Differences

This shows you the differences between two versions of the page.

--- docs:ipsec [2013/09/27 13:58] – created root
+++ docs:ipsec [2013/09/27 20:58] (current) – root
@@ Line 1: / Line 1: @@
-====== Some useful informations about IPSec ======
+====== IPSec cheat sheet ======
-[[docs:ipsec:modes|IPSec Exchange modes]]
+IPSec is partly tricky, but worse than that, existing documentation is __very__ messy.
-[[docs:ipsec:policy|IPSec policy]]
+  * [[docs:ipsec:modes|IPSec Exchange modes]]
+  * [[docs:ipsec:policy|IPSec policy]]
+  * [[docs:ipsec:racoon_psk|Racoon setup with PSKs]]
+  * [[docs:ipsec:racoon_x509|Racoon setup with X.509 Certificates]]
+  * [[docs:ipsec:racoon_roadwarrior|Racoon setup for roadwarriors]]
+==== How IPSec works with KAME tools ====
+<code>	 setkey                racoon  <-------(IKE)-------> somebody
+	   |                    ^  |      (5)
+	   |                    |  |(6)
+	   |(1)           +-----+  +---+
+	   |           (4)|            |
+	   v              |            v
+	+-----+  (2)      |    (3)  +-----+
+	| SPD |<----- kernel ------>| SAD |
+	+-----+         |           +-----+
+                        |(7)
+                        v
+</code>
+==== (Very) Basic concepts ====
+This sums up some of the technical details about IPSec. Starters should read a more detailed documentation.
+=== Protocols ===
+^ Protocol ^ # ^ Common name ^ Utility ^
+| AH  | IP Type 51 | Authentication header | Integrity |
+| ESP | IP Type 50 | Encapsulated Security Payload | Integrity & Confidentiality |
+| IKE | UDP port 500 | Internet Key Exchange | SA setup, key exchange |
+| NAT-T | UDP port 4500 | NAT Traversal IPSec | Endpoint communication behind NATs |
+=== IPSec modes ===
+^ Mode ^ Wrapping scope ^ Intended usage ^ Overhead ^
+| Transport | IP packet payload | Peer to peer integrity/encryption enforcement | AH/ESP size |
+| Tunnel | Whole IP packet | VPN | AH/ESP + IP/Stage 2 header |
+=== Glossary ===
+| PSK | Preshared Keys |
+| SA  | Security Association |
+| SAD | Security Association Database |
+| SP  | Security Policy      |
+| SPD | Security Policy Database |
+==== Linux Kernel modules ====
+<code>aes_generic
+esp4
+esp6
+sha1_generic
+sha256_generic
+xfrm4_mode_transport
+xfrm6_mode_transport
+xfrm_user</code>