To IPsec Manual Tester Execution Page * To IPsec IKE Tester Execution Page
---------------------------------------------------------------------------

IP Security Interoperability Tester:
PlutoPlus Usage

---------------------------------------------------------------------------

PlutoPlus Command Syntax:

 plutoplus [-a auth_alg] [-d dest_addr] [-e enc_alg] [-g gateway_addr] [-k
 enc_key_len] [-p port_num] [-v enc_iv_len] [-bfhirst3]

PlutoPlus Command Line Options:

(1) Options set through test case selection:

 Option        Explanation            Permissible Values     PlutoPlus
                                                             Default Value
 -a auth_alg   if no -e option:       -a 2 ==> HMAC_MD5      if no -e
               negotiate an AH        -a 3 ==> HMAC_SHA      option:
               association with the                          AH:HMAC_MD5
               specified
               authentication                                with -e
               algorithm                                     option:
               with -e option:                               NONE
               negotiate an ESP
               association with the
               specified
               authentication
               algorithm
 -e enc_alg    negotiate an ESP       -e 1 ==> ESP_DES_IV64  NONE (without
               association with the   -e 2 ==> ESP_DES       -e, PlutoPlus
               specified encryption   -e 3 ==> ESP_3DES      negotiates an
               algorithm              -e 4 ==> ESP_RC5       AH
                                      -e 5 ==> ESP_IDEA      association)
                                      -e 7 ==> ESP_BLOWFISH
                                      -e 11 ==> ESP_NULL
 -g            Gateway address for    Valid Internet address N/A
 gateway_addr  tunnel mode
 -i            Act as Initiator of    N/A                    Act as
               key negotiation                               Responder
 -k            ESP encryption key     RC5: 5, 16, 20         16
 enc_key_len   length in bytes        BLOWFISH:
               (BLOWFISH and RC5      WIT Test Case Values:
               ONLY                   5, 16, 20, 56
                                      PlutoPlus Values: 5-56

 -t            Tunnel mode            N/A                    Transport
                                                             mode
 -v enc_iv_len ESP encryption IV      0 or 8                 ESP_NULL: 0
               length (DES, 3DES,                            Others: 8
               RC5, IDEA, and
               BLOWFISH only

(2) Options set through configuration variables:

 Option        Explanation            Permissible Values       PlutoPlus
                                                               Default
                                                               Value
 -b            print additional       -b 1 ==> print verbose   no
 output_level  DEBUG output           debug output             additional
                                      (NOT USED BY WIT)        output
                                      -b 2 ==> print
                                      packets/packet headers
                                      -b 4 ==> print various
                                      IKE calculated values
 -f            Conduct an extra       N/A                      no PFS
               Diffie-Hellman
               Exchange during
               negotiation to ensure
               Perfect Forward
               Secrecy (PFS) for
               KEYS
 -p port_num   PlutoPlus port number  500, 7000-8000????       500
 -s            Use HMAC_SHA (instead  N/A                      HMAC_MD5
               of HMAC_MD5) for
               authentication in
               Main Mode
 -3            Use 3DES_CBC (instead  N/A                      DES_CBC
               of DES_CBC) for
               encryption in Main
               Mode

(3) Option REQUIRED by WIT (set at LOGIN time):

 Option     Explanation                             Permissible PlutoPlus
                                                    Values      Default
                                                                Value
 -d         transport mode:                         Valid       N/A
 dest_addr  peer WITH whom PlutoPlus is             Internet
            negotiating association                 address
            tunnel mode:
            peer FOR whom PlutoPlus is negotiating
            association

(4) Options NOT used by WIT:

 Option     Explanation                            Permissible PlutoPlus
                                                   Values      Default
                                                               Value
 -h         help (prints Usage message, then       N/A         N/A
            exits)
 -r         turn OFF replay protection             N/A         replay
                                                               protection
                                                               ON

To IPsec Manual Tester Execution Page * To IPsec IKE Tester Execution Page
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Comments to sheila.frankel@.nist.gov
Last Modified: Wednesday, 09-Sep-98 11:42:33 EDT
