1 .\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
3 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nd Internet Protocol Security protocol
48 is a security protocol implemented within the Internet Protocol layer
49 of the networking stack.
51 is defined for both IPv4 and IPv6
56 is a set of protocols,
58 (for Encapsulating Security Payload)
60 (for Authentication Header),
63 (for IP Payload Compression Protocol)
64 that provide security services for IP datagrams.
65 AH both authenticates and guarantees the integrity of an IP packet
66 by attaching a cryptographic checksum computed using one-way hash functions.
67 ESP, in addition, prevents unauthorized parties from reading the payload of
68 an IP packet by also encrypting it.
69 IPComp tries to increase communication performance by compressing IP payload,
70 thus reducing the amount of data sent.
71 This will help nodes on slow links but with enough computing power.
73 operates in one of two modes: transport mode or tunnel mode.
74 Transport mode is used to protect peer-to-peer communication between end nodes.
75 Tunnel mode encapsulates IP packets within other IP packets
76 and is designed for security gateways such as VPN endpoints.
78 System configuration requires the
82 The packets can be passed to a virtual
85 to perform packet filtering before outbound encryption and after decapsulation
88 To properly filter on the inner packets of an
90 tunnel with firewalls, you can change the values of the following sysctls
91 .Bl -column net.inet6.ipsec6.filtertunnel default enable
92 .It Sy "Name Default Enable"
93 .It "net.inet.ipsec.filtertunnel 0 1"
94 .It "net.inet6.ipsec6.filtertunnel 0 1"
99 is controlled by a key management and policy engine,
100 that reside in the operating system kernel.
102 is the process of associating keys with security associations, also
104 Policy management dictates when new security
105 associations created or destroyed.
107 The key management engine can be accessed from userland by using
112 socket API is defined in RFC2367.
114 The policy engine is controlled by an extension to the
121 The kernel implements
122 an extended version of the
124 interface and allows the programmer to define IPsec policies
125 which are similar to the per-packet filters.
128 interface is used to define per-socket behavior, and
130 interface is used to define host-wide default behavior.
132 The kernel code does not implement a dynamic encryption key exchange protocol
134 (Internet Key Exchange).
135 Key exchange protocols are beyond what is necessary in the kernel and
136 should be implemented as daemon processes which call the
139 .Ss Policy management
140 IPsec policies can be managed in one of two ways, either by
141 configuring per-socket policies using the
143 system calls, or by configuring kernel level packet filter-based
148 you can define IPsec policies against packets using rules similar to packet
154 When setting policies using the
158 option instructs the system to use its default policy, as
159 explained below, for processing packets.
160 The following sysctl variables are available for configuring the
161 system's IPsec behavior.
162 The variables can have one of two values.
167 which means that if there is a security association then use it but if
168 there is not then the packets are not processed by IPsec.
173 which requires that a security association must exist for the packets
174 to move, and not be dropped.
175 These terms are defined in
176 .Xr ipsec_set_policy 8 .
177 .Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx
178 .It Sy "Name Type Changeable"
179 .It "net.inet.ipsec.esp_trans_deflev integer yes"
180 .It "net.inet.ipsec.esp_net_deflev integer yes"
181 .It "net.inet.ipsec.ah_trans_deflev integer yes"
182 .It "net.inet.ipsec.ah_net_deflev integer yes"
183 .It "net.inet6.ipsec6.esp_trans_deflev integer yes"
184 .It "net.inet6.ipsec6.esp_net_deflev integer yes"
185 .It "net.inet6.ipsec6.ah_trans_deflev integer yes"
186 .It "net.inet6.ipsec6.ah_net_deflev integer yes"
189 If the kernel does not find a matching, system wide, policy then the
190 default value is applied.
191 The system wide default policy is specified
198 which asks the kernel to drop the packet.
202 .Bl -column net.inet6.ipsec6.def_policy integerxxx
203 .It Sy "Name Type Changeable"
204 .It "net.inet.ipsec.def_policy integer yes"
205 .It "net.inet6.ipsec6.def_policy integer yes"
208 .Ss Miscellaneous sysctl variables
211 protocols are configured for use, all protocols are included in the system.
