]>
Commit | Line | Data |
---|---|---|
997358a6 MW |
1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> |
2 | <HTML> | |
3 | <HEAD> | |
4 | <TITLE>Introduction to FreeS/WAN</TITLE> | |
5 | <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1"> | |
6 | <STYLE TYPE="text/css"><!-- | |
7 | BODY { font-family: serif } | |
8 | H1 { font-family: sans-serif } | |
9 | H2 { font-family: sans-serif } | |
10 | H3 { font-family: sans-serif } | |
11 | H4 { font-family: sans-serif } | |
12 | H5 { font-family: sans-serif } | |
13 | H6 { font-family: sans-serif } | |
14 | SUB { font-size: smaller } | |
15 | SUP { font-size: smaller } | |
16 | PRE { font-family: monospace } | |
17 | --></STYLE> | |
18 | </HEAD> | |
19 | <BODY> | |
20 | <H1 ALIGN="CENTER"><A NAME="CONTENTS">Table of Contents</A></H1> | |
21 | <BR> | |
22 | <BR><B><A HREF="intro.html#intro">Introduction</A></B> | |
23 | <UL> | |
24 | <LI><A HREF="intro.html#ipsec.intro">IPsec, Security for the Internet | |
25 | Protocol</A></LI> | |
26 | <UL> | |
27 | <LI><A HREF="intro.html#intro.interop">Interoperating with other IPsec | |
28 | implementations</A></LI> | |
29 | <LI><A HREF="ipsec.html#advantages">Advantages of IPsec</A></LI> | |
30 | <LI><A HREF="intro.html#applications">Applications of IPsec</A></LI> | |
31 | <LI><A HREF="intro.html#types">The need to authenticate gateways</A></LI> | |
32 | </UL> | |
33 | <LI><A HREF="intro.html#project">The FreeS/WAN project</A></LI> | |
34 | <UL> | |
35 | <LI><A HREF="intro.html#goals">Project goals</A></LI> | |
36 | <LI><A HREF="intro.html#staff">Project team</A></LI> | |
37 | </UL> | |
38 | <LI><A HREF="intro.html#products">Products containing FreeS/WAN</A></LI> | |
39 | <UL> | |
40 | <LI><A HREF="intro.html#distwith">Full Linux distributions</A></LI> | |
41 | <LI><A HREF="intro.html#kernel_dist">Linux kernel distributions</A></LI> | |
42 | <LI><A HREF="intro.html#office_dist">Office server distributions</A></LI> | |
43 | <LI><A HREF="intro.html#fw_dist">Firewall distributions</A></LI> | |
44 | <LI><A HREF="intro.html#turnkey">Firewall and VPN products</A></LI> | |
45 | </UL> | |
46 | <LI><A HREF="intro.html#docs">Information sources</A></LI> | |
47 | <UL> | |
48 | <LI><A HREF="intro.html#docformats">This HowTo, in multiple formats</A></LI> | |
49 | <LI><A HREF="intro.html#rtfm">RTFM (please Read The Fine Manuals)</A></LI> | |
50 | <LI><A HREF="intro.html#text">Other documents in the distribution</A></LI> | |
51 | <LI><A HREF="intro.html#assumptions">Background material</A></LI> | |
52 | <LI><A HREF="intro.html#archives">Archives of the project mailing list</A> | |
53 | </LI> | |
54 | <LI><A HREF="intro.html#howto">User-written HowTo information</A></LI> | |
55 | <LI><A HREF="intro.html#applied">Papers on FreeS/WAN</A></LI> | |
56 | <LI><A HREF="intro.html#licensing">License and copyright information</A></LI> | |
57 | </UL> | |
58 | <LI><A HREF="intro.html#sites">Distribution sites</A></LI> | |
59 | <UL> | |
60 | <LI><A HREF="intro.html#1_5_1">Primary site</A></LI> | |
61 | <LI><A HREF="intro.html#mirrors">Mirrors</A></LI> | |
62 | <LI><A HREF="intro.html#munitions">The "munitions" archive of Linux | |
63 | crypto software</A></LI> | |
64 | </UL> | |
65 | <LI><A HREF="intro.html#1_6">Links to other sections</A></LI> | |
66 | </UL> | |
67 | <B><A HREF="upgrading.html#2">Upgrading to FreeS/WAN 2.x</A></B> | |
68 | <UL> | |
69 | <LI><A HREF="upgrading.html#2_1">New! Built in Opportunistic connections</A> | |
70 | </LI> | |
71 | <UL> | |
72 | <LI><A HREF="upgrading.html#2_1_1">Upgrading Opportunistic Encryption to | |
73 | 2.01 (or later)</A></LI> | |
74 | </UL> | |
75 | <LI><A HREF="upgrading.html#2_2">New! Policy Groups</A></LI> | |
76 | <LI><A HREF="upgrading.html#2_3">New! Packetdefault Connection</A></LI> | |
77 | <LI><A HREF="upgrading.html#2_4">FreeS/WAN now disables Reverse Path | |
78 | Filtering</A></LI> | |
79 | <LI><A HREF="upgrading.html#2_5">Revised ipsec.conf</A></LI> | |
80 | <UL> | |
81 | <LI><A HREF="upgrading.html#2_5_1">No promise of compatibility</A></LI> | |
82 | <LI><A HREF="upgrading.html#2_5_2">Most ipsec.conf files will work fine</A> | |
83 | </LI> | |
84 | <LI><A HREF="upgrading.html#2_5_3">Backward compatibility patch</A></LI> | |
85 | <LI><A HREF="upgrading.html#2_5_4">Details</A></LI> | |
86 | <LI><A HREF="upgrading.html#2_5_5">Upgrading from 1.x RPMs to 2.x RPMs</A> | |
87 | </LI> | |
88 | </UL> | |
89 | </UL> | |
90 | <B><A HREF="quickstart.html#quickstart">Quickstart Guide to | |
91 | Opportunistic Encryption</A></B> | |
92 | <UL> | |
93 | <LI><A HREF="quickstart.html#opp.setup">Purpose</A></LI> | |
94 | <UL> | |
95 | <LI><A HREF="quickstart.html#3_1_1">OE "flag day"</A></LI> | |
96 | </UL> | |
97 | <LI><A HREF="quickstart.html#opp.dns">Requirements</A></LI> | |
98 | <LI><A HREF="quickstart.html#easy.install">RPM install</A></LI> | |
99 | <UL> | |
100 | <LI><A HREF="quickstart.html#3_3_1">Download RPMs</A></LI> | |
101 | <LI><A HREF="quickstart.html#3_3_2">Check signatures</A></LI> | |
102 | <LI><A HREF="quickstart.html#3_3_3">Install the RPMs</A></LI> | |
103 | <LI><A HREF="quickstart.html#testinstall">Test</A></LI> | |
104 | </UL> | |
105 | <LI><A HREF="quickstart.html#opp.setups.list">Our Opportunistic Setups</A> | |
106 | </LI> | |
107 | <UL> | |
108 | <LI><A HREF="quickstart.html#3_4_1">Full or partial opportunism?</A></LI> | |
109 | </UL> | |
110 | <LI><A HREF="quickstart.html#opp.client">Initiate-only setup</A></LI> | |
111 | <UL> | |
112 | <LI><A HREF="quickstart.html#3_5_1">Restrictions</A></LI> | |
113 | <LI><A HREF="quickstart.html#forward.dns">Create and publish a forward | |
114 | DNS record</A></LI> | |
115 | <LI><A HREF="quickstart.html#3_5_3">Test that your key has been | |
116 | published</A></LI> | |
117 | <LI><A HREF="quickstart.html#3_5_4">Configure, if necessary</A></LI> | |
118 | <LI><A HREF="quickstart.html#3_5_5">Test</A></LI> | |
119 | </UL> | |
120 | <LI><A HREF="quickstart.html#3_6">Full Opportunism</A></LI> | |
121 | <UL> | |
122 | <LI><A HREF="quickstart.html#3_6_1">Put a TXT record in a Forward Domain</A> | |
123 | </LI> | |
124 | <LI><A HREF="quickstart.html#3_6_2">Put a TXT record in Reverse DNS</A></LI> | |
125 | <LI><A HREF="quickstart.html#3_6_3">Test your DNS record</A></LI> | |
126 | <LI><A HREF="quickstart.html#3_6_4">No Configuration Needed</A></LI> | |
127 | <LI><A HREF="quickstart.html#3_6_5">Consider Firewalling</A></LI> | |
128 | <LI><A HREF="quickstart.html#3_6_6">Test</A></LI> | |
129 | <LI><A HREF="quickstart.html#3_6_7">Test</A></LI> | |
130 | </UL> | |
131 | <LI><A HREF="quickstart.html#opp.test">Testing opportunistic connections</A> | |
132 | </LI> | |
133 | <LI><A HREF="quickstart.html#3_8">Now what?</A></LI> | |
