6.3. IPsec Installation
Implementing IPsec requires that the
ipsec-tools
RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files to aid in setup of the IPsec connection, including:
/sbin/setkey
— manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by theracoon
key management daemon. For more information onsetkey
, refer to thesetkey
(8) man page./sbin/racoon
— the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems. This daemon can be configured by editing the/etc/racoon/racoon.conf
file. For more information aboutracoon
, refer to theracoon
(8) man page./etc/racoon/racoon.conf
— theracoon
daemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection. For a complete listing of directives available, refer to theracoon.conf
(5) man page.
Configuring IPsec on Red Hat Enterprise Linux can be done via the Network Administration Tool or by manually editing networking and IPsec configuration files. For more information about using the Network Administration Tool, refer to the System Administrators Guide.
To connect two network-connected hosts via IPsec, refer to Section 6.4, “IPsec Host-to-Host Configuration”. To connect one LAN/WAN to another via IPsec, refer to Section 6.5, “IPsec Network-to-Network configuration”.