Implementing IPsec requires that the
ipsec-tools RPM package be installed on all IPsec
hosts (if using a host-to-host configuration) or routers (if using a
network-to-network configuration). The RPM package contains essential
libraries, daemons, and configuration files to aid in setup of the IPsec
connection, including:
/lib/libipsec.so — library that
contains the PF_KEY trusted key management socket interface between
the Linux kernel and the IPsec implementation used in Red Hat Enterprise Linux.
/sbin/setkey — manipulates the key
management and security attributes of IPsec in the kernel. This
executable is controlled by the racoon key
management daemon. For more information on
setkey, refer to the setkey(8)
man page.
/sbin/racoon — the IKE key management
daemon, used to manage and control security associations and key
sharing between IPsec-connected systems. This daemon can be
configured by editing the
/etc/racoon/racoon.conf file. For more
information about racoon, refer to the
racoon(8) man page.
/etc/racoon/racoon.conf — the
racoon daemon configuration file used to configure
various aspects of the IPsec connection, including authentication
methods and encryption algorithms used in the connection. For a
complete listing of directives available, refer to the
racoon.conf(5) man page.
Configuring IPsec on Red Hat Enterprise Linux can be done via the
Network Administration Tool or by manually editing
networking and IPsec configuration files. For more information about
using the Network Administration Tool, refer to the
Red Hat Enterprise Linux System Administration Guide.
To connect two network-connected hosts via IPsec, refer to Section 6.4 IPsec Host-to-Host Configuration. To connect one LAN/WAN to another via
IPsec, refer to Section 6.5 IPsec Network-to-Network configuration.
