[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: tell me something about the frees/wan
The best way to get answers on freeS/WAN architecture would be to ask the
developers through freeS/WAN's own mail list at
linux-ipsec@clinet.fi.
I'm not one of the developer so, here are some TENTATIVE answers.
>>...the implementation of IPSEC
should offer protection against replays and limited traffic flow
confidentiality.I want to know how does FREES/WAN implement them...<<
Replay protection is there but I don't know the implementation
details...yet...
Limited traffic flow confidentiality is done through tunneling, for the
final source and destination addresses. In regards of the amount of traffic
exchanged, I don't know if packets padding is implemented.
>>...where is the FREES/WAN's SPD.<<
The Security Policy Database is in a file called ipsec.conf. All the
policies are listed in there.
>> How does FREES/WAN define SA? <<
If you mean "How does freeS/WAN creates an SA", then it uses the IKE
protocol specifications (through a daemon called Pluto) to perform the
negotiations and key management. The key management actually supports
-manually keyed (keys exchanged manually through email or whatever)
-automatically keyed through shared secrets or RSA signatures for
authentication
>>...where does the FREES/WAN implement?<<
freeS/WAN would fit the profile of a Bump-in-the-stack implementation. It
adds virtual network interface(s) to the system. Seen through the eyes of
ifconfig...
more info where you probably got the software at www.freeswan.org
Regards,
Jean Triquet
-----Original Message-----
From: ouyangyi [mailto:njouyang@263.net]
Sent: December 21, 1999 8:58 PM
To: Jean Triquet
Cc: ipsec@lists.tislabs.com
Subject: Re: tell me something about the frees/wan
I have seen the RFC2401.It mentions that the implementation of IPSEC
should offer protection against replays and limited traffic flow
confidentiality.I want to know how does FREES/WAN implement them and
where is the FREES/WAN's SPD.How does FREES/WAN define SA?
The last question is where does the FREES/WAN implement?(I mean that
whether it use a. Integration of IPsec into the native IP implementation
or b. "Bump-in-the-stack" (BITS) implementations.)
Jean Triquet wrote:
> It supports both.
>
> -----Original Message-----
> From: ouyangyi [mailto:njouyang@263.net]
> Sent: December 20, 1999 9:43 PM
> To: ipsec@lists.tislabs.com
> Subject: tell me something about the frees/wan
>
> I have got the frees/wan software,but I don't know whether the
> frees/wan supprot the host-to-host or host-to-security gateway,please
> tell me .Thank you.