4.7. IP Security (IPsec)

Virtual Private Networks (VPN) allow users and telecommuters to connect to their corporate intranets using their local internet connection. The VPN method used in SISO is based on IP Security (IPsec). This is a standard for securing communications by authenticating and encrypting IP packets. Key protocols in IPsec are encryption using Encapsulating Security Payload (ESP) and Internet Key Exchange protocol (IKE).

The Linux-2.6 kernel already contains the (KAME based) IPsec. The user-space tools will build in this section. Download and unpack the sources. Note that 0.6.1 is used, as the current version 0.6.6 fails complilation with conflicting types for 'SHA256_CTX'

wget -P $DL_DIR  # was 0.5rc1, 0.6.1
tar -C $PRJ_DIR/apps -xvjf $DL_DIR/ipsec-tools-0.7.tar.bz2
cd $PRJ_DIR/apps/ipsec-tools-0.7


make clean
./configure AR="${TOOLCHAIN_CROSS}ar"  AS=${TOOLCHAIN_CROSS}as \
            LD=${TOOLCHAIN_CROSS}ld    NM=${TOOLCHAIN_CROSS}nm \
            CC=${TOOLCHAIN_CROSS}gcc   GCC=${TOOLCHAIN_CROSS}gcc \
            CPP=${TOOLCHAIN_CROSS}cpp \
	    CPPFLAGS="-I$TOOLCHAIN_DIR/include -I$ROOTFS_DIR/usr/include" \
            LDFLAGS="-L$TOOLCHAIN_DIR/lib -L$ROOTFS_DIR/usr/lib -ldl" \
            --host=i686-linux \
            --build=i586-linux \
	    --disable-ipv6 \
	    --prefix=$ROOTFS_DIR/usr \
	    --with-kernel-headers=$LINUX_DIR/include \
            --with-openssl=$ROOTFS_DIR/usr \
	    --enable-natt \
	    --enable-frag \

Note: with 0.6.1, I had to comment out the #warning in src/include-glibc/linux/list.h

Compile and install to rootfs.d.

make install-strip

Configuration examples of IPsec can be found in Chapter 6, Virtual Private Network Server.