Logo

Charles Steinkuehler's LEAF/LRP Website

Home ] Up ] Contents ] Links ] Search ] Contribute ] Mirrors ] c0wz mirrror ] Support ]

IPSec 1.91
bind-8 ] dhclient ] dhcpd ] dnscache ] Extended Scripts ] Hard Disk Addon ] ifconfig ] [ IPSec 1.91 ] LaBrea ] LCDProc ] LRP-CD ] mawk ] nmap ] RAID ] ramdisk ] sniffit ] thttpd ] Utilities ] webalizer ] weblet/sh-httpd ]

 

DOWNLOAD CONFIG MAN PAGES NOTES FILES SOURCE

IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents.

These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet.

For more info, see the FreeS/WAN web site

DOWNLOAD

Current Package
ipsec.lrp

IPSec 1.91 LRP package
ifconfig.lrp

ifconfig and route commands (required)
mawk.lrp

awk/mawk (required)
ipsec509.lrp Extensions for x.509 support
(requires ipsec.lrp)
certools.tgz openssl and fswcert binaries (optional)
Current Kernels
All are Dachstein, version 2.2.19

Previous Versions
IPSec 1.5 Eiger kernel (2.2.16-1)
IPSec 1.4 Eiger kernel (2.2.16-1)
IPSec 1.3 EigerBeta kernel (2.2.15pre5)

CONFIG

  1. To use this package, you need to use an IPSec enabled kernel.  Any of the 2.2.19 version kernels (aka Dachstein kernels) are available with IPSec enabled...pick the one most appropriate based on other requirements.  The IPSec enabled kernels have "IPSec" in their filename.
  2. Configuration is done through the /etc/ipsec.conf configuration file and /etc/ipsec.secrets secrets file
  3. WARNING - The config and secrets files require PROPER FORMATTING.  See the links below for details.
  4. There is extensive online documentation covering all aspects of installation, configuring, and testing available at the FreeS/WAN web site.  PLEASE READ THIS!
  5. Make sure you allow the ISPec packets through your firewall...see the freeswan firewall documentation for details.
    1. You must allow UDP packets to/from port 500 between your LRP box and the remote system.  Add something like the following to network.conf (see network.conf documentation for details):
      EXTERN_UDP_PORTS="<remote-peer>/32_500"
    2. You must also allow ESP (protocol 50) and/or AH (protocol 51) packets through your firewall.  This is now done automatically if you specify leftfirewall or rightfirewall (as appropriate) in ipsec.conf (LRP customization thanks to Mike Stankavich).
    3. You must create proper forward rules for your VPN traffic.  Again, if you use the leftfirewall or rightfirewall settings in ipsec.conf, this is handled automatically (standard FreeS/WAN feature modified to use ipchains for LRP).

MAN PAGES

NOTES

  1. This package replaces my previous IPSec packages.  The earlier versions are still available (see the download link, above).
  2. The klips code is not compiled as a module, it is embedded in the kernel, so you do not need to modify your modules configuration when installing IPSec.
  3. FIXThree versions of the IPSec enabled kernel are now provided...the traditional floppy-only kernel, an IDE capable kernel, and the 'full-blown' Eiger kernel.  Use whichever is most appropriate for your system.
  4. Package size was reduced by stripping all binaries, and switching to mawk instead of gawk.
  5. When debugging IPSec, refer to to /var/log/auth.log instead of /var/log/secure as specified in the documentation.  LRP and debian systems do not use /var/log/secure, but the same info gets sent to /var/log/auth.log
  6. Modifications to the FreeS/WAN distribution scripts were made for the LRP environment:
    1. /etc/init.d/ipsec
      1. Added RCDLINKS variable
      2. Modified id check to work with LEAF id command
    2. /usr/local/lib/ipsec/_startklips
      1. klipsinterface() - Replace expr commands with sed
      2. defaultinterface() - Replace wc command with sed
      3. Change module loading code from depmod and modprobe to insmod
    3. /usr/local/lib/ipsec/_updown
      1. Change ipfwadm commands to ipchains (2 places)
      2. Added commands to allow ESP and AH packets through firewall if left/right firewall setting specified in ipsec.conf
    4. /usr/local/lib/ipsec/look
      1. paste command changed to sed
  7. WARNING - FreeS/WAN includes many scripts to do a wide variety of setup and configuration.  I have attempted to port the scripts cleanly to the limited environment available on LRP, but I have not and can not extensively test all aspects of the scripts.  I know the core IPSec functionality works, as I am running a VPN using these exact files (except for ipsec.conf and ipsec.secrets).  If you discover and fix any problems with the scripts, please let me know so I can include them in future versions
  8. WARNING - If you use the [left|right]firewall=yes setting in ipsec.conf, you WILL NOT be able to reload your firewall rules without killing your IPSec tunnel (re-loading the firewall rules will remove the rules added by IPSec when it brings up a tunnel).
  9. 'Clients' - The FreeS/WAN IPSec software works with a wide variety of other IPSec implementations.  See the compatibility section of the documentation for details.  If you want a free windows based IPSec connection (just use FreeS/WAN for a free linux solution), you might want to look at the freeware version of PGP.

