openswan-2.6.23dr1
所属分类:Linux/Unix编程
开发工具:Unix_Linux
文件大小:9641KB
下载次数:13
上传日期:2009-08-22 11:03:30
上 传 者:
areswry
说明: OpenSWan是Linux下IPsec的最佳实现方式,其功能强大,最大程度地保证了数据传输中的安全性、完整性问题。
(IPsec is OpenSWan under Linux the best way to achieve, and its powerful, to ensure maximum data transmission security, the integrity of the problem.)
文件列表:
openswan-2.6.23dr1\.cvsignore (285, 2009-08-20)
openswan-2.6.23dr1\BUGS (4394, 2009-08-20)
openswan-2.6.23dr1\buildlin.sh (41, 2009-08-20)
openswan-2.6.23dr1\buildwin.sh (60, 2009-08-20)
openswan-2.6.23dr1\CHANGES (33418, 2009-08-20)
openswan-2.6.23dr1\contrib\checkpoint-hybrid\opensclienthowto.txt (4051, 2009-08-20)
openswan-2.6.23dr1\contrib\checkpoint-hybrid\openswan-2.4.0-SecureClient.diff (18687, 2009-08-20)
openswan-2.6.23dr1\contrib\checkpoint-hybrid (0, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco\pcf2os.pl (1063, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco\sample.pcf (550, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco (0, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco-decrypt\cisco-decrypt.1 (1048, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco-decrypt\cisco-decrypt.c (4422, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco-decrypt\Makefile (275, 2009-08-20)
openswan-2.6.23dr1\contrib\cisco-decrypt (0, 2009-08-20)
openswan-2.6.23dr1\contrib\janus\janus.pl (11872, 2009-08-20)
openswan-2.6.23dr1\contrib\janus\janushelp.txt (3657, 2009-08-20)
openswan-2.6.23dr1\contrib\janus (0, 2009-08-20)
openswan-2.6.23dr1\contrib\lucent\UDP501encap.c (10197, 2009-08-20)
openswan-2.6.23dr1\contrib\lucent (0, 2009-08-20)
openswan-2.6.23dr1\contrib\pam.d\pluto (448, 2009-08-20)
openswan-2.6.23dr1\contrib\pam.d (0, 2009-08-20)
openswan-2.6.23dr1\contrib\scripts\eroute (1210, 2009-08-20)
openswan-2.6.23dr1\contrib\scripts\look (1170, 2009-08-20)
openswan-2.6.23dr1\contrib\scripts (0, 2009-08-20)
openswan-2.6.23dr1\contrib\_updown\_updown.c (4015, 2009-08-20)
openswan-2.6.23dr1\contrib\_updown (0, 2009-08-20)
openswan-2.6.23dr1\contrib (0, 2009-08-20)
openswan-2.6.23dr1\COPYING (18007, 2009-08-20)
openswan-2.6.23dr1\CREDITS (2443, 2009-08-20)
openswan-2.6.23dr1\debian\changelog (16694, 2009-08-20)
openswan-2.6.23dr1\debian\changelog.debian (264, 2009-08-20)
openswan-2.6.23dr1\debian\control (3360, 2009-08-20)
... ...
********* See docs/RELEASE-NOTES.txt for more information *********
Openswan 2.X Release Notes
Openswan is an IPsec implementation for Linux. It has support for most
of the extensions (RFC + IETF drafts) related to IPsec, including
IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.
Openswan was originally based on FreeS/WAN 2.04 CVS, along with some
minor bug fixes from 2.05 and 2.06. See CREDITS for the history.
Download it from http://www.openswan.org/code
REQUIREMENTS
A recent Linux distribution based on either Kernel 2.4.x, or 2.6.x are
the currently supported platforms
There a few packages required for Openswan to compile:
1. libgmp + libgmp-devel headers. (GNU Math Precision Library)
2. gawk, flex and bison (usually included in all distributions)
#########################################################################
# HOW TO INSTALL on Kernel 2.6 (And Kernels with 2.6 IPsec backport)
#########################################################################
For Linux Kernels 2.6.0 and higher, Openswan can use the built in IPsec
support, or KLIPS (ipsec0 devices).
