IPsec Tools Homepage

IPsec-Tools

IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. It supports NetBSD and FreeBSD as well.

Contents:

libipsec

Library with PF_KEY implementation.

setkey

Tool to manipulate and dump the kernel Security Policy Database (SPD) and Security Association Database (SAD).

racoon

Internet Key Exchange (IKE) daemon for automatically keying IPsec connections.

racoonctl

A shell-based control tool for racoon

News:

2011-03-18: IPsec-tools 0.8.0 released, with many new features and bug fixes. Download from Sourceforge, or from the misc/ipsec-tools/0.8 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2009-04-22: IPsec-tools 0.7.2 released, with security and bug fixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2008-11-17: IPsec-tools wiki announced: https://trac.ipsec-tools.net/ replaces SourceForge.net issue management.
2008-06-24: IPsec-tools 0.7.1 released, with bugfixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2007-08-29: IPsec-tools 0.7 released, with many new features and bugfixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
2006-09-15: IPsec-tools CVS has migrated away from Sourceforge. Newer code can be checked out like this: cvs -danoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools

Useful links:

IPsec-Tools Wiki...

... for issue tracking and latest information.

IPsec-Tools Project Page...

... hosted on SourceForge.net

Browse the mailing list archive...

Or subscribe and send us your comments, report problems, etc.

Security bugreports...

... should go to ipsec-tools-core@lists.sourceforge.net
This is a private list - you may post here but only the development team members can read it. It is safe to post security related bugreports here.

Download...

... the latest sources.

Linux advanced routing and traffic control

and especially its chapter IPsec HOWTO for Linux-2.6.

NetBSD's IPSec How-to and Remote user access VPN how-to

Contains a lot of useful information on racoon configuration on NetBSD. Most of it apply to other systems.

Checklist...

... when things don't want to work.

Credits:

The KAME project

For the original implementation done for BSD systems.

Derek Atkins

Ported the package to Linux 2.6 IPsec stack.

Michal Ludvig

Wrote support for NAT-T and PlainRSA, rewrote autoconf & friends buildsystem, packaging and release maintainer.

Emmanuel Dreyfus

NetBSD guy, wrote Hybrid-AUTH and fragmentation support.

Yvan Vanhullebus

NETASQ and FreeBSD guy, wrote Dead-Peer-Detection support, and various other things....

Matthew Grooms

Shrew Soft Inc guy, Various modecfg improvements, xauth ldap & group validation support, sainfo section cleanup and bug fixes ....

Timo Teräs

OpenNHRP guy, made ipsec-tools usable for Dynamic Multipoint VPN. Code performance improvements and many bug fixes.

Fred Senault

Various bugfixes.

Aidas Kasparas

Various bugfixes.

Bill Nottingham, Brian Buesker, Christophe Saout,
Kimmo Koivisto, Ralf Spenneberg, and many unsung heroes

Bugreports, bugfixes, documentation, testing, etc. Thanks a lot!