134 | <LI><A HREF="quickstart.html#3_9">Notes</A></LI> | |
135 | <LI><A HREF="quickstart.html#3_10">Troubleshooting OE</A></LI> | |
136 | <LI><A HREF="quickstart.html#3_11">Known Issues</A></LI> | |
137 | </UL> | |
138 | <B><A HREF="policygroups.html#4">How to Configure Linux FreeS/WAN with | |
139 | Policy Groups</A></B> | |
140 | <UL> | |
141 | <LI><A HREF="policygroups.html#4_1">What are Policy Groups?</A></LI> | |
142 | <UL> | |
143 | <LI><A HREF="policygroups.html#4_1_1">Built-In Security Options</A></LI> | |
144 | </UL> | |
145 | <LI><A HREF="policygroups.html#4_2">Using Policy Groups</A></LI> | |
146 | <UL> | |
147 | <LI><A HREF="policygroups.html#4_2_1">Example 1: Using a Base Policy | |
148 | Group</A></LI> | |
149 | <LI><A HREF="policygroups.html#4_2_2">Example 2: Defining IPsec Security | |
150 | Policy with Groups</A></LI> | |
151 | <LI><A HREF="policygroups.html#4_2_3">Example 3: Creating a Simple IPsec | |
152 | VPN with the private Group</A></LI> | |
153 | <LI><A HREF="policygroups.html#4_2_4">Example 4: New Policy Groups to | |
154 | Protect a Subnet</A></LI> | |
155 | <LI><A HREF="policygroups.html#4_2_5">Example 5: Adding a Subnet to the | |
156 | VPN</A></LI> | |
157 | </UL> | |
158 | <LI><A HREF="policygroups.html#4_3">Appendix</A></LI> | |
159 | <UL> | |
160 | <LI><A HREF="policygroups.html#4_3_1">Our Hidden Connections</A></LI> | |
161 | <LI><A HREF="policygroups.html#4_3_2">Custom Policy Groups</A></LI> | |
162 | <LI><A HREF="policygroups.html#4_3_3">Disabling Opportunistic Encryption</A> | |
163 | </LI> | |
164 | </UL> | |
165 | </UL> | |
166 | <B><A HREF="faq.html#5">FreeS/WAN FAQ</A></B> | |
167 | <UL> | |
168 | <LI><A HREF="faq.html#questions">Index of FAQ questions</A></LI> | |
169 | <LI><A HREF="faq.html#whatzit">What is FreeS/WAN?</A></LI> | |
170 | <LI><A HREF="faq.html#problems">How do I report a problem or seek help?</A> | |
171 | </LI> | |
172 | <LI><A HREF="faq.html#generic">Can I get ...</A></LI> | |
173 | <UL> | |
174 | <LI><A HREF="faq.html#lemme_out">Can I get an off-the-shelf system that | |
175 | includes FreeS/WAN?</A></LI> | |
176 | <LI><A HREF="faq.html#consultant">Can I hire consultants or staff who | |
177 | know FreeS/WAN?</A></LI> | |
178 | <LI><A HREF="faq.html#commercial">Can I get commercial support?</A></LI> | |
179 | </UL> | |
180 | <LI><A HREF="faq.html#release">Release questions</A></LI> | |
181 | <UL> | |
182 | <LI><A HREF="faq.html#rel.current">What is the current release?</A></LI> | |
183 | <LI><A HREF="faq.html#relwhen">When is the next release?</A></LI> | |
184 | <LI><A HREF="faq.html#rel.bugs">Are there known bugs in the current | |
185 | release?</A></LI> | |
186 | </UL> | |
187 | <LI><A HREF="faq.html#mod_cons">Modifications and contributions</A></LI> | |
188 | <UL> | |
189 | <LI><A HREF="faq.html#modify.faq">Can I modify FreeS/WAN to ...?</A></LI> | |
190 | <LI><A HREF="faq.html#contrib.faq">Can I contribute to the project?</A></LI> | |
191 | <LI><A HREF="faq.html#ddoc.faq">Is there detailed design documentation?</A> | |
192 | </LI> | |
193 | </UL> | |
194 | <LI><A HREF="faq.html#interact">Will FreeS/WAN work in my environment?</A> | |
195 | </LI> | |
196 | <UL> | |
197 | <LI><A HREF="faq.html#interop.faq">Can FreeS/WAN talk to ...?</A></LI> | |
198 | <LI><A HREF="faq.html#old_to_new">Can different FreeS/WAN versions talk | |
199 | to each other?</A></LI> | |
200 | <LI><A HREF="faq.html#faq.bandwidth">Is there a limit on throughput?</A></LI> | |
201 | <LI><A HREF="faq.html#faq.number">Is there a limit on number of tunnels?</A> | |
202 | </LI> | |
203 | <LI><A HREF="faq.html#faq.speed">Is a ... fast enough to handle | |
204 | FreeS/WAN with my loads?</A></LI> | |
205 | </UL> | |
206 | <LI><A HREF="faq.html#work_on">Will FreeS/WAN work on ... ?</A></LI> | |
207 | <UL> | |
208 | <LI><A HREF="faq.html#versions">Will FreeS/WAN run on my version of | |
209 | Linux?</A></LI> | |
210 | <LI><A HREF="faq.html#nonIntel.faq">Will FreeS/WAN run on non-Intel | |
211 | CPUs?</A></LI> | |
212 | <LI><A HREF="faq.html#multi.faq">Will FreeS/WAN run on multiprocessors?</A> | |
213 | </LI> | |
214 | <LI><A HREF="faq.html#k.old">Will FreeS/WAN work on an older kernel?</A></LI> | |
215 | <LI><A HREF="faq.html#k.versions">Will FreeS/WAN run on the latest | |
216 | kernel version?</A></LI> | |
217 | <LI><A HREF="faq.html#interface.faq">Will FreeS/WAN work on unusual | |
218 | network hardware?</A></LI> | |
219 | <LI><A HREF="faq.html#vlan">Will FreeS/WAN work on a VLAN (802.1q) | |
220 | network?</A></LI> | |
221 | </UL> | |
222 | <LI><A HREF="faq.html#features.faq">Does FreeS/WAN support ...</A></LI> | |
223 | <UL> | |
224 | <LI><A HREF="faq.html#VPN.faq">Does FreeS/WAN support site-to-site VPN ( | |
225 | Virtual Private Network) applications?</A></LI> | |
226 | <LI><A HREF="faq.html#warrior.faq">Does FreeS/WAN support remote users | |
227 | connecting to a LAN?</A></LI> | |
228 | <LI><A HREF="faq.html#road.shared.possible">Does FreeS/WAN support | |
229 | remote users using shared secret authentication?</A></LI> | |
230 | <LI><A HREF="faq.html#wireless.faq">Does FreeS/WAN support wireless | |
231 | networks?</A></LI> | |
232 | <LI><A HREF="faq.html#PKIcert">Does FreeS/WAN support X.509 or other PKI | |
233 | certificates?</A></LI> | |
234 | <LI><A HREF="faq.html#Radius">Does FreeS/WAN support user authentication | |
235 | (Radius, SecureID, Smart Card...)?</A></LI> | |
236 | <LI><A HREF="faq.html#NATtraversal">Does FreeS/WAN support NAT | |
237 | traversal?</A></LI> | |
238 | <LI><A HREF="faq.html#virtID">Does FreeS/WAN support assigning a | |
239 | "virtual identity" to a remote system?</A></LI> | |
240 | <LI><A HREF="faq.html#noDES.faq">Does FreeS/WAN support single DES | |
241 | encryption?</A></LI> | |
242 | <LI><A HREF="faq.html#AES.faq">Does FreeS/WAN support AES encryption?</A> | |
243 | </LI> | |
244 | <LI><A HREF="faq.html#other.cipher">Does FreeS/WAN support other | |
245 | encryption algorithms?</A></LI> | |
246 | </UL> | |
247 | <LI><A HREF="faq.html#canI">Can I ...</A></LI> | |
248 | <UL> | |
249 | <LI><A HREF="faq.html#policy.preconfig">Can I use policy groups along | |
250 | with explicitly configured connections?</A></LI> | |
251 | <LI><A HREF="faq.html#policy.off">Can I turn off policy groups?</A></LI> | |
252 | <LI><A HREF="faq.html#reload">Can I reload connection info without | |
253 | restarting?</A></LI> | |
254 | <LI><A HREF="faq.html#masq.faq">Can I use several masqueraded subnets?</A> | |
255 | </LI> | |
256 | <LI><A HREF="faq.html#dup_route">Can I use subnets masqueraded to the | |
257 | same addresses?</A></LI> | |
258 | <LI><A HREF="faq.html#road.masq">Can I assign a road warrior an address | |
