1 <!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
4 <TITLE>Introduction to FreeS/WAN
</TITLE>
5 <META HTTP-EQUIV=
"Content-Type" CONTENT=
"text/html; CHARSET=iso-8859-1">
6 <STYLE TYPE=
"text/css"><!--
7 BODY { font-family: serif }
8 H1 { font-family: sans-serif }
9 H2 { font-family: sans-serif }
10 H3 { font-family: sans-serif }
11 H4 { font-family: sans-serif }
12 H5 { font-family: sans-serif }
13 H6 { font-family: sans-serif }
14 SUB { font-size: smaller }
15 SUP { font-size: smaller }
16 PRE { font-family: monospace }
20 <A HREF=
"toc.html">Contents
</A>
21 <A HREF=
"rfc.html">Previous
</A>
22 <A HREF=
"umltesting.html">Next
</A>
24 <H1><A name=
"roadmap">Distribution Roadmap: What's Where in Linux
26 <P> This file is a guide to the locations of files within the FreeS/WAN
27 distribution. Everything described here should be on your system once
28 you download, gunzip, and untar the distribution.
</P>
29 <P>This distribution contains two major subsystems
</P>
31 <DT><A href=
"#klips.roadmap">KLIPS
</A></DT>
32 <DD>the kernel code
</DD>
33 <DT><A href=
"#pluto.roadmap">Pluto
</A></DT>
34 <DD>the user-level key-management daemon
</DD>
36 <P>plus assorted odds and ends.
</P>
37 <H2><A name=
"top">Top directory
</A></H2>
38 <P>The top directory has essential information in text files:
</P>
41 <DD>introduction to the software
</DD>
43 <DD>short experts-only installation procedures. More detalied procedures
44 are in
<A href=
"install.html"> installation
</A> and
<A href=
"config.html">
45 configuration
</A> HTML documents.
</DD>
47 <DD>major known bugs in the current release.
</DD>
49 <DD>changes from previous releases
</DD>
51 <DD>acknowledgement of contributors
</DD>
53 <DD>licensing and distribution information
</DD>
55 <H2><A name=
"doc">Documentation
</A></H2>
56 <P> The doc directory contains the bulk of the documentation, most of it
57 in HTML format. See the
<A href=
"index.html"> index file
</A> for
59 <H2><A name=
"klips.roadmap">KLIPS: kernel IP security
</A></H2>
60 <P><A href=
"glossary.html#KLIPS"> KLIPS
</A> is
<STRONG> K
</STRONG>erne
<STRONG>
61 L
</STRONG><STRONG> IP
</STRONG><STRONG> S
</STRONG>ecurity. It lives in
62 the klips directory, of course.
</P>
65 <DD>documentation
</DD>
66 <DT>klips/patches
</DT>
67 <DD>patches for existing kernel files
</DD>
71 <DD>low-level user utilities
</DD>
72 <DT>klips/net/ipsec
</DT>
73 <DD>actual klips kernel files
</DD>
75 <DD>symbolic link to klips/net/ipsec
76 <P>The
"make insert
" step of installation installs the patches and makes
77 a symbolic link from the kernel tree to klips/net/ipsec. The odd name
78 of klips/net/ipsec is dictated by some annoying limitations of the
79 scripts which build the Linux kernel. The symbolic-link business is a
80 bit messy, but all the alternatives are worse.
</P>
88 <DD>manipulate IPsec extended routing tables
</DD>
90 <DD>set Klips (kernel IPsec support) debug features and level
</DD>
92 <DD>manage IPsec Security Associations
</DD>
94 <DD>group/ungroup IPsec Security Associations
</DD>
96 <DD>associate IPsec virtual interface with real interface
</DD>
98 <P>These are all normally invoked by ipsec(
8) with commands such as
</P>
99 <PRE> ipsec tncfg
<VAR>arguments
</VAR></PRE>
100 There are section
8 man pages for all of these; the names have
"ipsec_
"
101 as a prefix, so your man command should be something like:
102 <PRE> man
8 ipsec_tncfg
</PRE>
105 <H2><A name=
"pluto.roadmap">Pluto key and connection management daemon
</A>
107 <P><A href=
"glossary.html#Pluto"> Pluto
</A> is our key management and
108 negotiation daemon. It lives in the pluto directory, along with its
109 low-level user utility, whack.
</P>
110 <P> There are no subdirectories. Documentation is a man page,
<A href=
"manpage.d/ipsec_pluto.8.html">
111 pluto
.8</A>. This covers whack as well.
</P>
112 <H2><A name=
"utils">Utils
</A></H2>
113 <P> The utils directory contains a growing collection of higher-level
114 user utilities, the commands that administer and control the software.
115 Most of the things that you will actually have to run yourself are in
119 <DD>invoke IPsec utilities
120 <P>ipsec(
8) is normally the only program installed in a standard
121 directory, /usr/local/sbin. It is used to invoke the others, both those
122 listed below and the ones in klips/utils mentioned above.
</P>
126 <DD>control automatically-keyed IPsec connections
</DD>
128 <DD>take manually-keyed IPsec connections up and down
</DD>
130 <DD>generate copious debugging output
</DD>
132 <DD>generate moderate amounts of debugging output
</DD>
134 <P> There are
.8 manual pages for these. look is covered in barf
.8. The
135 man pages have an
"ipsec_
" prefix so your man command should be
140 <P> Examples are in various files with names utils/*.eg
</P>
141 <H2><A name=
"lib">Libraries
</A></H2>
142 <H3><A name=
"fswanlib">FreeS/WAN Library
</A></H3>
143 <P> The lib directory is the FreeS/WAN library, also steadily growing,
144 used by both user-level and kernel code.
145 <BR /> It includes section
3<A href=
"manpages.html"> man pages
</A> for
146 the library routines.
</P>
147 <H3><A name=
"otherlib">Imported Libraries
</A></H3>
149 The libdes library, originally from SSLeay, is used by both Klips and
150 Pluto for
<A href=
"glossary.html#3DES"> Triple DES
</A> encryption.
151 Single DES is not used because
<A href=
"politics.html#desnotsecure"> it
153 <P> Note that this library has its own license, different from the
<A href=
"glossary.html#GPL">
154 GPL
</A> used for other code in FreeS/WAN.
</P>
155 <P> The library includes its own documentation.
</P>
157 The GMP (GNU multi-precision) library is used for multi-precision
158 arithmetic in Pluto's key-exchange code and public key code.
159 <P> Older versions (up to
1.7) of FreeS/WAN included a copy of this
160 library in the FreeS/WAN distribution.
</P>
161 <P> Since
1.8, we have begun to rely on the system copy of GMP.
</P>
163 <A HREF=
"toc.html">Contents
</A>
164 <A HREF=
"rfc.html">Previous
</A>
165 <A HREF=
"umltesting.html">Next
</A>