Set Up IPsec Under Linux
Secure your traffic in Linux with FreeS/WAN.
The most popular way of configuring
IPsec connections
under Linux is to use the FreeS/WAN
(http://www.freeswan.org) package. FreeS/WAN
is made up of two components, KerneL IP Security (KLIPS)
and pluto.
KLIPS is the kernel-level code that actually encrypts and
decrypts the data; it also manages the Security Policy Database
(SPD).
pluto
is a user-land daemon that controls IKE negotiation.
The FreeS/WAN build process builds a new kernel
and the required management utilities. Download the latest
FreeS/WAN source from the
project’s web site and unpack the source tree in
/usr/src. The documentation that comes with
FreeS/WAN is very extensive and can help you
tailor the installation to suit your needs.
The kernel component can be either installed as a
kernel-loadable module or statically compiled directly into your
kernel. In order to compile FreeS/WAN, the
kernel source must be installed on your machine. During the
compilation process, the kernel configuration utility will launch.
This is normal. Compile FreeS/WAN using your
kernel configuration method of choice (such the menu-based or
X11-based options). Once the compilation is complete, install the
kernel and user-land tools per the FreeS/WAN
documentation (typically a make install will suffice).
FreeS/WAN configuration is controlled by two
configuration files: /etc/ipsec.conf and /etc/ipsec.secrets. The examples given in this hack are very limited in scope and ...