259 | on my net (a virtual identity)?</A></LI> | |
260 | <LI><A HREF="faq.html#road.many">Can I support many road warriors with | |
261 | one gateway?</A></LI> | |
262 | <LI><A HREF="faq.html#road.PSK">Can I have many road warriors using | |
263 | shared secret authentication?</A></LI> | |
264 | <LI><A HREF="faq.html#QoS">Can I use Quality of Service routing with | |
265 | FreeS/WAN?</A></LI> | |
266 | <LI><A HREF="faq.html#deadtunnel">Can I recognise dead tunnels and shut | |
267 | them down?</A></LI> | |
268 | <LI><A HREF="faq.html#demanddial">Can I build IPsec tunnels over a | |
269 | demand-dialed link?</A></LI> | |
270 | <LI><A HREF="faq.html#GRE">Can I build GRE, L2TP or PPTP tunnels over | |
271 | IPsec?</A></LI> | |
272 | <LI><A HREF="faq.html#NetBIOS">... use Network Neighborhood (Samba, | |
273 | NetBIOS) over IPsec?</A></LI> | |
274 | </UL> | |
275 | <LI><A HREF="faq.html#setup.faq">Life's little mysteries</A></LI> | |
276 | <UL> | |
277 | <LI><A HREF="faq.html#cantping">I cannot ping ....</A></LI> | |
278 | <LI><A HREF="faq.html#forever">It takes forever to ...</A></LI> | |
279 | <LI><A HREF="faq.html#route">I send packets to the tunnel with route(8) | |
280 | but they vanish</A></LI> | |
281 | <LI><A HREF="faq.html#down_route">When a tunnel goes down, packets | |
282 | vanish</A></LI> | |
283 | <LI><A HREF="faq.html#firewall_ate">The firewall ate my packets!</A></LI> | |
284 | <LI><A HREF="faq.html#dropconn">Dropped connections</A></LI> | |
285 | <LI><A HREF="faq.html#defaultroutegone">Disappearing %defaultroute</A></LI> | |
286 | <LI><A HREF="faq.html#tcpdump.faq">TCPdump on the gateway shows strange | |
287 | things</A></LI> | |
288 | <LI><A HREF="faq.html#no_trace">Traceroute does not show anything | |
289 | between the gateways</A></LI> | |
290 | </UL> | |
291 | <LI><A HREF="faq.html#man4debug">Testing in stages</A></LI> | |
292 | <UL> | |
293 | <LI><A HREF="faq.html#nomanual">Manually keyed connections don't work</A> | |
294 | </LI> | |
295 | <LI><A HREF="faq.html#spi_error">One manual connection works, but second | |
296 | one fails</A></LI> | |
297 | <LI><A HREF="faq.html#man_no_auto">Manual connections work, but | |
298 | automatic keying doesn't</A></LI> | |
299 | <LI><A HREF="faq.html#nocomp">IPsec works, but connections using | |
300 | compression fail</A></LI> | |
301 | <LI><A HREF="faq.html#pmtu.broken">Small packets work, but large | |
302 | transfers fail</A></LI> | |
303 | <LI><A HREF="faq.html#subsub">Subnet-to-subnet works, but tests from the | |
304 | gateways don't</A></LI> | |
305 | </UL> | |
306 | <LI><A HREF="faq.html#compile.faq">Compilation problems</A></LI> | |
307 | <UL> | |
308 | <LI><A HREF="faq.html#gmp.h_missing">gmp.h: No such file or directory</A> | |
309 | </LI> | |
310 | <LI><A HREF="faq.html#noVM">... virtual memory exhausted</A></LI> | |
311 | </UL> | |
312 | <LI><A HREF="faq.html#error">Interpreting error messages</A></LI> | |
313 | <UL> | |
314 | <LI><A HREF="faq.html#route-client">route-client (or host) exited with | |
315 | status 7</A></LI> | |
316 | <LI><A HREF="faq.html#unreachable">SIOCADDRT:Network is unreachable</A></LI> | |
317 | <LI><A HREF="faq.html#modprobe">ipsec_setup: modprobe: Can't locate | |
318 | module ipsec</A></LI> | |
319 | <LI><A HREF="faq.html#noKLIPS">ipsec_setup: Fatal error, kernel appears | |
320 | to lack KLIPS</A></LI> | |
321 | <LI><A HREF="faq.html#noDNS">ipsec_setup: ... failure to fetch key for | |
322 | ... from DNS</A></LI> | |
323 | <LI><A HREF="faq.html#dup_address">ipsec_setup: ... interfaces ... and | |
324 | ... share address ...</A></LI> | |
325 | <LI><A HREF="faq.html#kflags">ipsec_setup: Cannot adjust kernel flags</A> | |
326 | </LI> | |
327 | <LI><A HREF="faq.html#message_num">Message numbers (MI3, QR1, et cetera) | |
328 | in Pluto messages</A></LI> | |
329 | <LI><A HREF="faq.html#conn_name">Connection names in Pluto error | |
330 | messages</A></LI> | |
331 | <LI><A HREF="faq.html#cantorient">Pluto: ... can't orient connection</A></LI> | |
332 | <LI><A HREF="faq.html#no.interface">... we have no ipsecN interface for | |
333 | either end of this connection</A></LI> | |
334 | <LI><A HREF="faq.html#noconn">Pluto: ... no connection is known</A></LI> | |
335 | <LI><A HREF="faq.html#nosuit">Pluto: ... no suitable connection ...</A></LI> | |
336 | <LI><A HREF="faq.html#noconn.auth">Pluto: ... no connection has been | |
337 | authorized</A></LI> | |
338 | <LI><A HREF="faq.html#noDESsupport">Pluto: ... OAKLEY_DES_CBC is not | |
339 | supported.</A></LI> | |
340 | <LI><A HREF="faq.html#notransform">Pluto: ... no acceptable transform</A> | |
341 | </LI> | |
342 | <LI><A HREF="faq.html#rsasigkey">rsasigkey dumps core</A></LI> | |
343 | <LI><A HREF="faq.html#sig4">!Pluto failure!: ... exited with ... signal | |
344 | 4</A></LI> | |
345 | <LI><A HREF="faq.html#econnrefused">ECONNREFUSED error message</A></LI> | |
346 | <LI><A HREF="faq.html#no_eroute">klips_debug: ... no eroute!</A></LI> | |
347 | <LI><A HREF="faq.html#SAused">... trouble writing to /dev/ipsec ... SA | |
348 | already in use</A></LI> | |
349 | <LI><A HREF="faq.html#ignore">... ignoring ... payload</A></LI> | |
350 | <LI><A HREF="faq.html#unknown_rightcert">unknown parameter name | |
351 | "rightcert"</A></LI> | |
352 | </UL> | |
353 | <LI><A HREF="faq.html#spam">Why don't you restrict the mailing lists to | |
354 | reduce spam?</A></LI> | |
355 | </UL> | |
356 | <B><A HREF="manpages.html#manpages">FreeS/WAN manual pages</A></B> | |
357 | <UL> | |
358 | <LI><A HREF="manpages.html#man.file">Files</A></LI> | |
359 | <LI><A HREF="manpages.html#man.command">Commands</A></LI> | |
360 | <LI><A HREF="manpages.html#man.lib">Library routines</A></LI> | |
361 | </UL> | |
362 | <B><A HREF="firewall.html#firewall">FreeS/WAN and firewalls</A></B> | |
363 | <UL> | |
364 | <LI><A HREF="firewall.html#filters">Filtering rules for IPsec packets</A> | |
365 | </LI> | |
366 | <LI><A HREF="firewall.html#examplefw">Firewall configuration at boot</A></LI> | |
367 | <UL> | |
368 | <LI><A HREF="firewall.html#simple.rules">A simple set of rules</A></LI> | |
369 | <LI><A HREF="firewall.html#complex.rules">Other rules</A></LI> | |
370 | <LI><A HREF="firewall.html#rules.pub">Published rule sets</A></LI> | |
371 | </UL> | |
372 | <LI><A HREF="firewall.html#updown">Calling firewall scripts, named in | |
373 | ipsec.conf(5)</A></LI> | |
374 | <UL> | |
375 | <LI><A HREF="firewall.html#pre_post">Scripts called at IPsec start and | |
376 | stop</A></LI> | |
377 | <LI><A HREF="firewall.html#up_down">Scripts called at connection up and | |
378 | down</A></LI> | |
379 | <LI><A HREF="firewall.html#ipchains.script">Scripts for ipchains or | |
380 | iptables</A></LI> | |
381 | </UL> | |
