Differences

This shows you the differences between two versions of the page.

--- docs:ipsec [2013/09/27 14:12] – root
+++ docs:ipsec [2013/09/27 20:58] (current) – root
@@ Line 1: / Line 1: @@
-====== Useful docs : IPSec ======
+====== IPSec cheat sheet ======
-IPSec is tricky, but worse than that, existing documentation is very messy.
+IPSec is partly tricky, but worse than that, existing documentation is __very__ messy.
   * [[docs:ipsec:modes|IPSec Exchange modes]]
   * [[docs:ipsec:policy|IPSec policy]]
+  * [[docs:ipsec:racoon_psk|Racoon setup with PSKs]]
+  * [[docs:ipsec:racoon_x509|Racoon setup with X.509 Certificates]]
+  * [[docs:ipsec:racoon_roadwarrior|Racoon setup for roadwarriors]]
 ==== How IPSec works with KAME tools ====
@@ Line 27: / Line 30: @@
 === Protocols ===
-^ Protocol ^ IP Type # ^ Common name ^ Utility ^
+^ Protocol ^ # ^ Common name ^ Utility ^
-| AH  | 51 | Authentication header | Integrity |
+| AH  | IP Type 51 | Authentication header | Integrity |
-| ESP | 50 | Encapsulated Security Payload | Integrity & Confidentiality |
+| ESP | IP Type 50 | Encapsulated Security Payload | Integrity & Confidentiality |
+| IKE | UDP port 500 | Internet Key Exchange | SA setup, key exchange |
+| NAT-T | UDP port 4500 | NAT Traversal IPSec | Endpoint communication behind NATs |
 === IPSec modes ===
+^ Mode ^ Wrapping scope ^ Intended usage ^ Overhead ^
+| Transport | IP packet payload | Peer to peer integrity/encryption enforcement | AH/ESP size |
+| Tunnel | Whole IP packet | VPN | AH/ESP + IP/Stage 2 header |
+=== Glossary ===
+| PSK | Preshared Keys |
+| SA  | Security Association |
+| SAD | Security Association Database |
+| SP  | Security Policy      |
+| SPD | Security Policy Database |
+==== Linux Kernel modules ====
+<code>aes_generic
+esp4
+esp6
+sha1_generic
+sha256_generic
+xfrm4_mode_transport
+xfrm6_mode_transport
+xfrm_user</code>