[Click] Problem with IPsecDES

Ioannis C Avramopoulos (iavramop@Princeton.EDU) iavramop at Princeton.EDU
Tue Jun 12 00:52:25 EDT 2007 

Marco, are you trying to implement "control plane" or "data plane"
functionality? It is not clear from what you're describing. The choice
of which secure tunneling technology to use would depend on the
answer to that question. TLS is on top of TCP -- implementing TCP
tunnels in the data plane of the routers would be, lets say, highly
unusual. Yannis

----- Original Message -----
From: Marco Wenzel <marco.wenzel at stud.tu-ilmenau.de>
Date: Monday, June 11, 2007 2:22 pm
Subject: Re: [Click] Problem with IPsecDES
Cc: click at amsterdam.lcs.mit.edu

> Hi Yannis,
> 
> the reason, why I prefer TLS over IPsec is, that my tutor said it 
> maybe 
> will be the better way.
> I have to implement a router, that sends ICMP advertisements (RFC 
> 1256) 
> into a subnet of clients. This clients have to do a secure 
> authorization 
> at the router, when they receive an advertisement. Furthermore they 
> have 
> to send some so called "context data" over an encrypted way to my 
> router. The clients will be implemented by another person in a 
> seperate 
> project, which doesn't use Click. I think it will be hard to do it 
> with 
> IPSec, because it's much more complex than TLS.
> Maybe you've got a better idea? I'll be open to every proposal.
> 
> Thanks and best regards,
> Marco.
> 
> Ioannis C Avramopoulos (iavramop at Princeton.EDU) schrieb:
> > Hi Marco,
> > 
> > I am curious what might be the reason that you prefer TLS over 
> IPsec.> 
> > Yannis
> > 
> > ----- Original Message -----
> > From: Marco Wenzel <marco.wenzel at stud.tu-ilmenau.de>
> > Date: Friday, June 8, 2007 4:50 am
> > Subject: Re: [Click] Problem with IPsecDES
> > Cc: click at amsterdam.lcs.mit.edu
> > 
> >> Hi Dimitris,
> >>
> >> thanks for this explicitly explanation. After reading some more 
> >> documents about IPSec and playing around with the Click-IPSec 
> >> elements, 
> >> I decided, that IPSec is not a suitable encryption-technique for 
> my 
> >> project.I think SSL/TLS is a better solution for me. Did anyone 
> >> implement Click 
> >> elements, which can realize a SSL/TLS connection? After 
> searching 
> >> in the 
> >> CVS and the official releases with the additional packages, I 
> did 
> >> not 
> >> find any.
> >>
> >> Best regards,
> >> Marco.
> >>
> >>
> >> Dimitris Syrivelis wrote:
> >>> Hello,
> >>>
> >>>   The Documentation on IPsecDES and this particular 
> configuration 
> >> file 
> >>> (ipsec-des.click) are outdated because the modules have been 
> >> recently 
> >>> revised. Despite that, if this configuration suits your needs 
> you 
> >> may use 
> >>> click-1.5.0 release or earlier. 
> >>>  In the current release click has a Security Association 
> Database 
> >> and the keys 
> >>> for encryption and authentication are stored there and are 
> passed 
> >> to each 
> >>> IPsec module via the click annotation space mechanism. 
> >>>  This database (it is a click hashtable) resides in 
> >> RadixIPsecLookup routing 
> >>> table module.
> >>>   You should check the ipsec-router.click configuration example 
> >> as well as the 
> >>> click documentation for IPsec which is here:
> >>>     http://www.read.cs.ucla.edu/click/docs/ipsec-doc
> >>>  
> >>>  If you have any questions please post them here because i will 
> >> use the 
> >>> feedback to improve documentation.
> >>>
> >>>  If you will be using commodity PCs to create pairs of IPSec 
> >> security 
> >>> gateways, note that you should decrease the Ethernet MTU size 
> of 
> >> all the 
> >>> machines that use these gateways to 1400 bytes  because IPsec 
> ESP 
> >>> encapsulation increases the packet size. 
> >>>
> >>> Dimitris
> >>>
> >>>> Hello,
> >>>>
> >>>> in the context of my diploma thesis I want to use the ipsec 
> >> package to send
> >>>> encrypted data over an ethernet network. While trying to play 
> >> around with
> >>>> the example configurations in the "conf" directory I get the 
> >> following>> errors in usermode:
> >>>> # click conf/ipsec-des.click
> >>>> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: 
> >> IPsecDES':>>   too many arguments; expected 'int'
> >>>> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: 
> >> IPsecDES':>>   too many arguments; expected 'int'
> >>>> Router could not be initialized!
> >>>>
> >>>> Corresponding to the element documentation the syntax 
> "IPsecDES(1,>>>> 0123456789012345)" and "IPsecDES(0, 
> 0123456789abcdef)" is 
> >> correct. I
> >>>> couldn't find any other mistake in the ipsec-des.click 
> >> configuration.>>
> >>>> I'm using the current CVS-version. Click is configured with 
> >> "./configure>> --disable-linuxmodule --enable-ipsec" and runs 
> under 
> >> gentoo linux with
> >>>> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm 
> doing 
> >> wrong?>>
> >>>> Best regards,
> >>>> Marco.
> >> _______________________________________________
> >> click mailing list
> >> click at amsterdam.lcs.mit.edu
> >> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >>
> > 
> 
> -- 
> Marco Wenzel
> ICQ# 135863371
> URL www.der-wenz.de
> 
> 'disce quasi semper victurus, vive quasi cras moriturus' (otep 
> shamaya)_______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>

More information about the click mailing list