48.7.5. IPsec Installation
Implementing IPsec requires that the
ipsec-toolsRPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files for setting up the IPsec connection, including:
/sbin/setkey— manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the
racoonkey management daemon. Refer to the
setkey(8) man page for more information.
/usr/sbin/racoon— the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems.
racoondaemon configuration file used to configure various aspects of the IPsec connection, including authentication methods and encryption algorithms used in the connection. Refer to the
racoon.conf(5) man page for a complete listing of available directives.
To configure IPsec on Red Hat Enterprise Linux, you can use the Network Administration Tool, or manually edit the networking and IPsec configuration files.
- To connect two network-connected hosts via IPsec, refer to Section 48.7.6, “IPsec Host-to-Host Configuration”.
- To connect one LAN/WAN to another via IPsec, refer to Section 48.7.7, “IPsec Network-to-Network Configuration”.