3 <title>FreeS/WAN roadmap
</title>
4 <meta name=
"keywords" content=
"Linux, IPsec, VPN, security, FreeSWAN">
8 Written by Sandy Harris for the Linux FreeS/WAN project
9 Freely distributable under the GNU General Public License
11 More information at www.freeswan.org
12 Feedback to users@lists.freeswan.org
15 RCS ID: $Id: roadmap.html,v 1.1 2004/03/15 20:35:24 as Exp $
16 Last changed: $Date: 2004/03/15 20:35:24 $
17 Revision number: $Revision: 1.1 $
19 CVS revision numbers do not correspond to FreeS/WAN release numbers.
24 <h1><a name=
"roadmap">Distribution Roadmap: What's Where in Linux FreeS/WAN
</a></h1>
27 This file is a guide to the locations of files within the FreeS/WAN
28 distribution. Everything described here should be on your system once you
29 download, gunzip, and untar the distribution.
</p>
31 <p>This distribution contains two major subsystems
34 <dt><a href=
"#klips.roadmap">KLIPS
</a></dt>
35 <dd>the kernel code
</dd>
36 <dt><a href=
"#pluto.roadmap">Pluto
</a></dt>
37 <dd>the user-level key-management daemon
</dd>
40 <p>plus assorted odds and ends.
42 <h2><a name=
"top">Top directory
</a></h2>
44 <p>The top directory has essential information in text files:
</p>
48 <dd>introduction to the software
</dd>
50 <dd>short experts-only installation procedures. More detalied procedures are in
51 <a href=
"install.html">installation
</a> and
52 <a href=
"config.html">configuration
</a> HTML documents.
</dd>
54 <dd>major known bugs in the current release.
</dd>
56 <dd>changes from previous releases
</dd>
58 <dd>acknowledgement of contributors
</dd>
60 <dd>licensing and distribution information
</dd>
63 <h2><a name=
"doc">Documentation
</a></h2>
66 The doc directory contains the bulk of the documentation, most of it in
67 HTML format. See the
<a href=
"index.html">index file
</a> for details.
70 <h2><a name=
"klips.roadmap">KLIPS: kernel IP security
</a></h2>
73 <a href=
"glossary.html#KLIPS">KLIPS
</a> is
<strong>K
</strong>erne
<strong>L
</strong>
74 <strong>IP
</strong> <strong>S
</strong>ecurity. It lives in the klips
79 <dd>documentation
</dd>
80 <dt>klips/patches
</dt>
81 <dd>patches for existing kernel files
</dd>
85 <dd>low-level user utilities
</dd>
86 <dt>klips/net/ipsec
</dt>
87 <dd>actual klips kernel files
</dd>
89 <dd>symbolic link to klips/net/ipsec
90 <p>The
"make insert" step of installation installs the patches and makes
91 a symbolic link from the kernel tree to klips/net/ipsec. The odd name of
92 klips/net/ipsec is dictated by some annoying limitations of the scripts
93 which build the Linux kernel. The symbolic-link business is a bit
94 messy, but all the alternatives are worse.
</p>
102 <dd>manipulate IPsec extended routing tables
</dd>
104 <dd>set Klips (kernel IPsec support) debug features and level
</dd>
106 <dd>manage IPsec Security Associations
</dd>
108 <dd>group/ungroup IPsec Security Associations
</dd>
110 <dd>associate IPsec virtual interface with real interface
</dd>
112 <p>These are all normally invoked by ipsec(
8) with commands such as
</p>
113 <pre> ipsec tncfg
<var>arguments
</var></pre>
114 There are section
8 man pages for all of these; the names have
"ipsec_"
115 as a prefix, so your man command should be something like:
116 <pre> man
8 ipsec_tncfg
</pre>
120 <h2><a name=
"pluto.roadmap">Pluto key and connection management daemon
</a></h2>
123 <a href=
"glossary.html#Pluto">Pluto
</a> is our key management and negotiation daemon. It
124 lives in the pluto directory, along with its low-level user utility,
128 There are no subdirectories. Documentation is a man page,
129 <a href=
"manpage.d/ipsec_pluto.8.html">pluto
.8</a>. This covers whack as well.
132 <h2><a name=
"utils">Utils
</a></h2>
135 The utils directory contains a growing collection of higher-level user
136 utilities, the commands that administer and control the software. Most of the
137 things that you will actually have to run yourself are in there.
141 <dd>invoke IPsec utilities
142 <p>ipsec(
8) is normally the only program installed in a standard
143 directory, /usr/local/sbin. It is used to invoke the others, both those
144 listed below and the ones in klips/utils mentioned above.
</p>
148 <dd>control automatically-keyed IPsec connections
</dd>
150 <dd>take manually-keyed IPsec connections up and down
</dd>
152 <dd>generate copious debugging output
</dd>
154 <dd>generate moderate amounts of debugging output
</dd>
157 There are
.8 manual pages for these. look is covered in barf
.8. The man pages
158 have an
"ipsec_" prefix so your man command should be something like:
163 Examples are in various files with names utils/*.eg
</p>
165 <h2><a name=
"lib">Libraries
</a></h2>
167 <h3><a name=
"fswanlib">FreeS/WAN Library
</a></h3>
170 The lib directory is the FreeS/WAN library, also steadily growing, used by
171 both user-level and kernel code.
<br />
172 It includes section
3 <a href=
"manpages.html">man pages
</a> for the library routines.
174 <h3><a name=
"otherlib">Imported Libraries
</a></h3>
178 The libdes library, originally from SSLeay, is used by both Klips and Pluto
179 for
<a href=
"glossary.html#3DES">Triple DES
</a> encryption. Single DES is not
180 used because
<a href=
"politics.html#desnotsecure">it is
183 Note that this library has its own license, different from the
184 <a href=
"glossary.html#GPL">GPL
</a> used for other code in FreeS/WAN.
187 The library includes its own documentation.
192 The GMP (GNU multi-precision) library is used for multi-precision arithmetic
193 in Pluto's key-exchange code and public key code.
195 Older versions (up to
1.7) of FreeS/WAN included a copy of this library in
196 the FreeS/WAN distribution.
198 Since
1.8, we have begun to rely on the system copy of GMP.