48.7.5. IPsec Installation
Implementing IPsec requires that the
ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the IPsec connection, including:
/sbin/setkey— manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by theracoonkey management daemon. Refer to thesetkey(8) man page for more information./usr/sbin/racoon— the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems./etc/racoon/racoon.conf— theracoondaemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection. Refer to theracoon.conf(5) man page for a complete listing of available directives.
To configure IPsec on Red Hat Enterprise Linux, you can use the Network Administration Tool, or manually edit the networking and IPsec configuration files.
- To connect two network-connected hosts via IPsec, refer to Section 48.7.6, “IPsec Host-to-Host Configuration”.
- To connect one LAN/WAN to another via IPsec, refer to Section 48.7.7, “IPsec Network-to-Network Configuration”.
