Several projects currently provide development and implementation
of IPsec tools. The original IPsec tools are provided by the KAME project, www.kame.net. Current versions can be obtained from souceforge.net/projects/ipsectools. RPM packages can be
obtained from rpmfind.net. Other IPsec tool projects include the Free
Secure/Wide Area Network project (FreeS/WAN) at www.freeeswan.org, which
provides a Linux implementation of IPsec tools, and VPN Consortium (VPNC) at www.vpnc.org, which supports Windows and Macintosh versions.
FreeS/WAN provides both Red Hat RPM packages and source code for their
tools.
IPsec is made up of several protocols that
provide authentication (AH), encryption (ESP), and the secure exchange of
encryption keys (IKE). The Authentication Header protocol (AH) confirms that the
packet was sent by the sender, and not by someone else. IPsec also includes an
integrity check to detect any tampering in transit. Packets are encrypted using
the Encapsulating Security Payload (ESP). Encryption and decryption are
performed using secret keys shared by the sender and the receiver. These keys
are themselves transmitted using the Internet Key Exchange protocol, which
provides a secure exchange. ESP encryption can degrade certain compression
transmission methods like PPP for dialup Internet connections. To accommodate
these compression methods, IPsec provides the IP Payload Compression Protocol
(IPComp), with which packets can be compressed before being sent.
The AH, ESP, and IPComp protocols are incorporated into the
Linux kernel. The IKE protocol is implemented as a separate daemon. It simply
provides a way to share secret keys, and can be replaced by other sharing
methods.