382 | <LI><A HREF="firewall.html#NAT">A complication: IPsec vs. NAT</A></LI> | |
383 | <UL> | |
384 | <LI><A HREF="firewall.html#nat_ok">NAT on or behind the IPsec gateway | |
385 | works</A></LI> | |
386 | <LI><A HREF="firewall.html#nat_bad">NAT between gateways is problematic</A> | |
387 | </LI> | |
388 | <LI><A HREF="firewall.html#NAT.ref">Other references on NAT and IPsec</A> | |
389 | </LI> | |
390 | </UL> | |
391 | <LI><A HREF="firewall.html#complications">Other complications</A></LI> | |
392 | <UL> | |
393 | <LI><A HREF="firewall.html#through">IPsec through the gateway</A></LI> | |
394 | <LI><A HREF="firewall.html#ipsec_only">Preventing non-IPsec traffic</A></LI> | |
395 | <LI><A HREF="firewall.html#unknowngate">Filtering packets from unknown | |
396 | gateways</A></LI> | |
397 | </UL> | |
398 | <LI><A HREF="firewall.html#otherfilter">Other packet filters</A></LI> | |
399 | <UL> | |
400 | <LI><A HREF="firewall.html#ICMP">ICMP filtering</A></LI> | |
401 | <LI><A HREF="firewall.html#traceroute">UDP packets for traceroute</A></LI> | |
402 | <LI><A HREF="firewall.html#l2tp">UDP for L2TP</A></LI> | |
403 | </UL> | |
404 | <LI><A HREF="firewall.html#packets">How it all works: IPsec packet | |
405 | details</A></LI> | |
406 | <UL> | |
407 | <LI><A HREF="firewall.html#noport">ESP and AH do not have ports</A></LI> | |
408 | <LI><A HREF="firewall.html#header">Header layout</A></LI> | |
409 | <LI><A HREF="firewall.html#dhr">DHR on the updown script</A></LI> | |
410 | </UL> | |
411 | </UL> | |
412 | <B><A HREF="trouble.html#trouble">Linux FreeS/WAN Troubleshooting Guide</A> | |
413 | </B> | |
414 | <UL> | |
415 | <LI><A HREF="trouble.html#overview">Overview</A></LI> | |
416 | <LI><A HREF="trouble.html#install">1. During Install</A></LI> | |
417 | <UL> | |
418 | <LI><A HREF="trouble.html#8_2_1">1.1 RPM install gotchas</A></LI> | |
419 | <LI><A HREF="trouble.html#8_2_2">1.2 Problems installing from source</A></LI> | |
420 | <LI><A HREF="trouble.html#install.check">1.3 Install checks</A></LI> | |
421 | <LI><A HREF="quickstart.html#oe.trouble">1.3 Troubleshooting OE</A></LI> | |
422 | </UL> | |
423 | <LI><A HREF="trouble.html#negotiation">2. During Negotiation</A></LI> | |
424 | <UL> | |
425 | <LI><A HREF="trouble.html#state">2.1 Determine Connection State</A></LI> | |
426 | <LI><A HREF="trouble.html#find.pluto.error">2.2 Finding error text</A></LI> | |
427 | <LI><A HREF="trouble.html#interpret.pluto.error">2.3 Interpreting a | |
428 | Negotiation Error</A></LI> | |
429 | </UL> | |
430 | <LI><A HREF="trouble.html#use">3. Using a Connection</A></LI> | |
431 | <UL> | |
432 | <LI><A HREF="trouble.html#8_4_1">3.1 Orienting yourself</A></LI> | |
433 | <LI><A HREF="trouble.html#8_4_2">3.2 Those pesky configuration errors</A> | |
434 | </LI> | |
435 | <LI><A HREF="trouble.html#route.firewall">3.3 Check Routing and | |
436 | Firewalling</A></LI> | |
437 | <LI><A HREF="trouble.html#sniff">3.4 When in doubt, sniff it out</A></LI> | |
438 | <LI><A HREF="trouble.html#find.use.error">3.5 Check your logs</A></LI> | |
439 | <LI><A HREF="trouble.html#bigpacket">3.6 More testing for the truly | |
440 | thorough</A></LI> | |
441 | </UL> | |
442 | <LI><A HREF="trouble.html#prob.report">4. Problem Reporting</A></LI> | |
443 | <UL> | |
444 | <LI><A HREF="trouble.html#8_5_1">4.1 How to ask for help</A></LI> | |
445 | <LI><A HREF="trouble.html#8_5_2">4.2 Where to ask</A></LI> | |
446 | </UL> | |
447 | <LI><A HREF="trouble.html#notes">5. Additional Notes on Troubleshooting</A> | |
448 | </LI> | |
449 | <UL> | |
450 | <LI><A HREF="trouble.html#system.info">5.1 Information available on your | |
451 | system</A></LI> | |
452 | <LI><A HREF="trouble.html#testgates"> 5.2 Testing between security | |
453 | gateways</A></LI> | |
454 | <LI><A HREF="trouble.html#ifconfig1">5.3 ifconfig reports for KLIPS | |
455 | debugging</A></LI> | |
456 | <LI><A HREF="trouble.html#gdb"> 5.4 Using GDB on Pluto</A></LI> | |
457 | </UL> | |
458 | </UL> | |
459 | <B><A HREF="compat.html#compat">Linux FreeS/WAN Compatibility Guide</A></B> | |
460 | <UL> | |
461 | <LI><A HREF="compat.html#spec">Implemented parts of the IPsec | |
462 | Specification</A></LI> | |
463 | <UL> | |
464 | <LI><A HREF="compat.html#in">In Linux FreeS/WAN</A></LI> | |
465 | <LI><A HREF="compat.html#dropped">Deliberately omitted</A></LI> | |
466 | <LI><A HREF="compat.html#not">Not (yet) in Linux FreeS/WAN</A></LI> | |
467 | </UL> | |
468 | <LI><A HREF="compat.html#pfkey">Our PF-Key implementation</A></LI> | |
469 | <UL> | |
470 | <LI><A HREF="compat.html#pfk.port">PF-Key portability</A></LI> | |
471 | </UL> | |
472 | <LI><A HREF="compat.html#otherk">Kernels other than the latest 2.2.x and | |
473 | 2.4.y</A></LI> | |
474 | <UL> | |
475 | <LI><A HREF="compat.html#kernel.2.0">2.0.x kernels</A></LI> | |
476 | <LI><A HREF="compat.html#kernel.production">2.2 and 2.4 kernels</A></LI> | |
477 | </UL> | |
478 | <LI><A HREF="compat.html#otherdist">Intel Linux distributions other than | |
479 | Redhat</A></LI> | |
480 | <UL> | |
481 | <LI><A HREF="compat.html#rh7">Redhat 7.0</A></LI> | |
482 | <LI><A HREF="compat.html#suse">SuSE Linux</A></LI> | |
483 | <LI><A HREF="compat.html#slack">Slackware</A></LI> | |
484 | <LI><A HREF="compat.html#deb">Debian</A></LI> | |
485 | <LI><A HREF="compat.html#caldera">Caldera</A></LI> | |
486 | </UL> | |
487 | <LI><A HREF="compat.html#CPUs">CPUs other than Intel</A></LI> | |
488 | <UL> | |
489 | <LI><A HREF="compat.html# strongarm">Corel Netwinder (StrongARM CPU)</A></LI> | |
490 | <LI><A HREF="compat.html#yellowdog">Yellow Dog Linux on Power PC</A></LI> | |
491 | <LI><A HREF="compat.html#mklinux">Mklinux</A></LI> | |
492 | <LI><A HREF="compat.html#alpha">Alpha 64-bit processors</A></LI> | |
493 | <LI><A HREF="compat.html#SPARC">Sun SPARC processors</A></LI> | |
494 | <LI><A HREF="compat.html#mips">MIPS processors</A></LI> | |
495 | <LI><A HREF="compat.html#crusoe">Transmeta Crusoe</A></LI> | |
496 | <LI><A HREF="compat.html#coldfire">Motorola Coldfire</A></LI> | |
497 | </UL> | |
498 | <LI><A HREF="compat.html#multiprocessor">Multiprocessor machines</A></LI> | |
499 | <LI><A HREF="compat.html#hardware">Support for crypto hardware</A></LI> | |
500 | <LI><A HREF="compat.html#ipv6">IP version 6 (IPng)</A></LI> | |
501 | <UL> | |
502 | <LI><A HREF="compat.html#v6.back">IPv6 background</A></LI> | |
503 | </UL> | |
504 | </UL> | |
505 | <B><A HREF="interop.html#10">Interoperating with FreeS/WAN</A></B> | |
506 | <UL> | |
507 | <LI><A HREF="interop.html#10_1">Interop at a Glance</A></LI> | |
508 | <UL> | |
509 | <LI><A HREF="interop.html#10_1_1">Key</A></LI> | |
510 | </UL> | |
511 | <LI><A HREF="interop.html#10_2">Basic Interop Rules</A></LI> | |