To use KLIPS:
0) If you want NAT-T support, you need to patch your kernel and build
a new bzImage. From the Openswan source directory:
make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make bzImage)
Note: Build and install kernel as normal, as you have modified
the TCP/IP stack in the kernel, so it needs to be recompiled and
installed.
eg: cd /usr/src/linux && make dep bzImage install
See your distribution documentation on how to install a new kernel
1) From the openswan source directory, build the userland tools, and
ipsec.o kernel module:
make KERNELSRC=/usr/src/linux-2.6 programs module
2) As root, install the userland tools, and the ipsec.o module:
make KERNELSRC=/usr/src/linux-2.6 install minstall
3) For OCF HW offloading support, you need a patched kernel
See: http://ocf-linux.sourceforge.net/
To use the native (aka, Netkey) stack:
0) Please use at least version kernel version 2.6.6, as prior
versions of the kernel have serious bugs in the IPsec stack.
1) From the openswan source directory:
make programs
2) As root, install the userland tools:
make install
Note: The ipsec-tools package is no longer needed. Instead iproute2 >= 2.6.8
is required. For backported kernels, setkey and thus ipsec-tools might still
be required. Run 'ipsec verify' to determine if your system has either one
of the requirements.
#########################################################################
# HOW TO INSTALL on Linux Kernel 2.4 systems
#########################################################################
0.0) The following instructions assume the kernel source tree is in
/usr/src/linux-2.4. If this isn't the case, simply change the
parameters in the instructions below.
1.0) Uncompress linux-2.#.#.tar.bz2 in /usr/src (or elsewhere), build a
normal working kernel. This ensures any compiliation problems
that occur are isolated and resolved *before* any Openswan patches
are applied to the kernel.
1.1) If you want NAT-T support, you need to patch your kernel and build
a new bzImage. From the Openswan source directory:
make nattpatch | (cd /usr/src/linux-2.4 && patch -p1 && make bzImage)
Note: Build and install kernel as normal, as you have modified
the TCP/IP stack in the kernel, so it needs to be recompiled and
installed.
eg: cd /usr/src/linux && make dep bzImage install
2.0) From the openswan source directory, build the userland tools, and
ipsec.o kernel module:
make KERNELSRC=/usr/src/linux-2.4 programs module
3.0) As root, install the userland tools, and the ipsec.o module:
make KERNELSRC=/usr/src/linux-2.4 install minstall
UPGRADING
1. If you are upgrading from a 1.x product to Openswan 2.x, you will
need to adjust your config files. See doc/upgrading.html for details
on what has changed.
2. You can 'make install' overtop of your old version - it won't replace
your /etc/ipsec.* config files
SUPPORT
Mailing Lists:
http://lists.openswan.org is home of the mailing lists. Note: these are
closed lists - you *must* be subscribed to post.
Wiki:
http://wiki.openswan.org is home to the Openswan WIKI. It has the most
up to date documentation, interop guides and other related information.
IRC:
Openswan developers and users can be found on IRC, on #openswan on
irc.freenode.net. If you need more information on our IRC channel, see
http://www.openswan.org/support/irc.php
Commercial support for Openswan is also available - see
http://www.xelerance.com/openswan/support.php for more information, or
email sales@xelerance.com
BUGS
Bugs with the package can be filed into our Mantis system, at
http://bugs.openswan.org
SECURITY HOLES
None :) If you find one, please email vuln@xelerance.com with details.
Please use GPG (finger vuln@xelerance.com for GPG key) for this.
DEVELOPMENT
Those interested in the development, patches, beta releases of Openswan
can join the development mailing list (http://lists.openswan.org -
dev@lists.openswan.org) or join the development team on IRC in
#openswan-dev on irc.freenode.net
DOCUMENTATION
The most up to date docs are at http://wiki.openswan.org.
Several high-level documents are in the doc directory. Most are in HTML
format; See doc/index.html for the top level index. These are now
considered obselete.
To build from source, you will need at least 60MB free (Source tree is
currently 40MB)
The bulk of this software is under the GNU General Public License; see
LICENSE. Some parts of it are not; see CREDITS for the details.
$Id: README,v 1.102 2005/07/06 22:50:02 ken Exp $.
近期下载者:
相关文件:
收藏者: