Implementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec
hosts (if using a host-to-host configuration) or routers (if using
a network-to-network configuration). The RPM package contains
essential libraries, daemons, and configuration files to aid in
setup of the IPsec connection, including:
-
/lib/libipsec.so — library that
contains the PF_KEY trusted key management socket interface between
the Linux kernel and the IPsec implementation used in Red Hat
Enterprise Linux.
-
/sbin/setkey — manipulates the
key management and security attributes of IPsec in the kernel. This
executable is controlled by the racoon key
management daemon. For more information on setkey, refer to the setkey(8) man page.
-
/sbin/racoon — the IKE key
management daemon, used to manage and control security associations
and key sharing between IPsec-connected systems. This daemon can be
configured by editing the /etc/racoon/racoon.conf file. For more information
about racoon, refer to the racoon(8) man page.
-
/etc/racoon/racoon.conf — the
racoon daemon configuration file used to
configure various aspects of the IPsec connection, including
authentication methods and encryption algorithms used in the
connection. For a complete listing of directives available, refer
to the racoon.conf(5) man page.
Configuring IPsec on Red Hat Enterprise Linux can be done via
the Network Administration Tool or by
manually editing networking and IPsec configuration files. For more
information about using the Network
Administration Tool, refer to the Red Hat
Enterprise Linux System Administration Guide.
To connect two network-connected hosts via IPsec, refer to
Section 6.4 IPsec Host-to-Host
Configuration. To connect one LAN/WAN to another via IPsec,
refer to Section 6.5 IPsec
Network-to-Network configuration.
