Set Up IPsec Under Linux
Secure your traffic in Linux with FreeS/WAN.
The most popular way of configuring
IPsec connections
under Linux is to use the FreeS/WAN
(http://www.freeswan.org) package. FreeS/WAN
is made up of two components, KerneL IP Security (KLIPS)
and pluto.
KLIPS is the kernel-level code that actually encrypts and
decrypts the data; it also manages the Security Policy Database
(SPD).
pluto
is a user-land daemon that controls IKE negotiation.
The FreeS/WAN
build process builds a new kernel
and the required management utilities. Download the latest
FreeS/WAN
source from the
project’s web site and unpack the source tree in
/usr/src
. The documentation that comes with
FreeS/WAN
is very extensive and can help you
tailor the installation to suit your needs.
The kernel component can be either installed as a
kernel-loadable module or statically compiled directly into your
kernel. In order to compile FreeS/WAN
, the
kernel source must be installed on your machine. During the
compilation process, the kernel configuration utility will launch.
This is normal. Compile FreeS/WAN
using your
kernel configuration method of choice (such the menu-based or
X11-based options). Once the compilation is complete, install the
kernel and user-land tools per the FreeS/WAN
documentation (typically a make install will suffice).
FreeS/WAN
configuration is controlled by two
configuration files: /etc/ipsec.conf
and /etc/ipsec.secrets
. The examples given in this hack are very limited in scope and ...
Get Network Security Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.