read.cs.ucla.edu/click/docs/ipsec-doc
>
> If you have any questions please post them here because i will use the
> feedback to improve documentation.
>
> If you will be using commodity PCs to create pairs of IPSec security
> gateways, note that you should decrease the Ethernet MTU size of all the
> machines that use these gateways to 1400 bytes because IPsec ESP
> encapsulation increases the packet size.
>
> Dimitris
>
>> Hello,
>>
>> in the context of my diploma thesis I want to use the ipsec package to send
>> encrypted data over an ethernet network. While trying to play around with
>> the example configurations in the "conf" directory I get the following
>> errors in usermode:
>>
>> # click conf/ipsec-des.click
>> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: IPsecDES':
>> too many arguments; expected 'int'
>> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: IPsecDES':
>> too many arguments; expected 'int'
>> Router could not be initialized!
>>
>> Corresponding to the element documentation the syntax "IPsecDES(1,
>> 0123456789012345)" and "IPsecDES(0, 0123456789abcdef)" is correct. I
>> couldn't find any other mistake in the ipsec-des.click configuration.
>>
>> I'm using the current CVS-version. Click is configured with "./configure
>> --disable-linuxmodule --enable-ipsec" and runs under gentoo linux with
>> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm doing wrong?
>>
>> Best regards,
>> Marco.
More information about the click
mailing list