“In my article “Introducing FreeS/WAN and IPSec” in the
November 2000 issue of Sys Admin magazine, I discussed the basics
of setting up IPSec for Linux using the FreeS/WAN package. This
article will discuss some of the more advanced features of
FreeS/WAN that you can leverage to implement flexible and reliable
IPSec VPNs. The ultimate source of information on FreeS/WAN is the
official FreeS/WAN Web site (http://www.freeswan.org). The Web site
has links to virtually all the tools and information that you will
need to implement IPSec on Linux.IPSec is an extension to the Internet Protocol (IP) that
provides not just encryption but also authentication at the
transport layer (layer 3 of the OSI Reference Model). The next
generation of IP, IP version 6 (IPv6), supports IPSec natively,
since IPSec is a requirement of the IETF’s specification for
IPv6.IPSec is a collection of protocols. Three protocols are used to
handle encapsulation, encryption, and authentication — the AH
(Authentication Header), the ESP (Encapsulating Security Payload),
and the IKE (Internet Key Exchange). IPSec is typically transparent
to end users. Applications do not need to be rewritten nor do users
need to be retrained to use IPSec-based networks. End users need
not even be aware that they are using IPSec to tunnel data through
an insecure network.”