[Click] Problem with IPsecDES

Ioannis C Avramopoulos (iavramop@Princeton.EDU) iavramop at Princeton.EDU
Fri Jun 8 19:13:23 EDT 2007 

Hi Marco,

I am curious what might be the reason that you prefer TLS over IPsec.

Yannis

----- Original Message -----
From: Marco Wenzel <marco.wenzel at stud.tu-ilmenau.de>
Date: Friday, June 8, 2007 4:50 am
Subject: Re: [Click] Problem with IPsecDES
Cc: click at amsterdam.lcs.mit.edu

> Hi Dimitris,
> 
> thanks for this explicitly explanation. After reading some more 
> documents about IPSec and playing around with the Click-IPSec 
> elements, 
> I decided, that IPSec is not a suitable encryption-technique for my 
> project.I think SSL/TLS is a better solution for me. Did anyone 
> implement Click 
> elements, which can realize a SSL/TLS connection? After searching 
> in the 
> CVS and the official releases with the additional packages, I did 
> not 
> find any.
> 
> Best regards,
> Marco.
> 
> 
> Dimitris Syrivelis wrote:
> > Hello,
> > 
> >   The Documentation on IPsecDES and this particular configuration 
> file 
> > (ipsec-des.click) are outdated because the modules have been 
> recently 
> > revised. Despite that, if this configuration suits your needs you 
> may use 
> > click-1.5.0 release or earlier. 
> >  In the current release click has a Security Association Database 
> and the keys 
> > for encryption and authentication are stored there and are passed 
> to each 
> > IPsec module via the click annotation space mechanism. 
> >  This database (it is a click hashtable) resides in 
> RadixIPsecLookup routing 
> > table module.
> >   You should check the ipsec-router.click configuration example 
> as well as the 
> > click documentation for IPsec which is here:
> >     http://www.read.cs.ucla.edu/click/docs/ipsec-doc
> >  
> >  If you have any questions please post them here because i will 
> use the 
> > feedback to improve documentation.
> > 
> >  If you will be using commodity PCs to create pairs of IPSec 
> security 
> > gateways, note that you should decrease the Ethernet MTU size of 
> all the 
> > machines that use these gateways to 1400 bytes  because IPsec ESP 
> > encapsulation increases the packet size. 
> > 
> > Dimitris
> > 
> >> Hello,
> >>
> >> in the context of my diploma thesis I want to use the ipsec 
> package to send
> >> encrypted data over an ethernet network. While trying to play 
> around with
> >> the example configurations in the "conf" directory I get the 
> following>> errors in usermode:
> >>
> >> # click conf/ipsec-des.click
> >> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: 
> IPsecDES':>>   too many arguments; expected 'int'
> >> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: 
> IPsecDES':>>   too many arguments; expected 'int'
> >> Router could not be initialized!
> >>
> >> Corresponding to the element documentation the syntax "IPsecDES(1,
> >> 0123456789012345)" and "IPsecDES(0, 0123456789abcdef)" is 
> correct. I
> >> couldn't find any other mistake in the ipsec-des.click 
> configuration.>>
> >> I'm using the current CVS-version. Click is configured with 
> "./configure>> --disable-linuxmodule --enable-ipsec" and runs under 
> gentoo linux with
> >> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm doing 
> wrong?>>
> >> Best regards,
> >> Marco.
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>

More information about the click mailing list