512 | <LI><A HREF="interop.html#10_3">Longer Stories</A></LI> | |
513 | <UL> | |
514 | <LI><A HREF="interop.html#10_3_1">For More Compatible Implementations</A> | |
515 | </LI> | |
516 | <LI><A HREF="interop.html#10_3_2">For Other Implementations</A></LI> | |
517 | </UL> | |
518 | </UL> | |
519 | <B><A HREF="performance.html#performance">Performance of FreeS/WAN</A></B> | |
520 | <UL> | |
521 | <LI><A HREF="performance.html#pub.bench">Published material</A></LI> | |
522 | <LI><A HREF="performance.html#perf.estimate">Estimating CPU overheads</A> | |
523 | </LI> | |
524 | <UL> | |
525 | <LI><A HREF="performance.html#perf.more">Higher performance alternatives</A> | |
526 | </LI> | |
527 | <LI><A HREF="performance.html#11_2_2">Other considerations</A></LI> | |
528 | </UL> | |
529 | <LI><A HREF="performance.html#biggate">Many tunnels from a single | |
530 | gateway</A></LI> | |
531 | <LI><A HREF="performance.html#low-end">Low-end systems</A></LI> | |
532 | <LI><A HREF="performance.html#klips.bench">Measuring KLIPS</A></LI> | |
533 | <LI><A HREF="performance.html#speed.compress">Speed with compression</A></LI> | |
534 | <LI><A HREF="performance.html#methods">Methods of measuring</A></LI> | |
535 | </UL> | |
536 | <B><A HREF="testing.html#test.freeswan">Testing FreeS/WAN</A></B> | |
537 | <UL> | |
538 | <LI><A HREF="testing.html#test.oe">Testing opportunistic connections</A></LI> | |
539 | <UL> | |
540 | <LI><A HREF="testing.html#12_1_1">Basic OE Test</A></LI> | |
541 | <LI><A HREF="testing.html#12_1_2">OE Gateway Test</A></LI> | |
542 | <LI><A HREF="testing.html#12_1_3">Additional OE tests</A></LI> | |
543 | </UL> | |
544 | <LI><A HREF="testing.html#test.uml">Testing with User Mode Linux</A></LI> | |
545 | <LI><A HREF="testing.html#testnet">Configuration for a testbed network</A> | |
546 | </LI> | |
547 | <UL> | |
548 | <LI><A HREF="testing.html#testbed">Testbed network</A></LI> | |
549 | <LI><A HREF="testing.html#tcpdump.test">Using packet sniffers in testing</A> | |
550 | </LI> | |
551 | </UL> | |
552 | <LI><A HREF="testing.html#verify.crypt">Verifying encryption</A></LI> | |
553 | <LI><A HREF="testing.html#mail.test">Mailing list pointers</A></LI> | |
554 | </UL> | |
555 | <B><A HREF="kernel.html#kernelconfig">Kernel configuration for FreeS/WAN</A> | |
556 | </B> | |
557 | <UL> | |
558 | <LI><A HREF="kernel.html#notall">Not everyone needs to worry about | |
559 | kernel configuration</A></LI> | |
560 | <LI><A HREF="kernel.html#assume">Assumptions and notation</A></LI> | |
561 | <UL> | |
562 | <LI><A HREF="kernel.html#labels">Labels used</A></LI> | |
563 | </UL> | |
564 | <LI><A HREF="kernel.html#kernelopt">Kernel options for FreeS/WAN</A></LI> | |
565 | </UL> | |
566 | <B><A HREF="adv_config.html#adv_config">Other configuration | |
567 | possibilities</A></B> | |
568 | <UL> | |
569 | <LI><A HREF="adv_config.html#thumb">Some rules of thumb about | |
570 | configuration</A></LI> | |
571 | <UL> | |
572 | <LI><A HREF="adv_config.html#cheap.tunnel">Tunnels are cheap</A></LI> | |
573 | <LI><A HREF="adv_config.html#subnet.size">Subnet sizes</A></LI> | |
574 | <LI><A HREF="adv_config.html#example.more">Other network layouts</A></LI> | |
575 | </UL> | |
576 | <LI><A HREF="adv_config.html#choose">Choosing connection types</A></LI> | |
577 | <UL> | |
578 | <LI><A HREF="adv_config.html#man-auto">Manual vs. automatic keying</A></LI> | |
579 | <LI><A HREF="adv_config.html#auto-auth">Authentication methods for | |
580 | auto-keying</A></LI> | |
581 | <LI><A HREF="adv_config.html#adv-pk">Advantages of public key methods</A> | |
582 | </LI> | |
583 | </UL> | |
584 | <LI><A HREF="adv_config.html#prodsecrets">Using shared secrets in | |
585 | production</A></LI> | |
586 | <UL> | |
587 | <LI><A HREF="biblio.html#secrets">Putting secrets in ipsec.secrets(5)</A> | |
588 | </LI> | |
589 | <LI><A HREF="adv_config.html#securing.secrets">File security</A></LI> | |
590 | <LI><A HREF="adv_config.html#notroadshared">Shared secrets for road | |
591 | warriors</A></LI> | |
592 | </UL> | |
593 | <LI><A HREF="adv_config.html#prodman">Using manual keying in production</A> | |
594 | </LI> | |
595 | <UL> | |
596 | <LI><A HREF="adv_config.html#ranbits">Creating keys with ranbits</A></LI> | |
597 | </UL> | |
598 | <LI><A HREF="adv_config.html#boot">Setting up connections at boot time</A> | |
599 | </LI> | |
600 | <LI><A HREF="adv_config.html#multitunnel">Multiple tunnels between the | |
601 | same two gateways</A></LI> | |
602 | <UL> | |
603 | <LI><A HREF="adv_config.html#advroute">One tunnel plus advanced routing</A> | |
604 | </LI> | |
605 | </UL> | |
606 | <LI><A HREF="adv_config.html#opp.gate">An Opportunistic Gateway</A></LI> | |
607 | <UL> | |
608 | <LI><A HREF="adv_config.html#14_7_1">Start from full opportunism</A></LI> | |
609 | <LI><A HREF="adv_config.html#14_7_2">Reverse DNS TXT records for each | |
610 | protected machine</A></LI> | |
611 | <LI><A HREF="adv_config.html#14_7_3">Publish your records</A></LI> | |
612 | <LI><A HREF="adv_config.html#14_7_4">...and test them</A></LI> | |
613 | <LI><A HREF="adv_config.html#14_7_5">No Configuration Needed</A></LI> | |
614 | </UL> | |
615 | <LI><A HREF="adv_config.html#extruded.config">Extruded Subnets</A></LI> | |
616 | <LI><A HREF="adv_config.html#roadvirt">Road Warrior with virtual IP | |
617 | address</A></LI> | |
618 | <LI><A HREF="glossary.html#dynamic">Dynamic Network Interfaces</A></LI> | |
619 | <UL> | |
620 | <LI><A HREF="adv_config.html#basicdyn">Basics</A></LI> | |
621 | <LI><A HREF="adv_config.html#bootdyn">Boot Time</A></LI> | |
622 | <LI><A HREF="adv_config.html#changedyn">Change Time</A></LI> | |
623 | </UL> | |
624 | <LI><A HREF="adv_config.html#unencrypted">Unencrypted tunnels</A></LI> | |
625 | </UL> | |
626 | <B><A HREF="trouble.html#install">Installing FreeS/WAN</A></B> | |
627 | <UL> | |
628 | <LI><A HREF="install.html#15_1">Requirements</A></LI> | |
629 | <LI><A HREF="install.html#15_2">Choose your install method</A></LI> | |
630 | <LI><A HREF="install.html#15_3">FreeS/WAN ships with some Linuxes</A></LI> | |
631 | <UL> | |
632 | <LI><A HREF="install.html#15_3_1">FreeS/WAN may be altered...</A></LI> | |
633 | <LI><A HREF="install.html#15_3_2">You might need to create an | |
634 | authentication keypair</A></LI> | |
635 | <LI><A HREF="install.html#15_3_3">Start and test FreeS/WAN</A></LI> | |
636 | </UL> | |
637 | <LI><A HREF="install.html#15_4">RPM install</A></LI> | |
638 | <UL> | |
639 | <LI><A HREF="install.html#15_4_1">Download RPMs</A></LI> | |
640 | <LI><A HREF="install.html#15_4_2">For freeswan.org RPMs: check | |
641 | signatures</A></LI> | |
642 | <LI><A HREF="install.html#15_4_3">Install the RPMs</A></LI> | |
