Logo

Charles Steinkuehler's LEAF/LRP Website

Home ] Up ] Contents ] Links ] Search ] Contribute ] Mirrors ] c0wz mirrror ] Support ]

IPSec 1.5
IPSec 1.3 ] IPSec 1.4 ] [ IPSec 1.5 ]

 

DOWNLOAD CONFIG MAN PAGES NOTES FILES SOURCE

IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents.

These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet.

For more info, see the FreeS/WAN web site

DOWNLOAD

Current LRP
ipsec.lrp

IPSec 1.5 LRP package
Current Kernels
All are Eiger, version 2.2.16-1
Floppy For floppy only systems
IDE IDE support built-in
Full Full 'Eiger' settings

Previous Versions
IPSec 1.4 Eiger kernel (2.2.16-1)
IPSec 1.3 EigerBeta kernel (2.2.15pre5)

CONFIG

  1. To use this package, you need to use an IPSec enabled kernel.  The kernel above is version 2.2.16-1 (Eiger) and contains the IPSec patches.  Copy the IPSec kernel above to your LRP floppy disk (name the file 'linux'), and add the ipsec.lrp package to your system as usual.
  2. Configuration is done through the /etc/ipsec.conf configuration file and /etc/ipsec.secrets secrets file
  3. WARNING - The config and secrets files require PROPER FORMATTING.  See the links below for details.
  4. There is extensive online documentation covering all aspects of installation, configuring, and testing available at the FreeS/WAN web site.  PLEASE READ THIS!
  5. Make sure you allow the ISPec packets through your firewall...see the freeswan firewall documentation for details.
    1. You must allow UDP packets to/from port 500 between your LRP box and the remote system.  Add something like the following to network.conf (see network.conf documentation for details):
      EXTERN_UDP_PORTS="<remote-peer>/32_500"
    2. You must also allow ESP (protocol 50) and/or AH (protocol 51) packets through your firewall.  This is now done automatically if you specify leftfirewall or rightfirewall (as appropriate) in ipsec.conf (LRP customization thanks to Mike Stankavich).
    3. You must create proper forward rules for your VPN traffic.  Again, if you use the leftfirewall or rightfirewall settings in ipsec.conf, this is handled automatically (standard FreeS/WAN feature modified to use ipchains for LRP).

MAN PAGES

NOTES

  1. WHERE'S The latest version?  I am specifically NOT packaging FreeS/WAN Version 1.6 or 1.7 for LRP.  There are many internal updates happening to IPSec (support for IPV6, packet compression, etc), and the FreeS/WAN developers have proclaimed on their own mailing list that the 1.6 version is quite a bit more 'experimental' than previous versions.  When things stabalize a bit, I will package an updated version.  From the FreeS/WAN mailing list: 
    1.5 is a "plateau release", which has been extensively tested to prove its 
stability, and so is still a good choice for a high-stress production
environment. While 1.7 has so far been reliable, it has not yet been subjected 
to the rigorous testing or community feedback that 1.5 has.

The changes since 1.5, while certainly moving in important directions,
may not have so much immediate benefit that upgrading would be best for
you. If you like, download the latest source just to have a look at
doc/CHANGES.
  2. This package replaces my previous IPSec packages.  The earlier versions are still available (see the download link, above).  Sept 9, 2000 - Added correct version of ipsec script to LRP package (now startup indicates version 1.5, not 1.4), and folded in changes to _updown script provided by Mike Stankavich.
  3. The klips code is not compiled as a module, it is embedded in the kernel, so you do not need to modify your modules configuration when installing IPSec.
  4. Three versions of the IPSec enabled kernel are now provided...the traditional floppy-only kernel, an IDE capable kernel, and the 'full-blown' Eiger kernel.  Use whichever is most appropriate for your system.
  5. Package size was reduced by stripping all binaries, and switching to mawk instead of gawk.
  6. When debugging IPSec, refer to to /var/log/auth.log instead of /var/log/secure as specified in the documentation.  LRP and debian systems do not use /var/log/secure, but the same info gets sent to /var/log/auth.log
  7. Modifications to the FreeS/WAN distribution scripts were made for the LRP environment:
    1. /etc/init.d/ipsec
      1. Add code to make /dev/ipsec
      2. Used old procedure for verifying permissions, as 'id' command is not fully implemented in LRP
      3. startklips() - Change module loading code from depmod and modprobe to insmod
      4. defaultinterface() - Replace wc command with some shell script
      5. klipsinterface() - Replace expr commands with sed
    2. /usr/local/lib/ipsec/_updown
      1. Change ipfwadm commands to ipchains (2 places)
      2. Added commands to allow ESP and AH packets through firewall if left/right firewall setting specified in ipsec.conf
    3. /usr/local/lib/ipsec/look
      1. sort commands removed or replaced with cat (3 places)
    4. /usr/local/lib/ipsec//manual
      1. Change ipfwadm commands to ipchains (2 places)
  8. WARNING - FreeS/WAN includes many scripts to do a wide variety of setup and configuration.  I have attempted to port the scripts cleanly to the limited environment available on LRP, but I have not and can not extensively test all aspects of the scripts.  I know the core IPSec functionality works, as I am running a VPN using these exact files (except for ipsec.conf and ipsec.secrets).  If you discover and fix any problems with the scripts, please let me know so I can include them in future versions.
  9. 'Clients' - The FreeS/WAN IPSec software works with a wide variety of other IPSec implementations.  See the compatibility section of the documentation for details.  If you want a free windows based IPSec connection (just use FreeS/WAN for a free linux solution), you might want to look at the freeware version of PGP.

