[Click] Problem with IPsecDES

Marco Wenzel marco.wenzel at stud.tu-ilmenau.de
Mon Jun 11 14:19:58 EDT 2007 

Hi Yannis,

the reason, why I prefer TLS over IPsec is, that my tutor said it maybe 
will be the better way.
I have to implement a router, that sends ICMP advertisements (RFC 1256) 
into a subnet of clients. This clients have to do a secure authorization 
at the router, when they receive an advertisement. Furthermore they have 
to send some so called "context data" over an encrypted way to my 
router. The clients will be implemented by another person in a seperate 
project, which doesn't use Click. I think it will be hard to do it with 
IPSec, because it's much more complex than TLS.
Maybe you've got a better idea? I'll be open to every proposal.

Thanks and best regards,
Marco.

Ioannis C Avramopoulos (iavramop at Princeton.EDU) schrieb:
> Hi Marco,
> 
> I am curious what might be the reason that you prefer TLS over IPsec.
> 
> Yannis
> 
> ----- Original Message -----
> From: Marco Wenzel <marco.wenzel at stud.tu-ilmenau.de>
> Date: Friday, June 8, 2007 4:50 am
> Subject: Re: [Click] Problem with IPsecDES
> Cc: click at amsterdam.lcs.mit.edu
> 
>> Hi Dimitris,
>>
>> thanks for this explicitly explanation. After reading some more 
>> documents about IPSec and playing around with the Click-IPSec 
>> elements, 
>> I decided, that IPSec is not a suitable encryption-technique for my 
>> project.I think SSL/TLS is a better solution for me. Did anyone 
>> implement Click 
>> elements, which can realize a SSL/TLS connection? After searching 
>> in the 
>> CVS and the official releases with the additional packages, I did 
>> not 
>> find any.
>>
>> Best regards,
>> Marco.
>>
>>
>> Dimitris Syrivelis wrote:
>>> Hello,
>>>
>>>   The Documentation on IPsecDES and this particular configuration 
>> file 
>>> (ipsec-des.click) are outdated because the modules have been 
>> recently 
>>> revised. Despite that, if this configuration suits your needs you 
>> may use 
>>> click-1.5.0 release or earlier. 
>>>  In the current release click has a Security Association Database 
>> and the keys 
>>> for encryption and authentication are stored there and are passed 
>> to each 
>>> IPsec module via the click annotation space mechanism. 
>>>  This database (it is a click hashtable) resides in 
>> RadixIPsecLookup routing 
>>> table module.
>>>   You should check the ipsec-router.click configuration example 
>> as well as the 
>>> click documentation for IPsec which is here:
>>>     http://www.read.cs.ucla.edu/click/docs/ipsec-doc
>>>  
>>>  If you have any questions please post them here because i will 
>> use the 
>>> feedback to improve documentation.
>>>
>>>  If you will be using commodity PCs to create pairs of IPSec 
>> security 
>>> gateways, note that you should decrease the Ethernet MTU size of 
>> all the 
>>> machines that use these gateways to 1400 bytes  because IPsec ESP 
>>> encapsulation increases the packet size. 
>>>
>>> Dimitris
>>>
>>>> Hello,
>>>>
>>>> in the context of my diploma thesis I want to use the ipsec 
>> package to send
>>>> encrypted data over an ethernet network. While trying to play 
>> around with
>>>> the example configurations in the "conf" directory I get the 
>> following>> errors in usermode:
>>>> # click conf/ipsec-des.click
>>>> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: 
>> IPsecDES':>>   too many arguments; expected 'int'
>>>> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: 
>> IPsecDES':>>   too many arguments; expected 'int'
>>>> Router could not be initialized!
>>>>
>>>> Corresponding to the element documentation the syntax "IPsecDES(1,
>>>> 0123456789012345)" and "IPsecDES(0, 0123456789abcdef)" is 
>> correct. I
>>>> couldn't find any other mistake in the ipsec-des.click 
>> configuration.>>
>>>> I'm using the current CVS-version. Click is configured with 
>> "./configure>> --disable-linuxmodule --enable-ipsec" and runs under 
>> gentoo linux with
>>>> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm doing 
>> wrong?>>
>>>> Best regards,
>>>> Marco.
>> _______________________________________________
>> click mailing list
>> click at amsterdam.lcs.mit.edu
>> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>
> 

-- 
Marco Wenzel
ICQ# 135863371
URL www.der-wenz.de

'disce quasi semper victurus, vive quasi cras moriturus' (otep shamaya)

More information about the click mailing list