643 | <LI><A HREF="install.html#15_4_4">Start and Test FreeS/WAN</A></LI> | |
644 | </UL> | |
645 | <LI><A HREF="install.html#15_5">Install from Source</A></LI> | |
646 | <UL> | |
647 | <LI><A HREF="install.html#15_5_1">Decide what functionality you need</A></LI> | |
648 | <LI><A HREF="install.html#15_5_2">Download FreeS/WAN</A></LI> | |
649 | <LI><A HREF="install.html#15_5_3">For freeswan.org source: check its | |
650 | signature</A></LI> | |
651 | <LI><A HREF="install.html#15_5_4">Untar, unzip</A></LI> | |
652 | <LI><A HREF="install.html#15_5_5">Patch if desired</A></LI> | |
653 | <LI><A HREF="install.html#15_5_6">... and Make</A></LI> | |
654 | </UL> | |
655 | <LI><A HREF="install.html#15_6">Start FreeS/WAN and test your install</A> | |
656 | </LI> | |
657 | <LI><A HREF="install.html#15_7">Test your install</A></LI> | |
658 | <LI><A HREF="install.html#15_8">Making FreeS/WAN play well with others</A> | |
659 | </LI> | |
660 | <LI><A HREF="install.html#15_9">Configure for your needs</A></LI> | |
661 | </UL> | |
662 | <B><A HREF="config.html#config">How to configure FreeS/WAN</A></B> | |
663 | <UL> | |
664 | <LI><A HREF="config.html#16_1">Requirements</A></LI> | |
665 | <LI><A HREF="config.html#config.netnet">Net-to-Net connection</A></LI> | |
666 | <UL> | |
667 | <LI><A HREF="config.html#netnet.info.ex">Gather information</A></LI> | |
668 | <LI><A HREF="config.html#16_2_2">Edit /etc/ipsec.conf</A></LI> | |
669 | <LI><A HREF="config.html#16_2_3">Start your connection</A></LI> | |
670 | <LI><A HREF="config.html#16_2_4">Do not MASQ or NAT packets to be | |
671 | tunneled</A></LI> | |
672 | <LI><A HREF="config.html#16_2_5">Test your connection</A></LI> | |
673 | <LI><A HREF="config.html#16_2_6">Finishing touches</A></LI> | |
674 | </UL> | |
675 | <LI><A HREF="config.html#config.rw">Road Warrior Configuration</A></LI> | |
676 | <UL> | |
677 | <LI><A HREF="config.html#rw.info.ex">Gather information</A></LI> | |
678 | <LI><A HREF="config.html#16_3_2">Customize /etc/ipsec.conf</A></LI> | |
679 | <LI><A HREF="config.html#16_3_3">Start your connection</A></LI> | |
680 | <LI><A HREF="config.html#16_3_4">Do not MASQ or NAT packets to be | |
681 | tunneled</A></LI> | |
682 | <LI><A HREF="config.html#16_3_5">Test your connection</A></LI> | |
683 | <LI><A HREF="config.html#16_3_6">Finishing touches</A></LI> | |
684 | <LI><A HREF="config.html#16_3_7">Multiple Road Warriors</A></LI> | |
685 | </UL> | |
686 | <LI><A HREF="config.html#16_4">What next?</A></LI> | |
687 | </UL> | |
688 | <B><A HREF="background.html#background">Linux FreeS/WAN background</A></B> | |
689 | <UL> | |
690 | <LI><A HREF="background.html#dns.background">Some DNS background</A></LI> | |
691 | <UL> | |
692 | <LI><A HREF="background.html#forward.reverse">Forward and reverse maps</A> | |
693 | </LI> | |
694 | <LI><A HREF="background.html#17_1_2">Hierarchy and delegation</A></LI> | |
695 | <LI><A HREF="background.html#17_1_3">Syntax of DNS records</A></LI> | |
696 | <LI><A HREF="background.html#17_1_4">Cacheing, TTL and propagation delay</A> | |
697 | </LI> | |
698 | </UL> | |
699 | <LI><A HREF="background.html#MTU.trouble">Problems with packet | |
700 | fragmentation</A></LI> | |
701 | <LI><A HREF="background.html#nat.background">Network address translation | |
702 | (NAT)</A></LI> | |
703 | <UL> | |
704 | <LI><A HREF="background.html#17_3_1">NAT to non-routable addresses</A></LI> | |
705 | <LI><A HREF="background.html#17_3_2">NAT to routable addresses</A></LI> | |
706 | </UL> | |
707 | </UL> | |
708 | <B><A HREF="user_examples.html#user.examples">FreeS/WAN script examples</A> | |
709 | </B> | |
710 | <UL> | |
711 | <LI><A HREF="user_examples.html#poltorak">Poltorak's Firewall script</A></LI> | |
712 | </UL> | |
713 | <B><A HREF="makecheck.html#makecheck">How to configure to use "make | |
714 | check"</A></B> | |
715 | <UL> | |
716 | <LI><A HREF="makecheck.html#19_1">What is "make check"</A></LI> | |
717 | <LI><A HREF="makecheck.html#19_2">Running "make check"</A></LI> | |
718 | </UL> | |
719 | <B><A HREF="makecheck.html#20">How to write a "make check" test</A></B> | |
720 | <UL> | |
721 | <LI><A HREF="makecheck.html#20_1">Structure of a test</A></LI> | |
722 | <LI><A HREF="makecheck.html#20_2">The TESTLIST</A></LI> | |
723 | <LI><A HREF="makecheck.html#20_3">Test kinds</A></LI> | |
724 | <LI><A HREF="makecheck.html#20_4">Common parameters</A></LI> | |
725 | <LI><A HREF="makecheck.html#20_5">KLIPStest paramaters</A></LI> | |
726 | <LI><A HREF="makecheck.html#20_6">mkinsttest paramaters</A></LI> | |
727 | <LI><A HREF="makecheck.html#20_7">rpm_build_install_test paramaters</A></LI> | |
728 | <LI><A HREF="makecheck.html#20_8">libtest paramaters</A></LI> | |
729 | <LI><A HREF="makecheck.html#20_9">umlplutotest paramaters</A></LI> | |
730 | <LI><A HREF="makecheck.html#20_10">umlXhost parameters</A></LI> | |
731 | <LI><A HREF="makecheck.html#20_11">kernel_patch_test paramaters</A></LI> | |
732 | <LI><A HREF="makecheck.html#20_12">module_compile paramaters</A></LI> | |
733 | </UL> | |
734 | <B><A HREF="makecheck.html#21">Current pitfalls</A></B> | |
735 | <BR> | |
736 | <BR><B><A HREF="umltesting.html#umltesting">User-Mode-Linux Testing | |
737 | guide</A></B> | |
738 | <UL> | |
739 | <LI><A HREF="umltesting.html#22_1">Preliminary Notes on BIND</A></LI> | |
740 | <LI><A HREF="umltesting.html#22_2">Steps to Install UML for FreeS/WAN</A> | |
741 | </LI> | |
742 | </UL> | |
743 | <B><A HREF="umltesting.html#23">Debugging the kernel with GDB</A></B> | |
744 | <UL> | |
745 | <LI><A HREF="umltesting.html#23_1">Other notes about debugging</A></LI> | |
746 | </UL> | |
747 | <B><A HREF="umltesting.html#24">User-Mode-Linux mysteries</A></B> | |
748 | <BR> | |
749 | <BR><B><A HREF="umltesting.html#25">Getting more info from uml_netjig</A> | |
750 | </B> | |
751 | <BR> | |
752 | <BR><B><A HREF="politics.html#politics">History and politics of | |
753 | cryptography</A></B> | |
754 | <UL> | |
755 | <LI><A HREF="politics.html#intro.politics">Introduction</A></LI> | |
756 | <UL> | |
757 | <LI><A HREF="politics.html#26_1_1">History</A></LI> | |
758 | <LI><A HREF="politics.html#intro.poli">Politics</A></LI> | |
759 | <LI><A HREF="politics.html#26_1_3">Links</A></LI> | |
760 | <LI><A HREF="politics.html#26_1_4">Outline of this section</A></LI> | |
761 | </UL> | |
762 | <LI><A HREF="politics.html#leader">From our project leader</A></LI> | |
763 | <UL> | |
764 | <LI><A HREF="politics.html#gilmore">Swan: Securing the Internet against | |
765 | Wiretapping</A></LI> | |
766 | <LI><A HREF="politics.html#policestate">Stopping wholesale monitoring</A> | |
767 | </LI> | |
768 | </UL> | |
769 | <LI><A HREF="politics.html#weak">Government promotion of weak crypto</A></LI> | |
770 | <UL> | |
