Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been reading through Christian Benvenuti's book "Understanding Linux Network Internals" and have been finding it extremely informative. However, my ultimate interest is to better understand the internals of the linux ipsec solution and how it uses tun/tap interfaces to achieve the goal. So, I'm looking for something on the level of technical detail provided by Christian Benvenuti. I've spent time googling as well as searching the source code. But, haven't been able to find what I'm looking for. I'll be much appreciative if someone could point me to any documentation that would help me. Thanks very much.
IPSec wouldn't use a tun or tap interface, it could traverse those interfaces but ipsec is a security extension to the IPv4 protocol and an inherent feature of the IPv6 protocol, neither of which is tied to any virtual or physical interface. This is from CISCO but it explains basically how a IPSec connection is made, really it's all based in software.
Hello, thanks so much for your reply. Hmm... Actually, I'm troubleshooting a problem on Mac with the Racoon IKE service. So, right, it's probably different than linux, but I thought, if I understood the linux implementation, I might be able to reason better about the Racoon implementation. Racoon uses a tun interface. So, I assumed linux did the same. I'm aware that linux provides the xfrm4_xxx apis for hooks that do the actual header encapsulation. The tun interface simply provides a way to associate an IP address (provisioned by the VPN headend) that can be routed to. I don't know the internals of how the tun works but I was surmising that all it really needs to do (assuming Racoon populated the hooks with the encapsulation logic) would be to pass the packet back into the IP layer requesting the VPN headend as the destination address. Then, the hook logic could detect that this is a packet destined for the VPN headend and encapsulate properly. Anyway, I'm really just trying to find anything I can that would explain this stuff in detail to the degree that Benvenuti does in his book. I've been scouring the internet but just keep coming up empty handed. Tahnks much.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.