Linux Today: Linux News On Internet Time.

SysAdmin: Administering Linux IPSec Virtual Private Networks

Feb 14, 2002, 14:01 (0 Talkback[s])
(Other stories by Duncan Napier)
"In my article "Introducing FreeS/WAN and IPSec" in the November 2000 issue of Sys Admin magazine, I discussed the basics of setting up IPSec for Linux using the FreeS/WAN package. This article will discuss some of the more advanced features of FreeS/WAN that you can leverage to implement flexible and reliable IPSec VPNs. The ultimate source of information on FreeS/WAN is the official FreeS/WAN Web site (http://www.freeswan.org). The Web site has links to virtually all the tools and information that you will need to implement IPSec on Linux.

IPSec is an extension to the Internet Protocol (IP) that provides not just encryption but also authentication at the transport layer (layer 3 of the OSI Reference Model). The next generation of IP, IP version 6 (IPv6), supports IPSec natively, since IPSec is a requirement of the IETF's specification for IPv6.

IPSec is a collection of protocols. Three protocols are used to handle encapsulation, encryption, and authentication — the AH (Authentication Header), the ESP (Encapsulating Security Payload), and the IKE (Internet Key Exchange). IPSec is typically transparent to end users. Applications do not need to be rewritten nor do users need to be retrained to use IPSec-based networks. End users need not even be aware that they are using IPSec to tunnel data through an insecure network."

Complete Story

Related Stories: