Show Table of Contents
6.3. IPsec Installation
Implementing IPsec requires that the
ipsec-toolsRPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files to aid in setup of the IPsec connection, including:
/sbin/setkey— manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the
racoonkey management daemon. For more information on
setkey, refer to the
setkey(8) man page.
/sbin/racoon— the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems. This daemon can be configured by editing the
/etc/racoon/racoon.conffile. For more information about
racoon, refer to the
racoon(8) man page.
racoondaemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection. For a complete listing of directives available, refer to the
racoon.conf(5) man page.
Configuring IPsec on Red Hat Enterprise Linux can be done via the Network Administration Tool or by manually editing networking and IPsec configuration files. For more information about using the Network Administration Tool, refer to the System Administrators Guide.
To connect two network-connected hosts via IPsec, refer to Section 6.4, “IPsec Host-to-Host Configuration”. To connect one LAN/WAN to another via IPsec, refer to Section 6.5, “IPsec Network-to-Network configuration”.