771 | <LI><A HREF="politics.html#escrow">Escrowed encryption</A></LI> | |
772 | <LI><A HREF="politics.html#shortkeys">Limited key lengths</A></LI> | |
773 | </UL> | |
774 | <LI><A HREF="politics.html#exlaw">Cryptography Export Laws</A></LI> | |
775 | <UL> | |
776 | <LI><A HREF="politics.html#USlaw">US Law</A></LI> | |
777 | <LI><A HREF="politics.html#wrong">What's wrong with restrictions on | |
778 | cryptography</A></LI> | |
779 | <LI><A HREF="politics.html#Wassenaar">The Wassenaar Arrangement</A></LI> | |
780 | <LI><A HREF="politics.html#status">Export status of Linux FreeS/WAN</A></LI> | |
781 | <LI><A HREF="politics.html#help">Help spread IPsec around</A></LI> | |
782 | </UL> | |
783 | <LI><A HREF="politics.html#desnotsecure">DES is Not Secure</A></LI> | |
784 | <UL> | |
785 | <LI><A HREF="politics.html#deshware">Dedicated hardware breaks DES in a | |
786 | few days</A></LI> | |
787 | <LI><A HREF="politics.html#spooks">Spooks may break DES faster yet</A></LI> | |
788 | <LI><A HREF="politics.html#desnet">Networks break DES in a few weeks</A></LI> | |
789 | <LI><A HREF="politics.html#no_des">We disable DES</A></LI> | |
790 | <LI><A HREF="politics.html#40joke">40-bits is laughably weak</A></LI> | |
791 | <LI><A HREF="politics.html#altdes">Triple DES is almost certainly secure</A> | |
792 | </LI> | |
793 | <LI><A HREF="politics.html#aes.ipsec">AES in IPsec</A></LI> | |
794 | </UL> | |
795 | <LI><A HREF="politics.html#press">Press coverage of Linux FreeS/WAN:</A></LI> | |
796 | <UL> | |
797 | <LI><A HREF="politics.html#26_6_1">FreeS/WAN 1.0 press</A></LI> | |
798 | <LI><A HREF="faq.html#release">Press release for version 1.0</A></LI> | |
799 | </UL> | |
800 | </UL> | |
801 | <B><A HREF="ipsec.html#ipsec.detail">The IPsec protocols</A></B> | |
802 | <UL> | |
803 | <LI><A HREF="ipsec.html#27_1">Protocols and phases</A></LI> | |
804 | <LI><A HREF="ipsec.html#others">Applying IPsec</A></LI> | |
805 | <UL> | |
806 | <LI><A HREF="ipsec.html#advantages">Advantages of IPsec</A></LI> | |
807 | <LI><A HREF="ipsec.html#limitations">Limitations of IPsec</A></LI> | |
808 | <LI><A HREF="ipsec.html#uses">IPsec is a general mechanism for securing | |
809 | IP</A></LI> | |
810 | <LI><A HREF="ipsec.html#authonly">Using authentication without | |
811 | encryption</A></LI> | |
812 | <LI><A HREF="ipsec.html#encnoauth">Encryption without authentication is | |
813 | dangerous</A></LI> | |
814 | <LI><A HREF="ipsec.html#multilayer">Multiple layers of IPsec processing | |
815 | are possible</A></LI> | |
816 | <LI><A HREF="ipsec.html#traffic.resist">Resisting traffic analysis</A></LI> | |
817 | </UL> | |
818 | <LI><A HREF="ipsec.html#primitives">Cryptographic components</A></LI> | |
819 | <UL> | |
820 | <LI><A HREF="ipsec.html#block.cipher">Block ciphers</A></LI> | |
821 | <LI><A HREF="ipsec.html#hash.ipsec">Hash functions</A></LI> | |
822 | <LI><A HREF="ipsec.html#DH.keying">Diffie-Hellman key agreement</A></LI> | |
823 | <LI><A HREF="ipsec.html#RSA.auth">RSA authentication</A></LI> | |
824 | </UL> | |
825 | <LI><A HREF="ipsec.html#structure">Structure of IPsec</A></LI> | |
826 | <UL> | |
827 | <LI><A HREF="ipsec.html#IKE.ipsec">IKE (Internet Key Exchange)</A></LI> | |
828 | <LI><A HREF="ipsec.html#services">IPsec Services, AH and ESP</A></LI> | |
829 | <LI><A HREF="ipsec.html#AH.ipsec">The Authentication Header (AH)</A></LI> | |
830 | <LI><A HREF="ipsec.html#ESP.ipsec">Encapsulated Security Payload (ESP)</A> | |
831 | </LI> | |
832 | </UL> | |
833 | <LI><A HREF="ipsec.html#modes">IPsec modes</A></LI> | |
834 | <UL> | |
835 | <LI><A HREF="ipsec.html#tunnel.ipsec">Tunnel mode</A></LI> | |
836 | <LI><A HREF="ipsec.html#transport.ipsec">Transport mode</A></LI> | |
837 | </UL> | |
838 | <LI><A HREF="ipsec.html#parts">FreeS/WAN parts</A></LI> | |
839 | <UL> | |
840 | <LI><A HREF="ipsec.html#KLIPS.ipsec">KLIPS: Kernel IPsec Support</A></LI> | |
841 | <LI><A HREF="ipsec.html#Pluto.ipsec">The Pluto daemon</A></LI> | |
842 | <LI><A HREF="ipsec.html#command">The ipsec(8) command</A></LI> | |
843 | <LI><A HREF="ipsec.html#ipsec.conf">Linux FreeS/WAN configuration file</A> | |
844 | </LI> | |
845 | </UL> | |
846 | <LI><A HREF="ipsec.html#key">Key management</A></LI> | |
847 | <UL> | |
848 | <LI><A HREF="ipsec.html#current">Currently Implemented Methods</A></LI> | |
849 | <LI><A HREF="ipsec.html#notyet">Methods not yet implemented</A></LI> | |
850 | </UL> | |
851 | </UL> | |
852 | <B><A HREF="mail.html#lists">Mailing lists and newsgroups</A></B> | |
853 | <UL> | |
854 | <LI><A HREF="mail.html#list.fs">Mailing lists about FreeS/WAN</A></LI> | |
855 | <UL> | |
856 | <LI><A HREF="mail.html#projlist">The project mailing lists</A></LI> | |
857 | <LI><A HREF="mail.html#archive">Archives of the lists</A></LI> | |
858 | </UL> | |
859 | <LI><A HREF="mail.html#indexes">Indexes of mailing lists</A></LI> | |
860 | <LI><A HREF="mail.html#otherlists">Lists for related software and topics</A> | |
861 | </LI> | |
862 | <UL> | |
863 | <LI><A HREF="mail.html#28_3_1">Products that include FreeS/WAN</A></LI> | |
864 | <LI><A HREF="mail.html#linux.lists">Linux mailing lists</A></LI> | |
865 | <LI><A HREF="mail.html#ietf">Lists for IETF working groups</A></LI> | |
866 | <LI><A HREF="mail.html#other">Other mailing lists</A></LI> | |
867 | </UL> | |
868 | <LI><A HREF="mail.html#newsgroups">Usenet newsgroups</A></LI> | |
869 | </UL> | |
870 | <B><A HREF="web.html#weblink">Web links</A></B> | |
871 | <UL> | |
872 | <LI><A HREF="web.html#freeswan">The Linux FreeS/WAN Project</A></LI> | |
873 | <UL> | |
874 | <LI><A HREF="web.html#patch">Add-ons and patches for FreeS/WAN</A></LI> | |
875 | <LI><A HREF="web.html#dist">Distributions including FreeS/WAN</A></LI> | |
876 | <LI><A HREF="web.html#used">Things FreeS/WAN uses or could use</A></LI> | |
877 | <LI><A HREF="web.html#alternatives">Other approaches to VPNs for Linux</A> | |
878 | </LI> | |
879 | </UL> | |
880 | <LI><A HREF="web.html#ipsec.link">The IPsec Protocols</A></LI> | |
881 | <UL> | |
882 | <LI><A HREF="web.html#general">General IPsec or VPN information</A></LI> | |
883 | <LI><A HREF="trouble.html#overview">IPsec overview documents or slide | |
884 | sets</A></LI> | |
885 | <LI><A HREF="web.html#otherlang">IPsec information in languages other | |
886 | than English</A></LI> | |
887 | <LI><A HREF="web.html#RFCs1">RFCs and other reference documents</A></LI> | |
888 | <LI><A HREF="web.html#analysis">Analysis and critiques of IPsec | |
889 | protocols</A></LI> | |
890 | <LI><A HREF="web.html#IP.background">Background information on IP</A></LI> | |
891 | </UL> | |
892 | <LI><A HREF="web.html#implement">IPsec Implementations</A></LI> | |
893 | <UL> | |
894 | <LI><A HREF="web.html#linuxprod">Linux products</A></LI> | |
