LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-12-2006, 11:29 AM   #1
lavie
LQ Newbie
 
Registered: Dec 2005
Posts: 27

Rep: Reputation: 15
Native (netkey) ipsec support in FC5 - HOWTO


I have been using PoPToP (pptpd) to provide a secure VPN to my LAN through my FC5 gateway/fierwall. But I understand that ipsec is considered much more secure.

So I read up and saw that FC5, with its 2.6.x kernel, supports ipsec out of the box.

So I googled for a reasonable HOWTO for the native ("netkey") ipsec support, but couldn't find anything even remotely comprehensive and clear, and all gave examples using all sorts of 3rd party tools which in theory should no longer be required.

Could someone please point me in the right direction?

TIA,

Lavie
 
Old 07-13-2006, 10:50 PM   #2
steve-alexander
LQ Newbie
 
Registered: Mar 2005
Location: Ohio
Distribution: FC6->F7
Posts: 23

Rep: Reputation: 16
Search for 'racoon' and 'KAME' and also 'ipsec' with 'pluto'.

Never heard of "netkey".
 
Old 07-14-2006, 11:14 AM   #3
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 76
Quote:
Originally Posted by lavie
I have been using PoPToP (pptpd) to provide a secure VPN to my LAN through my FC5 gateway/fierwall. But I understand that ipsec is considered much more secure.

So I read up and saw that FC5, with its 2.6.x kernel, supports ipsec out of the box.

So I googled for a reasonable HOWTO for the native ("netkey") ipsec support, but couldn't find anything even remotely comprehensive and clear, and all gave examples using all sorts of 3rd party tools which in theory should no longer be required.

Could someone please point me in the right direction?

TIA,

Lavie
2.6 kernels do support IPSEC `out-of-the-box'. IPSEC, however, is just a security layer running on top of IP. It was designed for IPv6 and then backported to IPv4. It was designed for encrypting traffic, and was NOT designed for implementing VPNs (although this has become a very widely-used feature). (BTW, `netkey' is just the name of the IPSEC `stack' in the kernel (just as `netfilter' is the name of the packet filtering stack). To use IPSEC as you want to, you must use other tools (in the same way as if you use netfilter, you need to use iptables and the like).

Currently, openswan and strongswan are the best options (both are forks of the now defunct freeswan). So google those.

Kame and racoon are also outdated (on linux. they might have use on BSD?). Pluto is the name of the daemon that works with the NETKEY stack on linux kernels.

CNP (maybe tomorrow)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Native Broadcom wireless driver and Devicescape stack HowTo Hangdog42 Linux - Wireless Networking 12 01-17-2007 06:55 AM
Native (netkey) ipsec support in FC5 - HOWTO lavie Linux - Security 1 07-12-2006 11:41 AM
linux native IPsec architecture / implementation hishamiqbal Linux - Security 1 10-06-2004 08:07 AM
Native Raid Support for RedHat devinWhalen Red Hat 1 06-09-2004 10:23 AM
native java2 support, When? moeminhtun *BSD 1 06-20-2003 02:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration