Libreswan Opportunistic IPsec using LetsEncrypt: Difference between revisions
mNo edit summary |
(proper formatting) |
||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
Libreswan Opportunistic IPsec using LetsEncrypt is a project created during Google Summer of Code 2019. It adds a utility | Libreswan Opportunistic IPsec using LetsEncrypt is a project created during Google Summer of Code 2019. It adds a utility <code>letsencrypt</code> to the <code>ipsec</code>. letsencrypt invokes any of several utilities involved in controlling the Opportunistic Encryption system, running the specified {command} with the specified [argument] as if it had been invoked directly. | ||
e.g. | e.g. <code>ipsec letsencrypt -h</code> lists the available commands. | ||
It is a program in libreswan, which integrates libreswan with Opportunistic Encryption utilities. The script provides various OE functionality e.g. initial OE setup, testing configuration/connection, generating and updating Let's Encrypt certificates. The details about the utilities and using them can be found in the [[ Documentation: Libreswan Opportunistic IPsec using LetsEncrypt ]]. Also, the documentation includes the sample output for each {command} and [argument]. | It is a program in libreswan, which integrates libreswan with Opportunistic Encryption utilities. The script provides various OE functionality e.g. initial OE setup, testing configuration/connection, generating and updating Let's Encrypt certificates. The details about the utilities and using them can be found in the [[ Documentation: Libreswan Opportunistic IPsec using LetsEncrypt ]]. Also, the documentation includes the sample output for each {command} and [argument]. | ||
Revision as of 15:53, 11 August 2019
Introduction
Libreswan Opportunistic IPsec using LetsEncrypt is a project created during Google Summer of Code 2019. It adds a utility letsencrypt to the ipsec. letsencrypt invokes any of several utilities involved in controlling the Opportunistic Encryption system, running the specified {command} with the specified [argument] as if it had been invoked directly.
e.g. ipsec letsencrypt -h lists the available commands.
It is a program in libreswan, which integrates libreswan with Opportunistic Encryption utilities. The script provides various OE functionality e.g. initial OE setup, testing configuration/connection, generating and updating Let's Encrypt certificates. The details about the utilities and using them can be found in the Documentation: Libreswan Opportunistic IPsec using LetsEncrypt . Also, the documentation includes the sample output for each {command} and [argument].
Implementation
Various functionalities of the project are listed below:
- Can establish the secure OE (Opportunistic Encryption) connections between two hosts (client and server).
- Checks for the success in establishing the OE connection.
- Easy to install on the hosts (client and server).
- Can test OE connections between two hosts.
- Checks if certbot is installed (on the server).
- Can generate Let's Encrypt certificates for the server using certbot.
- Generates the certbot configuration for reusing the private key.
- Enables automatic update of the generated certificates, keeping the private key same.
- Generates the #pkcs12 file.
- Imports the generated certificates into NSS Database to be used for OE.
- Downloads the LetsEncrypt CA and intermediate certificates.
- Saves the default client/server configuration.
- Displays OE connection status to the user.
- Displays the certificates installed in NSS database.
- Provides details about various available utilities, {commands} and [arguments].
Source code
The source code of Libreswan Opportunistic IPsec using LetsEncrypt is available at Github:Libreswan-Opportunistic-IPsec. The original developer of the program is Rishabh Chaudhary. The project was developed under the expert guidance/mentorship of Paul Wouters & Tuomo Soini. This project was sponsored by Google as a part of Google Summer of Code 2019 Program.
License
This project is Licensed under GNU General Public License v2.0.