IPsec-Tools

PatMat Property Solutions
 
SourceForge.net Logo

IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. It supports NetBSD and FreeBSD as well.

Contents:

libipsec
Library with PF_KEY implementation.
setkey
Tool to manipulate and dump the kernel Security Policy Database (SPD) and Security Association Database (SAD).
racoon
Internet Key Exchange (IKE) daemon for automatically keying IPsec connections.
racoonctl
A shell-based control tool for racoon

News:

2011-03-18
IPsec-tools 0.8.0 released, with many new features and bug fixes. Download from Sourceforge, or from the misc/ipsec-tools/0.8 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2009-04-22
IPsec-tools 0.7.2 released, with security and bug fixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2008-11-17
IPsec-tools wiki announced: https://trac.ipsec-tools.net/ replaces SourceForge.net issue management.
2008-06-24
IPsec-tools 0.7.1 released, with bugfixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2007-08-29
IPsec-tools 0.7 released, with many new features and bugfixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2006-09-15
IPsec-tools CVS has migrated away from Sourceforge. Newer code can be checked out like this: cvs -danoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools

Useful links:

IPsec-Tools Wiki...
... for issue tracking and latest information.
IPsec-Tools Project Page...
... hosted on SourceForge.net
Browse the mailing list archive...
Or subscribe and send us your comments, report problems, etc.
Security bugreports...
... should go to ipsec-tools-core@lists.sourceforge.net
This is a private list - you may post here but only the development team members can read it. It is safe to post security related bugreports here.
Download...
... the latest sources.
Linux advanced routing and traffic control
and especially its chapter IPsec HOWTO for Linux-2.6.
NetBSD's IPSec How-to and Remote user access VPN how-to
Contains a lot of useful information on racoon configuration on NetBSD. Most of it apply to other systems.
Checklist...
... when things don't want to work.

Credits:

The KAME project
For the original implementation done for BSD systems.
Derek Atkins
Ported the package to Linux 2.6 IPsec stack.
Michal Ludvig
Wrote support for NAT-T and PlainRSA, rewrote autoconf & friends buildsystem, packaging and release maintainer.
Emmanuel Dreyfus
NetBSD guy, wrote Hybrid-AUTH and fragmentation support.
Yvan Vanhullebus
NETASQ and FreeBSD guy, wrote Dead-Peer-Detection support, and various other things....
Matthew Grooms
Shrew Soft Inc guy, Various modecfg improvements, xauth ldap & group validation support, sainfo section cleanup and bug fixes ....
Timo Teräs
OpenNHRP guy, made ipsec-tools usable for Dynamic Multipoint VPN. Code performance improvements and many bug fixes.
Fred Senault
Various bugfixes.
Aidas Kasparas
Various bugfixes.
Bill Nottingham, Brian Buesker, Christophe Saout,
Kimmo Koivisto, Ralf Spenneberg, and many unsung heroes
Bugreports, bugfixes, documentation, testing, etc. Thanks a lot!