IPsec, esp using DES in Solaris 8

IPsec, esp using DES in Solaris 8

Post by Thomas Na » Sun, 18 Jun 2000 04:00:00



As mentioned several weeks ago ipseckey refuses to add an esp key. Here's
an explanation from SUN but where to I get the packages from living outside
the U.S.?

Thomas
P.S. please mail me a copy of follow-up since I'll be on vacation for some
     time

This is not documented anywhere.

The problem is you don't have the DES/3DES encryption packages installed.
The authentication modules are part of Solaris 8, the encryption modules are
not. They will be on a separate CD. You need SUNWcry/SUNWcryx package.

You can use ndd command to verify this:

  # ndd /dev/ipsecesp ipsecesp_status
  ESP status
  ----------
  Authentication algorithms           =   2
  Encryption Algorithms               =   3 <--- This will be 1 without ESP

...

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000

 
 
 

IPsec, esp using DES in Solaris 8

Post by Hendrik Sü » Tue, 20 Jun 2000 04:00:00


Quote:> As mentioned several weeks ago ipseckey refuses to add an esp key. Here's
> an explanation from SUN but where to I get the packages from living
outside
> the U.S.?

> Thomas
> P.S. please mail me a copy of follow-up since I'll be on vacation for some
>      time

> This is not documented anywhere.

> The problem is you don't have the DES/3DES encryption packages installed.
> The authentication modules are part of Solaris 8, the encryption modules
are
> not. They will be on a separate CD. You need SUNWcry/SUNWcryx package.

> You can use ndd command to verify this:

>   # ndd /dev/ipsecesp ipsecesp_status
>   ESP status
>   ----------
>   Authentication algorithms           =   2
>   Encryption Algorithms               =   3 <--- This will be 1 without
ESP

> ...

> ====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
======

> Thought you got rid of all year 2k bugs and problems?
> Here's a new one: Windows 2000

I have exactly the same problem, but in documentation is mentioned, that the
encryption modules will not be available outside the USA.
Now I want to write my own encryption module, but nobody knows the
interface.
Ideas? - please contact me!

Hendrik

 
 
 

IPsec, esp using DES in Solaris 8

Post by Thomas Na » Wed, 21 Jun 2000 04:00:00


According to SUN Germany the approval (US export regs) is on it's way
and the Solaris CDs should be ordered by your sales rep.

Thomas

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000

 
 
 

IPsec, esp using DES in Solaris 8

Post by Thomas Deh » Thu, 22 Jun 2000 04:00:00



> According to SUN Germany the approval (US export regs) is on it's way
> and the Solaris CDs should be ordered by your sales rep.

You can already order the supplement CD. However,
nobody yet knows when the approval finally will
arrive. This seems to be like, say, getting building
regulations clearance in Germany.

Thomas

 
 
 

IPsec, esp using DES in Solaris 8

Post by Thomas Na » Sat, 24 Jun 2000 04:00:00



|> According to SUN Germany the approval (US export regs) is on it's way
|> and the Solaris CDs should be ordered by your sales rep.
|
| You can already order the supplement CD. However,
| nobody yet knows when the approval finally will
| arrive. This seems to be like, say, getting building
| regulations clearance in Germany.

According to a call from SUN on wednesday the approval arrived on tuesday
so it's just a matter of months till SUN ships them :-/

Thomas

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000

 
 
 

IPsec, esp using DES in Solaris 8

Post by Thomas Na » Sat, 01 Jul 2000 04:00:00


Here's what I got yesterday (SUN Germany):

- you may order the crypto package with order-number SOLZ9-080N9999
- the cost is around $150  
- it's not part of the Solaris contracts if you have some
- no shipping date known

Thomas

====== PGP fingerprint B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED ======

        Thought you got rid of all year 2k bugs and problems?
        Here's a new one: Windows 2000

 
 
 

1. ESP Null Transport IPSec

I need to run ESP NULL Encryption in Transport Mode for IPSec.  I fully
understand that NULL encryption is basically not encryption, I need it for
some testing.  (Please don't ask more about it; I'm under NDA).

Anyone know if OpenBSD supports NULL Encryption?

Nate

2. Help on ALLY

3. IPSEC esp tunnel question

4. addition

5. Sol8EA, IPSec w/ ESP, anyone functional?

6. PPPD PAP Setup Problem

7. IPSec (ESP) in Solaris8

8. HELP! XFree86 3.2 Config for ATI 3D Pro Turbo PC2TV

9. IPSec: AH/ESP combination problems

10. IPSec sockets: setsockopt to AH/ESP (Linux 2.5.66)

11. IPSec tunnel VPN, selective ESP, portmap

12. ipsec/transport mode/esp problem

13. ipsec + DES