1
On Linux, after registered several SAs (Security Associations) between a pair of Linux host, I can create communication between those two Linux hosts, i.e, communicate with ESP packets.
But on Windows, It seems that there are two phase to create IPSec communications, i.e, in first phase, named MainMode, authentication and key exchanging is necessary, and in second phase, named Quickmode, ESP packets were sent/received for data communications.
By some constraints, I need to skip the first phase, i.e, use the same behaviors as on Linux, Is it possible to do that? If the answer is yes? How can I configure it?
gzh
Posted 2019-05-13T05:40:19.223
Reputation: 111
Do you mean you want to skip the whole of IKE and use static keys? (Quick mode is still part of IKE and negotiates the keys for ESP; the actual ESP data transmission isn't any 'mode' at all.) – user1686 – 2019-05-13T06:25:48.727
@grawity, Yes, I want to skip key exchanging, i.e. use fixed SPI for communication.I seems feasible to use fixed SPI on Linux, but I did not know how to do it on Windows. – gzh – 2019-05-13T06:28:47.520