Libreswan Opportunistic IPsec using LetsEncrypt: Difference between revisions

From Libreswan
Jump to navigation Jump to search
m (documentation link update)
(implementation updated)
Line 8: Line 8:
Various functionalities of the project are listed below:
Various functionalities of the project are listed below:
* Can establish the secure OE (Opportunistic Encryption) connections between two hosts (client and server).
* Can establish the secure OE (Opportunistic Encryption) connections between two hosts (client and server).
* Checks for the success in establishing the OE connection.
* Easy to install on the hosts (client and server).
* Easy to install on the hosts (client and server).
* Can test OE connections between two hosts.
* Can test OE connections between two hosts.
* Checks if certbot is installed (on the server).
* Can generate Let's Encrypt certificates for the server using certbot.
* Can generate Let's Encrypt certificates for the server using certbot.
* Generates the certbot configuration for reusing the private key.
* Enables automatic update of the generated certificates, keeping the private key same.
* Enables automatic update of the generated certificates, keeping the private key same.
* Generates the #pkcs12 file.
* Imports the generated certificates into NSS Database to be used for OE.
* Imports the generated certificates into NSS Database to be used for OE.
* Provides details about various available utilities.
* Downloads the LetsEncrypt CA and intermediate certificates.
* Saves the default client/server configuration.
* Displays OE connection status to the user.
* Displays the certificates installed in NSS database.
* Provides details about various available utilities, {commands} and [arguments].


== Source code ==
== Source code ==

Revision as of 14:14, 11 August 2019

Introduction

Libreswan Opportunistic IPsec using LetsEncrypt is a project created during Google Summer of Code 2019. It adds a utility `letsencrypt` to the `ipsec`. letsencrypt invokes any of several utilities involved in controlling the Opportunistic Encryption system, running the specified {command} with the specified [argument] as if it had been invoked directly. e.g. `ipsec letsencrypt -h` lists the available commands.

It is a program in libreswan, which integrates libreswan with Opportunistic Encryption utilities. The script provides various OE functionality e.g. initial OE setup, testing configuration/connection, generating and updating Let's Encrypt certificates. The details about the utilities and using them can be found in the Documentation: Libreswan Opportunistic IPsec using LetsEncrypt . Also, the documentation includes the sample output for each {command} and [argument].

Implementation

Various functionalities of the project are listed below:

  • Can establish the secure OE (Opportunistic Encryption) connections between two hosts (client and server).
  • Checks for the success in establishing the OE connection.
  • Easy to install on the hosts (client and server).
  • Can test OE connections between two hosts.
  • Checks if certbot is installed (on the server).
  • Can generate Let's Encrypt certificates for the server using certbot.
  • Generates the certbot configuration for reusing the private key.
  • Enables automatic update of the generated certificates, keeping the private key same.
  • Generates the #pkcs12 file.
  • Imports the generated certificates into NSS Database to be used for OE.
  • Downloads the LetsEncrypt CA and intermediate certificates.
  • Saves the default client/server configuration.
  • Displays OE connection status to the user.
  • Displays the certificates installed in NSS database.
  • Provides details about various available utilities, {commands} and [arguments].

Source code

License