PacktLib: Openswan: Building and Integrating Virtual Private Networks

Building and Integrating Virtual Private Networks with Openswan

Credits

About the Authors

Acknowledgements

About the Reviewers

Preface

Thank you for buying Building and Integrating Virtual Private Networks with Openswan Packt Open Source Project Royalties

Writing for Packt

About Packt Publishing

Introduction

ICANN Bypassed

Useful Legal Links

Practical Overview of the IPsec Protocol

IPsec: A Suite of Protocols

Building and Installing Openswan

Linux Distributions

Deciding on the Userland

Choosing the Kernel IPsec Stack

Binary Installation of the Openswan Userland

Building from Source

Building the Openswan Userland from Source

Binary Installation of KLIPS

Building KLIPS from Source

Building KLIPS into the Linux Kernel Source Tree

Verifying the Installation

Summary

Configuring IPsec

Host-to-Host Tunnel

Aggressive Mode

Fine Tuning

Summary

X.509 Certificates

Summary

Opportunistic Encryption

The OE DNS Records

Name Server Updates

Dealing with Firewalls

Where to Firewall?

Allowing IPsec Traffic

Configuring the Firewall on the Openswan Host

Summary

Interoperating with Microsoft Windows and Apple Mac OS X

Interoperating with Other Vendors

Cisco PIX Concentrator

ZyXEL

Encrypting the Local Network

Windows Client Issues

Enterprise Implementation

Cipher Performance

Handling Thousands of Tunnels

Managing Large Configuration Files

Openswan Startup Time

Limitations of the Random Device

Other Performance-Enhancing Factors

Using Anycast

Summary

Debugging and Troubleshooting

Network Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Unresolved and Upcoming Issues

Networking 101

Openswan Resources on the Internet

Openswan Resources on the Internet

Openswan Resources on the Internet

Openswan Resources on the Internet

Openswan Resources on the Internet

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)

IPsec-Related Requests For Comments (RFCs)