Linux FreeSWAN HTML documents
Automatically generated Table of Contents
Bug reports to the mailing list: linux-ipsec@clinet.fi

Section headings printed, indentation shows structure =================================================== HTML file: index.html --------------------------------------------------- Linux FreeS/WAN Index file Files most users should read Distribution text files License and copyright information Printed documentation Project background information Reference information Automatically generated link files Other reference files Specialised information =================================================== HTML file: overview.html --------------------------------------------------- Linux FreeS/WAN Overview Introduction Other documents in the distribution About the RFCs (Internet Request For Comment documents) The Role of IPSEC Services provided Security protocols at other levels Advantages of IPSEC Limitations of IPSEC IPSEC is not end-to-end IPSEC cannot do everything IPSEC cannot be secure if your system isn't Some uses of IPSEC Using authentication without encryption Encryption without authentication is dangerous Multiple layers of IPSEC processing are possible Using "unnecessary" encryption to frustrate attackers IPSEC projects Vendor Groups VPN Consortium S/WAN (Secure Wide Area Networks) Linux FreeS/WAN Other projects IPSEC Services, AH and ESP The Authentication Header (AH) Keyed MD5 and Keyed SHA Sequence numbers Encapsulated Security Payload (ESP) IPSEC modes Tunnel mode Transport mode FreeS/WAN parts KLIPS: Kernel IPSEC Support The Pluto daemon The ipsec(8) command Linux FreeS/WAN configuration file Key management Currently Implemented Methods Manual keying Automatic keying Methods not yet implemented Unauthenticated key exchange The Internet default shared secret Key exchange using DNS Key exchange using a PKI Photuris SKIP =================================================== HTML file: roadmap.html --------------------------------------------------- Distribution Roadmap
What's Where in Linux FreeS/WAN
Subsystems Top directory Documentation KLIPS: kernel IP security Pluto key and connection management daemon Utils Libraries FreeS/WAN Library Imported Libraries =================================================== HTML file: setup.html --------------------------------------------------- Linux FreeS/WAN Setup Setting up a secure tunnel to create a VPN Our example network SuSE 6.3 Installation steps Before starting the install Choosing a kernel Getting kernel source Kernel configuration Building the software The ipsec.conf(5) configuration file The setup section of /etc/ipsec.conf Editing connections in /etc/ipsec.conf [ conndesc ] Which is which? Creating keys with ranbits Putting secrets in /etc/ipsec.secrets Setting up interfaces Matching numbers Testing the installation Manually keyed test Testing with tcpdump Testing Automatic connections =================================================== HTML file: configuration.html --------------------------------------------------- Linux FreeS/WAN Configuration RTFM Do you need multiple tunnels? Setting up connections at boot time Using manual keying in production Variations on IPSEC
Extruded Subnets Road Warrior support Road Warrior example Road Warrior with virtual IP address Dynamic Network Interfaces Basics Boot Time Change Time Unencrypted tunnels =================================================== HTML file: RFCs.html --------------------------------------------------- Linux FreeS/WAN RFC List The RFCs.tar.gz Distribution File Other sources for RFCs & Internet drafts RFCs Internet Drafts FIPS standards Document CDs What's in the RFCs.tar.gz bundle? Overview RFCs Basic protocols Key management Details of various things used Older RFCs which may be referenced RFCs for secure DNS service, which IPSEC may use RFCs labelled "experimental" Related RFCs =================================================== HTML file: debugging.html --------------------------------------------------- Linux FreeS/WAN Troubleshooting Problem Reporting Test with ipsec manual before going to auto If a manually keyed connection works and auto doesn't If auto connections sometimes work but sometimes fail mysteriously If manually keyed connections don't work Information available on your system man pages provided Status information ifconfig reports for KLIPS debugging Testing between security gateways ECONNREFUSED error message =================================================== HTML file: compatibility.html --------------------------------------------------- Linux FreeS/WAN compatibility Guide Implemented parts of the IPSEC Specification In Linux FreeS/WAN Not (yet) in Linux FreeS/WAN Intel Linux other than Redhat Other 2.0.x Intel Kernels 2.2 and 2.3 Kernels Linux distributions other than Redhat SuSE Linux 5.3 Slackware Debian CPUs other than Intel [ netwinder ] Corel Netwinder (StrongARM CPU) Yellow Dog Linux on Power PC Alpha 64-bit processors Alpha with 2.2.x kernel version Interoperation with other IPSEC implementations OpenBSD FreeBSD Cisco Routers Bay Networks switch Raptor Firewall on Windows NT F-Secure VPN for Windows Xedia Access Point/QVPN PGP 6.5 Mac and Windows IPSEC Client IRE Safenet/SoftPK Borderware Freegate Timestep =================================================== HTML file: DES.html --------------------------------------------------- DES is Not Secure Dedicated hardware breaks DES in a few days Networks break DES in a few weeks Moore's Law implies that breaks will get faster We disable DES 40-bits is laughably weak Alternatives to DES AES in IPSEC =================================================== HTML