Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-25-2015, 06:37 PM   #1
LQ Newbie
Registered: May 2015
Posts: 2

Rep: Reputation: Disabled
Trying to understand linux ipsec internals


I've been reading through Christian Benvenuti's book "Understanding Linux Network Internals" and have been finding it extremely informative. However, my ultimate interest is to better understand the internals of the linux ipsec solution and how it uses tun/tap interfaces to achieve the goal. So, I'm looking for something on the level of technical detail provided by Christian Benvenuti. I've spent time googling as well as searching the source code. But, haven't been able to find what I'm looking for. I'll be much appreciative if someone could point me to any documentation that would help me. Thanks very much.
Old 06-12-2015, 04:42 PM   #2
Senior Member
Registered: Feb 2003
Location: CT
Distribution: Debian 6+, CentOS 5+
Posts: 1,314

Rep: Reputation: 98
IPSec wouldn't use a tun or tap interface, it could traverse those interfaces but ipsec is a security extension to the IPv4 protocol and an inherent feature of the IPv6 protocol, neither of which is tied to any virtual or physical interface. This is from CISCO but it explains basically how a IPSec connection is made, really it's all based in software.
Old 06-12-2015, 09:58 PM   #3
LQ Newbie
Registered: May 2015
Posts: 2

Original Poster
Rep: Reputation: Disabled
Hello, thanks so much for your reply. Hmm... Actually, I'm troubleshooting a problem on Mac with the Racoon IKE service. So, right, it's probably different than linux, but I thought, if I understood the linux implementation, I might be able to reason better about the Racoon implementation. Racoon uses a tun interface. So, I assumed linux did the same. I'm aware that linux provides the xfrm4_xxx apis for hooks that do the actual header encapsulation. The tun interface simply provides a way to associate an IP address (provisioned by the VPN headend) that can be routed to. I don't know the internals of how the tun works but I was surmising that all it really needs to do (assuming Racoon populated the hooks with the encapsulation logic) would be to pass the packet back into the IP layer requesting the VPN headend as the destination address. Then, the hook logic could detect that this is a packet destined for the VPN headend and encapsulate properly. Anyway, I'm really just trying to find anything I can that would explain this stuff in detail to the degree that Benvenuti does in his book. I've been scouring the internet but just keep coming up empty handed. Tahnks much.
Old 06-13-2015, 04:26 AM   #4
LQ Newbie
Registered: Jun 2015
Posts: 8

Rep: Reputation: Disabled
At some point a cipher interfaces within the stack. Not sure exactly where though.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux Internals jtreddy Linux - Newbie 2 07-26-2012 12:01 PM
Linux internals prafu Programming 3 09-17-2011 09:33 PM
Linux-Internals ardcanand Linux - Newbie 3 03-15-2011 03:48 PM
Linux internals? learning embedded Linux - General 2 01-21-2010 07:45 AM
see linux kernel internals kpachopoulos Linux - General 4 07-05-2005 07:15 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration