Securing-Optimizing-RH-Linux-1_2_295
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
295
Linux FreeS/WAN VPN
Overview
Protection of client-to-server with SSL solutions is an excellent choice but sometime for enterprise
environments establishing secure communication channels, assuring full privacy, authenticity and
data integrity in between two firewalls over the Internet are vital. For this, IPSEC has been
created.
IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication
and encryption services. Authentication ensures that packets are from the right sender and have
not been altered in transit. Encryption prevents unauthorized reading of packet contents. IPSEC
can protect any protocol running above IP and any medium used below IP. IPSEC can also
provide some security services "in the background", with no visible impact on users. More to the
point, it can protect a mixture of protocols running over a complex combination of media (i.e.
IMAP/POP etc.) without having to change them in any ways, since the encryption occurs at the IP
level.
IPSEC services allow you to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the
gateway at the other end. The result is Virtual Private Network or VPN. This is a network, which is
effectively private even though it includes machines at several different sites connected by the
insecure Internet.
These installation instructions assume
Commands are Unix-compatible.
The source path is /usr/src
Installations were tested on RedHat Linux 6.1.
All steps in the installation will happen in super-user account root.
Kernel version number is 2.2.14