IPsec-Tools
IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec
implementation. It supports NetBSD and FreeBSD as well.
- libipsec
- Library with PF_KEY implementation.
- setkey
- Tool to manipulate and dump the kernel Security Policy Database (SPD)
and Security Association Database (SAD).
- racoon
- Internet Key Exchange (IKE) daemon for automatically keying IPsec connections.
- racoonctl
- A shell-based control tool for racoon
- 2007-08-29
- IPsec-tools 0.7 released, with many new features and bugfixes. Download from Sourceforge, or from the misc/ipsec-tools/0.7 directory of most NetBSD FTP mirrors (NB: not all NetBSD FTP mirrors replicate the misc directory)
- 2006-09-15
- IPsec-tools CVS has migrated away from Sourceforge. Newer code can be checked out like this: cvs -danoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools
- 2007-04-06
- IPsec-tools 0.6.7 released, and fixes a DoS in
informationnal messages handling (CVE-2007-1841). Download here
- 2006-06-13
- IPsec-tools 0.6.6 released. Download here
- 2006-02-02
- IPsec-tools 0.6.5 released. Download here
- 2005-12-09
- IPsec-tools 0.6.4 released. Download here
- 2005-11-21
- IPsec-tools 0.6.3 released and contains fixes for various DoS problemsDownload here
- 2005-10-14
- IPsec-tools 0.6.2 released. Download here
- 2005-08-20
- IPsec-tools 0.6.1 released. Download here
- 2005-05-27
- IPsec-tools 0.6 released. Download here
- 2005-05-04
- IPsec-tools 0.5.2 released. Should be good enough for production use. Download here
- 2004-04-05
- IMPORTANT:
Users of IPsec-tools are strongly recommended to upgrade to a version
released on or after 2004-04-05. Older versions contain a security
problem that bites connections authorized with X.509 certificates.
More details...
- IPsec-Tools Project Page...
- ... hosted on SourceForge.net
- Browse the mailing list archive...
- Or subscribe and send us your comments, report problems, etc.
- Security bugreports...
- ... should go to ipsec-tools-core@lists.sourceforge.net
This is a private list - you may post here but only the development team members can read it. It is safe to post security related bugreports here.
- Download...
- ... the latest sources.
- Linux advanced routing and traffic control
- and especially its chapter IPsec HOWTO for Linux-2.6.
- NetBSD's IPSec How-to and Remote user access VPN how-to
- Contains a lot of useful information on racoon configuration on NetBSD. Most of it apply to other systems.
- Checklist...
- ... when things don't want to work.
- The KAME project
- For the original implementation done for BSD systems.
- Derek Atkins
- Ported the package to Linux 2.6 IPsec stack.
- Michal Ludvig
- Wrote support for NAT-T and PlainRSA, rewrote autoconf & friends buildsystem, packaging and release maintainer.
- Emmanuel Dreyfus
- NetBSD guy, wrote Hybrid-AUTH and fragmentation support.
- Yvan Vanhullebus
- NETASQ and FreeBSD guy,
wrote Dead-Peer-Detection support, and various other things....
- Matthew Grooms
- Shrew Soft Inc guy,
Various modecfg improvements, xauth ldap & group validation support, sainfo section cleanup and bug fixes ....
- Fred Senault
- Various bugfixes.
- Aidas Kasparas
- Various bugfixes.
- Bill Nottingham, Brian Buesker, Christophe Saout,
Kimmo Koivisto, Ralf Spenneberg, and many unsung heroes
- Bugreports, bugfixes, documentation, testing, etc. Thanks a lot!