FILES

 1/18/02  10:43         262,381  ipsec.lrp

-rwxr-xr-x root/root      7932 Jan 24 11:40 2000 usr/bin/column
drwxr-xr-x root/root         0 Nov 14 03:48 2001 etc/ipsec/
-rw-r--r-- root/staff     1610 Oct 19 08:26 2001 etc/ipsec.conf
-rw------- root/staff      494 Oct 19 11:02 2001 etc/ipsec.secrets
-rwxr-xr-x root/staff     3618 Oct 19 08:27 2001 etc/init.d/ipsec
-rwxr-xr-x root/staff     2846 Jul 19 09:36 2001 usr/local/sbin/ipsec
drwxr-xr-x root/staff        0 Nov 14 03:03 2001 usr/local/lib/ipsec/
-rwxr-xr-x root/staff    62220 Jul 19 09:45 2001 usr/local/lib/ipsec/spi
-rwxr-xr-x root/staff    57332 Jul 19 09:45 2001 usr/local/lib/ipsec/eroute
-rwxr-xr-x root/staff    48980 Jul 19 09:45 2001 usr/local/lib/ipsec/spigrp
-rwxr-xr-x root/staff     9240 Jul 19 09:45 2001 usr/local/lib/ipsec/tncfg
-rwxr-xr-x root/staff    39820 Jul 19 09:45 2001 usr/local/lib/ipsec/klipsdebug
-rwxr-xr-x root/staff   277828 Jul 19 09:45 2001 usr/local/lib/ipsec/pluto
-rwxr-xr-x root/staff    29776 Jul 19 09:45 2001 usr/local/lib/ipsec/whack
-rwxr-xr-x root/staff     2846 Jul 19 09:36 2001 usr/local/lib/ipsec/ipsec
-rwxr-xr-x root/staff     4670 Jul 19 09:36 2001 usr/local/lib/ipsec/barf
-rwxr-xr-x root/staff    16172 Jul 19 09:36 2001 usr/local/lib/ipsec/manual
-rwxr-xr-x root/staff     9994 Jul 19 09:36 2001 usr/local/lib/ipsec/auto
-rwxr-xr-x root/staff     2552 Oct 24 10:15 2001 usr/local/lib/ipsec/look
-rwxr-xr-x root/staff     1041 Jul 19 09:36 2001 usr/local/lib/ipsec/showdefaults
-rwxr-xr-x root/staff     3055 Jul 19 09:36 2001 usr/local/lib/ipsec/showhostkey
-rwxr-xr-x root/staff     2163 Jul 19 09:36 2001 usr/local/lib/ipsec/_include
-rwxr-xr-x root/staff    10884 Jul 19 09:36 2001 usr/local/lib/ipsec/_confread
-rwxr-xr-x root/staff     1383 Jul 19 09:36 2001 usr/local/lib/ipsec/_keycensor
-rwxr-xr-x root/staff     1904 Jul 19 09:36 2001 usr/local/lib/ipsec/_secretcensor
-rwxr-xr-x root/staff     5466 Oct 18 13:10 2001 usr/local/lib/ipsec/_updown
-rwxr-xr-x root/staff     6709 Jul 19 09:36 2001 usr/local/lib/ipsec/_realsetup
-rwxr-xr-x root/staff     6097 Oct 18 12:26 2001 usr/local/lib/ipsec/_startklips
-rwxr-xr-x root/staff     3404 Jul 19 09:36 2001 usr/local/lib/ipsec/_plutorun
-rwxr-xr-x root/staff     3271 Jul 19 09:36 2001 usr/local/lib/ipsec/_plutoload
-rwxr-xr-x root/staff     6620 Jul 19 09:45 2001 usr/local/lib/ipsec/ranbits
-rwxr-xr-x root/staff    45364 Jul 19 09:45 2001 usr/local/lib/ipsec/rsasigkey
lrwxrwxrwx root/staff        0 Nov 14 03:03 2001 usr/local/lib/ipsec/setup -> /etc/init.d/ipsec
-rw-r--r-- root/root         5 Oct 19 10:59 2001 var/lib/lrpkg/ipsec.bktype
-rw-r--r-- root/root        87 Feb 25 11:15 2000 var/lib/lrpkg/ipsec.conf
-rw-r--r-- root/root      1857 Nov 14 03:48 2001 var/lib/lrpkg/ipsec.help
-rw-r--r-- root/root       106 Nov 14 03:43 2001 var/lib/lrpkg/ipsec.list
-rw-r--r-- root/root        37 Nov 14 03:43 2001 var/lib/lrpkg/ipsec.local
-rw-r--r-- root/root         7 Nov 14 03:42 2001 var/lib/lrpkg/ipsec.version

 1/18/02  10:43         137,907  ipsec509.lrp

-rwxr-xr-x root/src      30008 Nov 09 13:32 2001 usr/local/lib/ipsec/whack
-rwxr-xr-x root/src     302780 Nov 09 13:16 2001 usr/local/lib/ipsec/pluto
-rwxr-xr-x root/src      11334 Nov 09 13:14 2001 usr/local/lib/ipsec/auto
-rw-r--r-- root/root       198 Nov 14 03:59 2001 var/lib/lrpkg/ipsec509.help
-rw-r--r-- root/root       102 Nov 14 04:02 2001 var/lib/lrpkg/ipsec509.list
-rw-r--r-- root/root         0 Nov 14 04:02 2001 var/lib/lrpkg/ipsec509.local
-rw-r--r-- root/root         6 Nov 14 04:00 2001 var/lib/lrpkg/ipsec509.version

 1/18/02  10:35         614,863  certools.tgz

-rwxr-xr-x root/root    506232 Jan 18 10:35 2002 fswcert
-rwxr-xr-x root/root    976404 Jan 18 10:36 2002 openssl

SOURCE

Local Web Statistics
Send feedback about this web site.
Last modified: December 04, 2001