[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: tell me something about the frees/wan

To: "'ouyangyi'" <njouyang@263.net>
Subject: RE: tell me something about the frees/wan
From: Jean Triquet <Jean.Triquet@PWGSC.GC.CA>
Date: Tue, 21 Dec 1999 23:07:02 -0500
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Sender: owner-ipsec@lists.tislabs.com

The best way to get answers on freeS/WAN architecture would be to ask the
developers through freeS/WAN's own mail list at

linux-ipsec@clinet.fi.

I'm not one of the developer so, here are some TENTATIVE answers.

>>...the implementation of IPSEC
should offer protection against replays and limited traffic flow
confidentiality.I want to know how does FREES/WAN implement them...<<

Replay protection is there but I don't know the implementation
details...yet...

Limited traffic flow confidentiality is done through tunneling, for the
final source and destination addresses. In regards of the amount of traffic
exchanged, I don't know if packets padding is implemented. 

>>...where is the FREES/WAN's SPD.<<

The Security Policy Database is in a file called ipsec.conf. All the
policies are listed in there.

>> How does FREES/WAN define SA? <<

If you mean "How does freeS/WAN creates an SA", then it uses the IKE
protocol specifications (through a daemon called Pluto) to perform the
negotiations and key management. The key management actually supports 
-manually keyed (keys exchanged manually through email or whatever)
-automatically keyed through shared secrets or RSA signatures for
authentication

>>...where does the FREES/WAN implement?<<

freeS/WAN would fit the profile of a Bump-in-the-stack implementation. It
adds virtual network interface(s) to the system. Seen through the eyes of
ifconfig...

more info where you probably got the software at www.freeswan.org

Regards,

Jean Triquet

-----Original Message-----
From: ouyangyi [mailto:njouyang@263.net]
Sent: December 21, 1999 8:58 PM
To: Jean Triquet
Cc: ipsec@lists.tislabs.com
Subject: Re: tell me something about the frees/wan

I have seen the RFC2401.It mentions that the implementation of IPSEC
should offer protection against replays and limited traffic flow
confidentiality.I want to know how does FREES/WAN implement them and
where is the FREES/WAN's SPD.How does FREES/WAN define SA?
The last question is where does the FREES/WAN implement?(I mean that
whether it use a. Integration of IPsec into the native IP implementation
or b. "Bump-in-the-stack" (BITS) implementations.)
Jean Triquet wrote:

> It supports both.
>
> -----Original Message-----
> From: ouyangyi [mailto:njouyang@263.net]
> Sent: December 20, 1999 9:43 PM
> To: ipsec@lists.tislabs.com
> Subject: tell me something about the frees/wan
>
>  I have got the frees/wan software,but I don't know whether the
> frees/wan supprot the host-to-host or host-to-security gateway,please
> tell me .Thank you.

Prev by Date: Re: MM with signatures and dynamic IP addresses?
Next by Date: RE: signture mode and non-repudiation
Prev by thread: Re: tell me something about the frees/wan
Next by thread: RE: Latest ipsec-pki-req-04.txt
Index(es):
- Main
- Thread