file: exportlaws.html --------------------------------------------------- Cryptography Export Laws US Law What's wrong with restrictions on cryptography [ quotes ] The Wassenaar Arrangement Export status of Linux FreeS/WAN Help spread IPSEC around Web References =================================================== HTML file: mail.html --------------------------------------------------- Mailing lists related to FreeS/WAN The FreeS/WAN mailing list Archives of the project mailing list Lists for related software and topics Linux mailing lists Other mailing lists =================================================== HTML file: glossary.html --------------------------------------------------- Glossary for the Linux FreeS/WAN project Jump to a letter in the glossary Other glossaries Definitions [ 0 ] [ 3DES ] [ A ] [ active ] [ AES ] [ AH ] [ alicebob ] [ ASIO ] [ authentication ] [ auto ] [ B ] [ benchmarks ] [ BIND ] [ birthday ] [ paradox ] [ block ] [ Blowfish ] [ brute ] [ BXA ] [ C ] [ CA ] [ CAST128 ] [ CBC ] [ mode ] [ challenge ] [ ciphertext ] [ collision ] [ CSE ] [ D ] [ DARPA ] [ DES ] [ DESX ] [ DH ] [ signature ] [ DNS ] [ E ] [ EAR ] [ ECB ] [ EDE ] [ Entrust ] [ EFF ] [ encryption ] [ ESP ] [ extruded ] [ F ] [ FIPS ] [ FSF ] [ G ] [ GCHQ ] [ GILC ] [ GTR ] [ GNU ] [ GPG ] [ GPL ] [ H ] [ HMAC ] [ hybrid ] [ I ] [ IAB ] [ IDEA ] [ IESG ] [ IETF ] [ IKE ] [ IV ] [ IP ] [ masq ] [ IPv4 ] [ IPv6 ] [ IPSEC ] [ ISAKMP ] [ ITAR ] [ J ] [ K ] [ KLIPS ] [ L ] [ LDAP ] [ LIBDES ] [ Linux ] [ FreeSWAN ] [ M ] [ list ] [ middle ] [ manual ] [ MD4 ] [ MD5 ] [ meet ] [ digest ] [ N ] [ NAI ] [ NAT ] [ NIST ] [ nonce ] [ NSA ] [ O ] [ OTP ] [ carpediem ] [ P ] [ P1363 ] [ passive ] [ PFS ] [ PGP ] [ PGPI ] [ photuris ] [ PPTP ] [ PKI ] [ PKIX ] [ plaintext ] [ Pluto ] [ public ] [ Q ] [ R ] [ random ] [ RC4 ] [ RC6 ] [ replay ] [ RIPEMD ] [ rootCA ] [ RSA ] [ RSAco ] [ S ] [ SA ] [ SDNS ] [ sequence ] [ SHA ] [ SIGINT ] [ SKIP ] [ snake ] [ SSH ] [ SSHco ] [ SSL ] [ stream ] [ SWAN ] [ symmetric ] [ T ] [ TIS ] [ TLS ] [ traffic ] [ transport ] [ tunnel ] [ 2key ] [ U ] [ V ] [ virtual ] [ VPN ] [ VPNC ] [ W ] [ Wassenaar ] [ web ] [ X ] [ X509 ] [ Y ] [ Z ] =================================================== HTML file: bibliography.html --------------------------------------------------- Bibliography for the Linux FreeS/WAN project [ DNS ] [ puzzle ] [ comer ] [ EFF ] [ PGP ] [ practical ] [ kirch ] [ GTR ] [ schneier ] [ VPNbook ] [ stevens ] =================================================== HTML file: WWWref.html --------------------------------------------------- Web links for Linux FreeS/WAN Sections of this document Other documents with web links The Linux FreeS/WAN Project Web information [ rationale ] Distribution sites Primary site Mirror Sites Other web information on FreeS/WAN Archives of the project mailing list Related Linux code Add-ons and patches for FreeS/WAN Distributions including FreeS/WAN Things FreeS/WAN uses or could use Other approaches to VPNs for Linux =================================================== HTML file: rationale.html --------------------------------------------------- Deployment of IPSEC Current status Why? What You Can Do Related projects =================================================== HTML file: manpages.html --------------------------------------------------- FreeS/WAN manual pages Files Commands Library routines =================================================== HTML file: links.ipsec.html --------------------------------------------------- IPSEC links The IPSEC Protocols IPSEC overview documents or slide sets IPSEC information in languages other than English RFCs and other reference documents Background information on IP IPSEC Implementations Vendors of IPSEC Implementations Lists of vendors Vendors with Linux products IPSEC in router products Operating systems with IPSEC support Open source IPSEC implementations Other Linux IPSEC implementations IPSEC for BSD Unix IPSEC for other systems [ interop ] Interoperability Interoperability test sites [ test ] Interoperability results Linux FreeS/WAN has undergone initial testing for interoperability with various other IPSEC implementations. Results to date are in our compatibility document.

ICSA offer certification programs for various security-related products. See their list of certified IPSEC products. Linux FreeS/WAN is not currently on that list, but several products with which we interoperate are. =================================================== HTML file: links.crypto.html --------------------------------------------------- Crypto and security links Crypto and security resources Frequently Asked Question (FAQ) documents Tutorials Crypto and security standards [ policy ] Cryptography law and policy Surveys of crypto law Organisations opposing crypto restrictions Other information on crypto policy Cryptography technical information Lists of online cryptography papers Particularly interesting papers Collections of crypto links Computer and network security Security links Firewall links Security tools Links to home pages =================================================== HTML file: links.linux.html --------------------------------------------------- World Wide Web links for Linux Basic and tutorial Linux information General Linux sites Linux Documentation Project Security for Linux Linux firewalls Miscellaneous Linux information =================================================== Linux FreeSWAN HTML documents Automatically generated Table of Contents Bug reports to the mailing list: linux-ipsec@clinet.fi

Docs & script by Sandy Harris