VPNs with KAME

The NetBSD implementation of KAME for IKE has been ported to Linux. Since the LinuxKernel now has IPSec built in, things simplified a lot from the original FreeSWAN days.

Set http://kerneltrap.org/node/view/748 for some links to HOWTOs on this. In short, on Debian, run 'apt-get install ipsec-tools racoon', then configure Racoon and setkey.

I tried this, but couldn't get it working. I discovered that OpenS/WAN can also use the existing Linux 2.6 kernel implementation of IPSec, rather then it's own (rather invasive) kernel patches. Since I'm a lot more familiar with Pluto, ipsec.conf, and ipsec.secrets that went a lot better.

See also Linux, VPN, Security