This document is intended to be a primer on how to get IPsec on FreeBSD up and running, interoperating both with another FreeBSD (or NetBSD or any other KAME-derived stack) machine, and a Windows 2000 machine. IPsec is a means . . .
This document is intended to be a primer on how to get IPsec on FreeBSD up and running, interoperating both with another FreeBSD (or NetBSD or any other KAME-derived stack) machine, and a Windows 2000 machine. IPsec is a means to secure IP layer communications between hosts, and can secure both IPv4 and IPv6 traffic. Only IPsec over IPv4 will be discussed here.

IPsec can be used to build tunnels between subnets (tunnel mode) or secure communication between two machines directly (transport mode) with the guarantee that the packets are encrypted, authenticated and anti-replay protected (by sequence-numbers) with limited traffic flow confidentiality. By design, IPsec communication is encrypted by symmetric algorithms (Blowfish, DES, 3DES). This is known as ESP (Encapsulating Security Payload) mode, in which the payload of a packet is encrypted. The headers of the packet are left untouched. If you do not want to encrypt the traffic, you can use IPsec in what's known as AH (Authenticaed Header) mode. In this mode, the payload of the packet is not encrypted, but the header fields are hashed using a secure hashing function, and an additional header containing this hash is added to the packet to allow the information in the packet to be authenticated.

The link for this article located at DaemonNews is no longer available.