895 | <LI><A HREF="web.html#router">IPsec in router products</A></LI> | |
896 | <LI><A HREF="web.html#fw.web">IPsec in firewall products</A></LI> | |
897 | <LI><A HREF="web.html#ipsecos">Operating systems with IPsec support</A></LI> | |
898 | <LI><A HREF="web.html#29_3_5">IPsec on network cards</A></LI> | |
899 | <LI><A HREF="web.html#opensource">Open source IPsec implementations</A></LI> | |
900 | <LI><A HREF="web.html#interop.web">Interoperability</A></LI> | |
901 | </UL> | |
902 | <LI><A HREF="web.html#linux.link">Linux links</A></LI> | |
903 | <UL> | |
904 | <LI><A HREF="web.html#linux.basic">Basic and tutorial Linux information</A> | |
905 | </LI> | |
906 | <LI><A HREF="web.html#general">General Linux sites</A></LI> | |
907 | <LI><A HREF="web.html#docs.ldp">Documentation</A></LI> | |
908 | <LI><A HREF="web.html#advroute.web">Advanced routing</A></LI> | |
909 | <LI><A HREF="web.html#linsec">Security for Linux</A></LI> | |
910 | <LI><A HREF="web.html#firewall.linux">Linux firewalls</A></LI> | |
911 | <LI><A HREF="web.html#linux.misc">Miscellaneous Linux information</A></LI> | |
912 | </UL> | |
913 | <LI><A HREF="web.html#crypto.link">Crypto and security links</A></LI> | |
914 | <UL> | |
915 | <LI><A HREF="web.html#security">Crypto and security resources</A></LI> | |
916 | <LI><A HREF="web.html#policy">Cryptography law and policy</A></LI> | |
917 | <LI><A HREF="web.html#crypto.tech">Cryptography technical information</A> | |
918 | </LI> | |
919 | <LI><A HREF="web.html#compsec">Computer and network security</A></LI> | |
920 | <LI><A HREF="web.html#people">Links to home pages</A></LI> | |
921 | </UL> | |
922 | </UL> | |
923 | <B><A HREF="glossary.html#ourgloss">Glossary for the Linux FreeS/WAN | |
924 | project</A></B> | |
925 | <UL> | |
926 | <LI><A HREF="glossary.html#jump">Jump to a letter in the glossary</A></LI> | |
927 | <LI><A HREF="glossary.html#gloss">Other glossaries</A></LI> | |
928 | <LI><A HREF="glossary.html#definitions">Definitions</A></LI> | |
929 | </UL> | |
930 | <B><A HREF="biblio.html#biblio">Bibliography for the Linux FreeS/WAN | |
931 | project</A></B> | |
932 | <BR> | |
933 | <BR><B><A HREF="rfc.html#RFC">IPsec RFCs and related documents</A></B> | |
934 | <UL> | |
935 | <LI><A HREF="rfc.html#RFCfile">The RFCs.tar.gz Distribution File</A></LI> | |
936 | <LI><A HREF="rfc.html#sources">Other sources for RFCs & Internet drafts</A> | |
937 | </LI> | |
938 | <UL> | |
939 | <LI><A HREF="rfc.html#RFCdown">RFCs</A></LI> | |
940 | <LI><A HREF="rfc.html#drafts">Internet Drafts</A></LI> | |
941 | <LI><A HREF="rfc.html#FIPS1">FIPS standards</A></LI> | |
942 | </UL> | |
943 | <LI><A HREF="rfc.html#RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></LI> | |
944 | <UL> | |
945 | <LI><A HREF="rfc.html#rfc.ov">Overview RFCs</A></LI> | |
946 | <LI><A HREF="rfc.html#basic.prot">Basic protocols</A></LI> | |
947 | <LI><A HREF="rfc.html#key.ike">Key management</A></LI> | |
948 | <LI><A HREF="rfc.html#rfc.detail">Details of various things used</A></LI> | |
949 | <LI><A HREF="rfc.html#rfc.ref">Older RFCs which may be referenced</A></LI> | |
950 | <LI><A HREF="rfc.html#rfc.dns">RFCs for secure DNS service, which IPsec | |
951 | may use</A></LI> | |
952 | <LI><A HREF="rfc.html#rfc.exp">RFCs labelled "experimental"</A></LI> | |
953 | <LI><A HREF="rfc.html#rfc.rel">Related RFCs</A></LI> | |
954 | </UL> | |
955 | </UL> | |
956 | <B><A HREF="roadmap.html#roadmap">Distribution Roadmap: What's Where in | |
957 | Linux FreeS/WAN</A></B> | |
958 | <UL> | |
959 | <LI><A HREF="roadmap.html#top">Top directory</A></LI> | |
960 | <LI><A HREF="roadmap.html#doc">Documentation</A></LI> | |
961 | <LI><A HREF="roadmap.html#klips.roadmap">KLIPS: kernel IP security</A></LI> | |
962 | <LI><A HREF="roadmap.html#pluto.roadmap">Pluto key and connection | |
963 | management daemon</A></LI> | |
964 | <LI><A HREF="roadmap.html#utils">Utils</A></LI> | |
965 | <LI><A HREF="roadmap.html#lib">Libraries</A></LI> | |
966 | <UL> | |
967 | <LI><A HREF="roadmap.html#fswanlib">FreeS/WAN Library</A></LI> | |
968 | <LI><A HREF="roadmap.html#otherlib">Imported Libraries</A></LI> | |
969 | </UL> | |
970 | </UL> | |
971 | <B><A HREF="umltesting.html#umltesting">User-Mode-Linux Testing guide</A> | |
972 | </B> | |
973 | <UL> | |
974 | <LI><A HREF="umltesting.html#34_1">Preliminary Notes on BIND</A></LI> | |
975 | <LI><A HREF="umltesting.html#34_2">Steps to Install UML for FreeS/WAN</A> | |
976 | </LI> | |
977 | </UL> | |
978 | <B><A HREF="umltesting.html#35">Debugging the kernel with GDB</A></B> | |
979 | <UL> | |
980 | <LI><A HREF="umltesting.html#35_1">Other notes about debugging</A></LI> | |
981 | </UL> | |
982 | <B><A HREF="umltesting.html#36">User-Mode-Linux mysteries</A></B> | |
983 | <BR> | |
984 | <BR><B><A HREF="umltesting.html#37">Getting more info from uml_netjig</A> | |
985 | </B> | |
986 | <BR> | |
987 | <BR><B><A HREF="makecheck.html#makecheck">How to configure to use "make | |
988 | check"</A></B> | |
989 | <UL> | |
990 | <LI><A HREF="makecheck.html#38_1">What is "make check"</A></LI> | |
991 | <LI><A HREF="makecheck.html#38_2">Running "make check"</A></LI> | |
992 | </UL> | |
993 | <B><A HREF="makecheck.html#39">How to write a "make check" test</A></B> | |
994 | <UL> | |
995 | <LI><A HREF="makecheck.html#39_1">Structure of a test</A></LI> | |
996 | <LI><A HREF="makecheck.html#39_2">The TESTLIST</A></LI> | |
997 | <LI><A HREF="makecheck.html#39_3">Test kinds</A></LI> | |
998 | <LI><A HREF="makecheck.html#39_4">Common parameters</A></LI> | |
999 | <LI><A HREF="makecheck.html#39_5">KLIPStest paramaters</A></LI> | |
1000 | <LI><A HREF="makecheck.html#39_6">mkinsttest paramaters</A></LI> | |
1001 | <LI><A HREF="makecheck.html#39_7">rpm_build_install_test paramaters</A></LI> | |
1002 | <LI><A HREF="makecheck.html#39_8">libtest paramaters</A></LI> | |
1003 | <LI><A HREF="makecheck.html#39_9">umlplutotest paramaters</A></LI> | |
1004 | <LI><A HREF="makecheck.html#39_10">umlXhost parameters</A></LI> | |
1005 | <LI><A HREF="makecheck.html#39_11">kernel_patch_test paramaters</A></LI> | |
1006 | <LI><A HREF="makecheck.html#39_12">module_compile paramaters</A></LI> | |
1007 | </UL> | |
1008 | <B><A HREF="makecheck.html#40">Current pitfalls</A></B> | |
1009 | <BR> | |
1010 | <BR><B><A HREF="nightly.html#nightly">Nightly regression testing</A></B> | |
1011 | <BR> | |
1012 | <BR><B><A HREF="nightly.html#nightlyhowto">How to setup the nightly | |
1013 | build</A></B> | |
1014 | <UL> | |
1015 | <LI><A HREF="nightly.html#42_1"> Files you need to know about</A></LI> | |
1016 | <LI><A HREF="nightly.html#42_2">Configuring freeswan-regress-env.sh</A></LI> | |
1017 | </UL> | |
1018 | </BODY> | |
1019 | </HTML> |