Hi misc, We've been trying to get integrity only ESP (ie, null encryption) to work using ipsecctl on an OpenBSD 4.0 snapshot. The man page mentions null encryption only in conjunction with setting up manual SAs. In the section about automated keying using IKE there is however no mention of null encryption type. Is there a motivation for the difference in approach? Or are we just being awkward? ;-)
We are running in an environment where automated authentication and keying is crucial because we can't know where (as in IP address) the peers come from. Due to high traffic load and limited CPU performance of the peers (embedded low-power hardware), we are prepared to sacrifice confidentiality, but need to retain authentication and integrity protection. Is it correct that this is not supported by ipsecctl? If so, can we configure isakmpd the old-fashioned way (isakmpd.conf) instead? Thanks in advance Martin Hedenfalk
