News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Lineo adds IPSec support to NETtel VPN routers

Jan 19, 2001 — by LinuxDevices Staff — from the LinuxDevices Archive — views

Lindon, UT — (technical bulletin excerpt) — Lineo software engineers have completed a major enhancement to the NETtel family of Internet security appliance OEM platforms by adding strong VPN support based upon the IPSec standard. Many appliance style products currently claim to have IPSec support but most lack the full IPSec feature set and instead only support “pass through” mode – effectively only… permitting IPSec information to pass through the device but not adding any additional value or security.

The FreeS/WAN IPsec implementation was chosen as the basis for the enhancement as it was already open source while being technically complete and mature. The NETtel devices are also under GPL so there was no concerns with tainting of code, and both FreeS/WAN and the NETtel kernel — uClinux — are freely available. The port took place in a matter of days, one of the advantages of using a Linux operating system. Compatibility issues were minimal, primarily because of the standardization of Linux library interfaces.

This implementation provides support for both auto and manual keying, and typically uses 3DES for the tunnel encryption. Although encryption is software based, there are hooks for the addition of hardware encryption support such as for the Hi/fn 7901.

The overall uClinux kernel size increase was around 150KB for the full IPSec stack. In addition, an application binary called Pluto was implemented to handle the key management. This was also an opportunity to test the enhanced malloc that was described in a previous Lineo Technical Bulletin.

What is IPSec?

IPSEC is a set of extensions to the IP protocol family providing cryptographic security services. These services include privacy (encryption), authentication, and message integrity. Replay protection is also provided by merit of the combination of authentication and message integrity. One of the practical features of IPSec is that it provides similar services as SSL but operates at the network layer completely transparently to your applications, and is much more powerful. We can say this because your applications do not have to have any knowledge of IPSec to be able to use it. You can use any IP protocol over IPSec. You can create encrypted tunnels (VPNs), or just do encryption between computers.

Read full story

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.