/ Linux Reviews / Networking / IPsec HOWTO - en


Ralf Spenneberg


Revision History
Revision 0.9.962007-02-26Revised by: RS
OpenSSL needs file: crlnumber
Revision 0.9.952005-09-03Revised by: RS
Added iptables rule setting the MSS and one minor correction
Revision 0.9.942005-07-19Revised by: RS
Added some remarks about routing
Revision 0.9.932005-03-3Revised by: RS
fwd-policy corrected, p12 added
Revision 0.9.922005-02-1Revised by: RS
fwd-policy added
Revision 0.9.912005-01-31Revised by: RS
/etc/ipsec.conf replaced by /etc/setkey.conf
Revision 0.9.92004-12-22Revised by: RS
Nat-Traversal added Changed Document structure
Revision 0.9.62004-01-28Revised by: RS
Correction modp768
Revision 0.9.52004-01-08Revised by: RS
Added Compilation of certpatch and keyconv
Revision 0.9.42003-08-28Revised by: RS
Revision 0.9.32003-08-22Revised by: RS
Fixed a typo
Revision 0.9.22003-08-19Revised by: RS
Fixed a typo
Revision 0.9.12003-08-18Revised by: RS
Minor corrections
Revision 0.9.02003-08-15Revised by: RS
Added: Using the OpenBSD isakmpd
Revision 0.8.32003-05-13Revised by: RS
Further typos corrected. Some sentences rephrased.
Revision 0.8.22003-05-03Revised by: RS
Revision 0.8.12003-04-30Revised by: RS
added chapter covering certificates
Revision 0.82003-04-18Revised by: RS
first draft

This HowTo will cover the basic and advanced steps setting up a VPN using IPsec based on the Linux Kernels 2.6. Since there is a vast amount of documentation available for the Linux Kernel 2.4, this HowTo will concentrate on the new IPsec Features in the 2.6 kernel.

1. Introduction

The latest version of this document can always be found at The Linux Documentation Project and at the official homepage http://www.ipsec-howto.org.

1.1. Reasons to write this HowTo

I have used numeruos HowTos in the past. Most were very valuable to me. When the new IPsec features in the Linux Kernel were implemented I started to play around using them. Soon I found out that only very little documentation exists. That started me writing this HowTo.

1.2. Format of this document

This document is broken down into 7 chapters.

Section 1: Introduction

This section

Section 2: Theory

IPsec theory. Essentially the IPsec protocols.

Section 3: Openswan

This section will describe how to setup Openswan on the Kernel 2.6.

Section 4: Racoon running on Linux Kernel 2.6

This section describes how to setup an IPsec VPN using the KAME tools setkey and racoon. This now includes NAT-Traversal.

Section 5: Isakmpd running on Linux Kernel 2.6

This section describes how to setup an IPsec VPN using OpenBSD isakmpd IKE daemon.

Section 6: Generating X.509 Certificates

This section describes how to generate X.509 Certificates using the openssl-Command.

Section 7: Advanced Configuration

This section gives some hints on XAUTH and on useful iptables-rules.

1.3. Contributors to this document

  • Matija Nalis

  • Fridtjof Busse

  • Uwe Beck

  • Juanjo Ciarlante

  • Ervin Hegedus

  • Barabara Kane

  • Alois Schmid

1.4. Legal Information

1.4.1. Copyright

Copyright (c) 2003 Ralf Spenneberg

Please freely copy and distribute (sell or give away) this document in any format. It's requested that corrections and/or comments be fowarded to the document maintainer. You may create a derivative work and distribute it provided that you:

  • Send your derivative work (in the most suitable format such as sgml) to the LDP (Linux Documentation Project) or the like for posting on the Internet. If not the LDP, then let the LDP know where it is available.

  • License the derivative work with this same license or use GPL. Include a copyright notice and at least a pointer to the license used.

  • Give due credit to previous authors and major contributors.

If you're considering making a derived work other than a translation, it's requested that you discuss your plans with the current maintainer.

1.4.2. Disclaimer

The author assumes no responsibility for anything done with this document, nor does he make any warranty, implied or explicit. If your dog dies, the author may not be made responsible!

/ Linux Reviews / Networking / IPsec HOWTO

Meet new people

Adult Dating