Yes, I got a chance to work with IPSec in Linux and Solaris. Well, we managed to get a working connection between Linux and Solaris, so in case any of you got any doubts do contact me. I do not know much about the certificates though.
Just an overview of what is IPSec
IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. It was first developed for the new IPv6 standard and then “backported” to IPv4.
IPsec uses two different protocols - AH and ESP - to ensure the authentication, integrity and confidentiality of the communication. It can protect either the entire IP datagram or only the upper-layer protocols. The appropiate modes are called tunnel mode and transport mode. In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol. In transport mode only the payload of the IP datagram is handled by the IPsec protocol inserting the IPsec header between the IP header and the upper-layer protocol header. - www.ipsec-tools.sourceforge.net
Linux and Solaris uses entirely different packages and commands. We can have the keys exchanged automatically(more secure) or by manual preshared key(less secure). For the auto key exchange, Linux uses a "racoon" and Solaris used "ike daemon".
Similarly, for setting up the SA (security association - SAD - Security Association Database) and Policies, Linux used "setkey" where as Solaris uses "ipseckey" and "ipsecconf". The syntax and rules may be different but comparable.
And making it work between Linux and Solaris - that was one hell of a challenge we had!
Added more information at IPSec Linux & Solaris (Cont)
Just an overview of what is IPSec
IPsec is an extension to the IP protocol which provides security to the IP and the upper-layer protocols. It was first developed for the new IPv6 standard and then “backported” to IPv4.
IPsec uses two different protocols - AH and ESP - to ensure the authentication, integrity and confidentiality of the communication. It can protect either the entire IP datagram or only the upper-layer protocols. The appropiate modes are called tunnel mode and transport mode. In tunnel mode the IP datagram is fully encapsulated by a new IP datagram using the IPsec protocol. In transport mode only the payload of the IP datagram is handled by the IPsec protocol inserting the IPsec header between the IP header and the upper-layer protocol header. - www.ipsec-tools.sourceforge.net
Linux and Solaris uses entirely different packages and commands. We can have the keys exchanged automatically(more secure) or by manual preshared key(less secure). For the auto key exchange, Linux uses a "racoon" and Solaris used "ike daemon".
Similarly, for setting up the SA (security association - SAD - Security Association Database) and Policies, Linux used "setkey" where as Solaris uses "ipseckey" and "ipsecconf". The syntax and rules may be different but comparable.
And making it work between Linux and Solaris - that was one hell of a challenge we had!
Added more information at IPSec Linux & Solaris (Cont)
