Use esp with enc+auth, as written in isampd.conf(5).
On Fri, May 13, 2005 at 01:28:29PM +0200, Johan P. Lindstrvm wrote: > I am trying to set up ESP tunnels with ISAKMPD myself, but I am far > from an IPSec pro, does anyone know what would be "best practice" in > the light of this event? > > / Johan P > > On 5/13/05, Peter Galbavy <[EMAIL PROTECTED]> wrote: > > FYI; This is not specific, but should be interesting to misc@ readers. > > > > http://www.theregister.co.uk/2005/05/12/ipsec_crypto_alert/ > > > > which point to: > > > > http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en > > > > "Three attacks that apply to certain configurations of IPsec have been > > identified. These configurations use Encapsulating Security Payload > > (ESP) in tunnel mode with confidentiality only, or with integrity > > protection being provided by a higher layer protocol. Some > > configurations using AH to provide integrity protection are also > > vulnerable." > > > > Peter > -- pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer <[EMAIL PROTECTED]> Key fingerprint = 83D2 436A 0D3C 34A9 E0FF 4C33 35F6 617C 513A EFD9
