KBTAG: kben10000006
URL: http://www.securityportal.com/lskb/10000000/kben10000006.html
Date created: 20/07/2000
Date modified:
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: FreeSWAN IPSec for Linux
Keywords: Network/VPN
FreeSWAN is a free, OpenSource IPSec implementation for Linux. It's a pretty solid implementation however not as advanced as some, automatic keying and certificate support is well under way though, and should be "production" quality relatively soon.
IP Security (IPSec) is the encryption of network traffic. You cannot encrypt the header information or trailer (i.e. the IP address/port the packet is from, and going to, the CRC checksums, and so on), but you can encrypt the data payload. This allows you to secure protocols such as POP/WWW without having to change them in any ways, since the encryption occurs at the IP level. It also allows you to securely connects LANs and clients to each other over insecure networks (like the Internet). Currently IPSec for Linux is in testing, however there have been several stable releases, and I myself have deployed Linux based IPSec servers successfully. IPSec is a standard, and a part of the IPv6 protocol, you can already purchase IPSec software for Windows 95/98/NT, Solaris, and other Unices that will interoperate with Linux IPSec. For "drilling" through a firewall or perhaps to get by a NAT box (such as Linux with IP Masquerading) please see the firewall section.
You will need to compile support into your kernel, this is a somewhat tricky process, but if you follow the instructions included it should go smoothly. The primary difficulty is usually setting up the configuration file, you will definitely want to read the IPSec documentation for this as it changes (especially when support for new features is added).
http://www.freeswan.org/download.html