212 To selectively enable/disable protocols, use
214 .Bl -column net.inet.ipcomp.ipcomp_enable
215 .It Sy "Name Default"
216 .It "net.inet.esp.esp_enable On"
217 .It "net.inet.ah.ah_enable On"
218 .It "net.inet.ipcomp.ipcomp_enable On"
221 In addition the following variables are accessible via
223 for tweaking the kernel's IPsec behavior:
224 .Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx
225 .It Sy "Name Type Changeable"
226 .It "net.inet.ipsec.ah_cleartos integer yes"
227 .It "net.inet.ipsec.ah_offsetmask integer yes"
228 .It "net.inet.ipsec.dfbit integer yes"
229 .It "net.inet.ipsec.ecn integer yes"
230 .It "net.inet.ipsec.debug integer yes"
231 .It "net.inet6.ipsec6.ecn integer yes"
232 .It "net.inet6.ipsec6.debug integer yes"
235 The variables are interpreted as follows:
237 .It Li ipsec.ah_cleartos
238 If set to non-zero, the kernel clears the type-of-service field in the IPv4 header
239 during AH authentication data computation.
240 This variable is used to get current systems to inter-operate with devices that
241 implement RFC1826 AH.
242 It should be set to non-zero
243 (clear the type-of-service field)
244 for RFC2402 conformance.
245 .It Li ipsec.ah_offsetmask
246 During AH authentication data computation, the kernel will include a
247 16bit fragment offset field
248 (including flag bits)
249 in the IPv4 header, after computing logical AND with the variable.
250 The variable is used for inter-operating with devices that
251 implement RFC1826 AH.
252 It should be set to zero
253 (clear the fragment offset field during computation)
254 for RFC2402 conformance.
256 This variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation.
257 If set to 0, the DF bit on the outer IPv4 header will be cleared while
258 1 means that the outer DF bit is set regardless from the inner DF bit and
259 2 indicates that the DF bit is copied from the inner header to the
261 The variable is supplied to conform to RFC2401 chapter 6.1.
263 If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will
265 (explicit congestion notification),
267 .Li draft-ietf-ipsec-ecn-02.txt .
269 talks more about the behavior.
271 If set to non-zero, debug messages will be generated via
277 tree have similar meanings to those described above.
282 protocol acts as a plug-in to the
286 protocols and therefore supports most of the protocols defined upon
287 those IP-layer protocols.
292 protocols may behave differently with
300 routines from looking into the IP payload.
305 .Xr ipsec_set_policy 3 ,
317 .%T "IP Authentication Header"
323 .%T "IP Encapsulating Security Payload (ESP)"
328 .%A Daniel L. McDonald
331 .%T "PF_KEY Key Management API, Version 2"
338 .%T "A Simple IP Security API Extension to BSD Sockets"
340 .%N "draft-mcdonald-simple-ipsec-api-03.txt"
341 .%O work in progress material
346 implementation appeared in the WIDE/KAME IPv6/IPsec stack.
350 a fully locked IPsec implementation called fast_ipsec was brought in.
351 The protocols drew heavily on the
353 implementation of the
356 The policy management code was derived from the
362 The fast_ipsec implementation lacked
364 support but made use of the
371 support was added to fast_ipsec.
372 After this the old KAME IPsec implementation was dropped and fast_ipsec
373 became what now is the only
378 There is no single standard for the policy engine API,
379 so the policy engine API described herein is just for this implementation.
381 AH and tunnel mode encapsulation may not work as you might expect.
382 If you configure inbound
384 policy with an AH tunnel or any IPsec encapsulating policy with AH
386 .Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) ,
387 tunnelled packets will be rejected.
388 This is because the policy check is enforced on the inner packet on reception,
389 and AH authenticates encapsulating
391 packet, not the encapsulated
394 (so for the receiving kernel there is no sign of authenticity).
395 The issue will be solved when we revamp our policy engine to keep all the
396 packet decapsulation history.
398 When a large database of security associations or policies is present
405 sockets may fail due to lack of space.
406 Increasing the socket buffer
407 size may alleviate this problem.
411 protocol may occasionally error because of
415 This documentation needs more review.