[Click] Problem with IPsecDES
Dimitris Syrivelis
jsyr at inf.uth.gr
Wed May 30 05:13:05 EDT 2007
Hello,
The Documentation on IPsecDES and this particular configuration file
(ipsec-des.click) are outdated because the modules have been recently
revised. Despite that, if this configuration suits your needs you may use
click-1.5.0 release or earlier.
In the current release click has a Security Association Database and the keys
for encryption and authentication are stored there and are passed to each
IPsec module via the click annotation space mechanism.
This database (it is a click hashtable) resides in RadixIPsecLookup routing
table module.
You should check the ipsec-router.click configuration example as well as the
click documentation for IPsec which is here:
http://www.read.cs.ucla.edu/click/docs/ipsec-doc
If you have any questions please post them here because i will use the
feedback to improve documentation.
If you will be using commodity PCs to create pairs of IPSec security
gateways, note that you should decrease the Ethernet MTU size of all the
machines that use these gateways to 1400 bytes because IPsec ESP
encapsulation increases the packet size.
Dimitris
> Hello,
>
> in the context of my diploma thesis I want to use the ipsec package to send
> encrypted data over an ethernet network. While trying to play around with
> the example configurations in the "conf" directory I get the following
> errors in usermode:
>
> # click conf/ipsec-des.click
> conf/ipsec-des.click:11: While configuring 'IPsecDES at 7 :: IPsecDES':
> too many arguments; expected 'int'
> conf/ipsec-des.click:20: While configuring 'IPsecDES at 16 :: IPsecDES':
> too many arguments; expected 'int'
> Router could not be initialized!
>
> Corresponding to the element documentation the syntax "IPsecDES(1,
> 0123456789012345)" and "IPsecDES(0, 0123456789abcdef)" is correct. I
> couldn't find any other mistake in the ipsec-des.click configuration.
>
> I'm using the current CVS-version. Click is configured with "./configure
> --disable-linuxmodule --enable-ipsec" and runs under gentoo linux with
> kernel 2.6.19-gentoo-r5. Does anyone have an idea what I'm doing wrong?
>
> Best regards,
> Marco.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
--
Dimitris Syrivelis
Dept of Computer Engineering & Telecommunications ( www.inf.uth.gr )
University of Thessaly
Volos
Greece
Tel +302421074973
More information about the click
mailing list