FILES

 8/21/00  16:21         504,938  2.2.16-1-LRP-FloppyImage-IPSec-1.5-zImage
 8/21/00  16:21         529,184  2.2.16-1-LRP-IDE-IPSec-1.5-bzImage
 8/21/00  16:21         547,137  2.2.16-1-LRP-IPSec-1.5-bzImage

 9/11/00  15:14         322,844  ipsec.lrp

-rwxr-xr-x root/root    109988 Aug 21 11:14 2000 bin/mawk
lrwxrwxrwx root/root         0 Sep 11 15:13 2000 bin/awk -> /bin/mawk
-rwxr-xr-x root/root     69444 May 09 20:45 1998 bin/egrep
-rwxr-xr-x root/root     19008 Apr 23 23:43 1998 usr/bin/tr
-rwxr-xr-x root/root      7932 Jan 24 11:40 2000 usr/bin/column
-rwxr-xr-x root/root     28348 Mar 14 00:41 2000 sbin/ifconfig
-rwxr-xr-x root/root     24368 Mar 14 00:41 2000 sbin/route
-rw-r--r-- root/root      1641 Aug 21 11:13 2000 etc/ipsec.conf
-rw------- root/root      4441 Aug 21 11:13 2000 etc/ipsec.secrets
-rwxr-xr-x root/root     13513 Aug 21 10:03 2000 etc/init.d/ipsec
-rwxr-xr-x root/root      2346 Aug 21 09:22 2000 usr/local/sbin/ipsec
drwxr-xr-x root/root         0 Sep 11 15:13 2000 usr/local/lib/ipsec/
-rwxr-xr-x root/root      8719 Aug 21 10:05 2000 usr/local/lib/ipsec/_confread
-rwxr-xr-x root/root      2124 Aug 21 10:05 2000 usr/local/lib/ipsec/_include
-rwxr-xr-x root/root      1342 Aug 21 10:05 2000 usr/local/lib/ipsec/_keycensor
-rwxr-xr-x root/root      1860 Aug 21 10:05 2000 usr/local/lib/ipsec/_secretcensor
-rwxr-xr-x root/root      4089 Sep 11 07:06 2000 usr/local/lib/ipsec/_updown
-rwxr-xr-x root/root      9315 Aug 21 10:05 2000 usr/local/lib/ipsec/auto
-rwxr-xr-x root/root      4319 Aug 21 10:05 2000 usr/local/lib/ipsec/barf
-rwxr-xr-x root/root     44620 Aug 21 10:05 2000 usr/local/lib/ipsec/eroute
-rwxr-xr-x root/root      2346 Aug 21 10:05 2000 usr/local/lib/ipsec/ipsec
-rwxr-xr-x root/root     36732 Aug 21 10:05 2000 usr/local/lib/ipsec/klipsdebug
-rwxr-xr-x root/root      1993 Aug 21 10:05 2000 usr/local/lib/ipsec/look
-rwxr-xr-x root/root     13886 Aug 21 10:05 2000 usr/local/lib/ipsec/manual
-rwxr-xr-x root/root    221860 Aug 21 10:05 2000 usr/local/lib/ipsec/pluto
-rwxr-xr-x root/root      6476 Aug 21 10:05 2000 usr/local/lib/ipsec/ranbits
-rwxr-xr-x root/root     44200 Aug 21 10:05 2000 usr/local/lib/ipsec/rsasigkey
lrwxrwxrwx root/root         0 Sep 11 15:13 2000 usr/local/lib/ipsec/setup -> /etc/init.d/ipsec
-rwxr-xr-x root/root       865 Aug 21 10:05 2000 usr/local/lib/ipsec/showdefaults
-rwxr-xr-x root/root     52444 Aug 21 10:05 2000 usr/local/lib/ipsec/spi
-rwxr-xr-x root/root     38768 Aug 21 10:05 2000 usr/local/lib/ipsec/spigrp
-rwxr-xr-x root/root      8832 Aug 21 10:05 2000 usr/local/lib/ipsec/tncfg
-rwxr-xr-x root/root     20152 Aug 21 10:05 2000 usr/local/lib/ipsec/whack
-rwxr-xr-x root/root      1621 Aug 21 10:05 2000 usr/local/lib/ipsec/showhostkey
-rw-r--r-- root/root        87 Feb 25 11:15 2000 var/lib/lrpkg/ipsec.conf
-rw-r--r-- root/root      1776 Aug 21 10:12 2000 var/lib/lrpkg/ipsec.help
-rw-r--r-- root/root       191 Aug 21 11:13 2000 var/lib/lrpkg/ipsec.list
-rw-r--r-- root/root         4 Aug 21 10:09 2000 var/lib/lrpkg/ipsec.version

SOURCE

 
Local Web Statistics
Send feedback about this web site.
Last modified: December 04, 2001