Introduction: Difference between revisions

From Libreswan
Jump to navigation Jump to search
(Created page with " * What's in a name Libreswan has its roots all the way back to [http://www.freeswan.org/ The FreeS/WAN Project] which was started by [http://www.toad.com/gnu/ John Gilmore] ...")
 
No edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:


* What's in a name
=== What's in the name ===


Libreswan has its roots all the way back to [http://www.freeswan.org/ The FreeS/WAN Project] which was started by [http://www.toad.com/gnu/ John Gilmore] in the late nineties. When the FreeS/WAN Project came to an end, it was continued by the people who worked on it under the name Openswan. A legal dispute about the trademark and ownership of the name lead to the creation of The Libreswan Project. See [[History of Libreswan]]
Libreswan has its roots all the way back to [http://www.freeswan.org/ The FreeS/WAN Project] which was started by [http://www.toad.com/gnu/ John Gilmore] in the late nineties. When the FreeS/WAN Project came to an end, it was continued by the people who worked on it under the name Openswan. A legal dispute about the trademark and ownership of the name lead to the creation of The Libreswan Project. See [[History]].


* design overview
=== Design overview ===


There are two parts to setting up IPsec based VPN tunnels
There are two parts to setting up IPsec based VPN tunnels:


* Internet Keying Exchange protocol
* Internet Key Exchange protocol


The IKE protocol is used by two end point systems to authenticate each other and agree to setup an IPsec tunnel for a specific network range using specific crypto parameters. Libreswan implements an IKE daemon ins a program called [[pluto]]
The IKE protocol is used by two end point systems to authenticate each other and agree to setup an IPsec tunnel for a specific network range using specific crypto parameters. Libreswan implements an IKE daemon ins a program called [[pluto]].


* IPsec protocol
* IPsec protocol

Latest revision as of 20:14, 27 April 2018

What's in the name

Libreswan has its roots all the way back to The FreeS/WAN Project which was started by John Gilmore in the late nineties. When the FreeS/WAN Project came to an end, it was continued by the people who worked on it under the name Openswan. A legal dispute about the trademark and ownership of the name lead to the creation of The Libreswan Project. See History.

Design overview

There are two parts to setting up IPsec based VPN tunnels:

  • Internet Key Exchange protocol

The IKE protocol is used by two end point systems to authenticate each other and agree to setup an IPsec tunnel for a specific network range using specific crypto parameters. Libreswan implements an IKE daemon ins a program called pluto.

  • IPsec protocol

The IPsec protocol is the actual specification of this agreed policy for the system (usually maintained by the operating system kernel). For the Linux operating system, there are two choices for an IPsec implementation, the default builtin NETKEY (aka XFRM) IPsec stack, or the libreswan native KLIPS IPsec stack. See KLIPS vs NETKEY for a detailed discussion on which stack you should use, but as a rule of thumb, NETKEY is the preferred stack for full fledged Linux systems, while KLIPS is the preferred stack for embedded systems with crypto hardware acceleration cards.