3 <!-- =============================================================== -->
7 <!-- =============================================================== -->
8 <!-- ####COPYRIGHTBEGIN#### -->
10 <!-- =============================================================== -->
11 <!-- Copyright (c) 2003 Andrew Lunn -->
12 <!-- This material may be distributed only subject to the terms -->
13 <!-- and conditions set forth in the Open Publication License, v1.0 -->
14 <!-- or later (the latest version is presently available at -->
15 <!-- http://www.opencontent.org/openpub/) -->
16 <!-- Distribution of the work or derivative of the work in any -->
17 <!-- standard (paper) book form is prohibited unless prior -->
18 <!-- permission obtained from the copyright holder -->
19 <!-- =============================================================== -->
21 <!-- ####COPYRIGHTEND#### -->
22 <!-- =============================================================== -->
23 <!-- #####DESCRIPTIONBEGIN#### -->
25 <!-- ####DESCRIPTIONEND#### -->
26 <!-- =============================================================== -->
30 <PART ID="net-ipsec-common">
31 <TITLE>IPSEC for eCos</TITLE>
34 The FreeBSD network stack which is part of
35 <productname>eCos</productname> can be configured to use IPSEC to
36 provide more secure communications between Internet hosts. IPSEC
37 can be used with both IPv4 and IPv6.
40 <CHAPTER id="net-ipsec-common-installation">
41 <TITLE>Installation and Configuration</TITLE>
43 Due to the restrictions imposed by various countries on the
44 exportation and importation of cryptographic software, it has been
45 decided to distribute the crypto parts of FreeBSD IPSEC separately
46 from the rest of eCos. Before IPSEC can be enabled the eCos
47 package bsd_crypto must be installed. This package can be found on
48 the eCosCentric server at
49 <ulink url="ftp://ftp.ecoscentric.com:/pub/contrib">
50 ftp.ecoscentric.com:/pub/contrib</ulink>. Once the package has been
51 downloaded it must be installed using the
52 <LITERAL>ecosadmin.tcl</LITERAL> script.
56 When the bsd_crypto package has been installed, the building of
57 IPSEC will automatically be enabled when the FreeBSD stack is
58 used. It can be disabled using the configuration option
59 <LITERAL>CYGPKG_NET_IPSEC</LITERAL>. There are no other
60 configuration options for IPSEC as a whole.
64 In order to use IPSEC, connections must be configured. This can be
65 performed using <FUNCTION>setsockopt()</FUNCTION> calls. A more
66 convenient way is the use the <LITERAL>libipsec</LITERAL> library
67 from the <PRODUCTNAME>KAME</PRODUCTNAME> distribution. eCos
68 contains a snapshot of this library, which is documented else
69 where. The aim is to also port the
70 <PRODUCTNAME>racoon</PRODUCTNAME> daemon to eCos in the near
75 It should be noted that the FreeBSD stack in eCos is quite
76 old. IPSEC and IPv6 have continued to develop. It is quite
77 possible there could be interoperabilty problems when using the
78 IPSEC implementation in eCos with more modern implementations.
82 It should also be noted that IPSEC, libipsec etc are currently
83 work in progress items.
86 &net-ipsec-libipsec-libipsec-manpages-sgml;