IPsec Installation

Implementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the IPsec connection, including:

• /sbin/setkey - manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the racoon key management daemon. Refer to the setkey(8) man page for more information.

• /usr/sbin/racoon - the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
• /etc/racoon/racoon.conf - the racoon daemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection. Refer to the racoon.conf(5) man page for a complete listing of available directives.

To configure IPsec on Community Enterprise Linux, you can use the Network Administration Tool, or manually edit the networking and IPsec configuration files.

• To connect two network-connected hosts via IPsec, refer to "IPsec Host-to-Host Configuration".

• To connect one LAN/WAN to another via IPsec, refer to "IPsec Network-to-Network Configuration".