1 .\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
3 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nd Internet Protocol Security protocol
40 .Cd "options IPSEC_SUPPORT"
49 is a security protocol implemented within the Internet Protocol layer
50 of the networking stack.
52 is defined for both IPv4 and IPv6
57 is a set of protocols,
59 (for Encapsulating Security Payload)
61 (for Authentication Header),
64 (for IP Payload Compression Protocol)
65 that provide security services for IP datagrams.
66 AH both authenticates and guarantees the integrity of an IP packet
67 by attaching a cryptographic checksum computed using one-way hash functions.
68 ESP, in addition, prevents unauthorized parties from reading the payload of
69 an IP packet by also encrypting it.
70 IPComp tries to increase communication performance by compressing IP payload,
71 thus reducing the amount of data sent.
72 This will help nodes on slow links but with enough computing power.
74 operates in one of two modes: transport mode or tunnel mode.
75 Transport mode is used to protect peer-to-peer communication between end nodes.
76 Tunnel mode encapsulates IP packets within other IP packets
77 and is designed for security gateways such as VPN endpoints.
79 System configuration requires the
83 The packets can be passed to a virtual
86 to perform packet filtering before outbound encryption and after decapsulation
89 To properly filter on the inner packets of an
91 tunnel with firewalls, you can change the values of the following sysctls
92 .Bl -column net.inet6.ipsec6.filtertunnel default enable
93 .It Sy "Name Default Enable"
94 .It "net.inet.ipsec.filtertunnel 0 1"
95 .It "net.inet6.ipsec6.filtertunnel 0 1"
100 is controlled by a key management and policy engine,
101 that reside in the operating system kernel.
103 is the process of associating keys with security associations, also
105 Policy management dictates when new security
106 associations created or destroyed.
108 The key management engine can be accessed from userland by using
113 socket API is defined in RFC2367.
115 The policy engine is controlled by an extension to the
122 The kernel implements
123 an extended version of the
125 interface and allows the programmer to define IPsec policies
126 which are similar to the per-packet filters.
129 interface is used to define per-socket behavior, and
131 interface is used to define host-wide default behavior.
133 The kernel code does not implement a dynamic encryption key exchange protocol
135 (Internet Key Exchange).
136 Key exchange protocols are beyond what is necessary in the kernel and
137 should be implemented as daemon processes which call the
140 .Ss Policy management
141 IPsec policies can be managed in one of two ways, either by
142 configuring per-socket policies using the
144 system calls, or by configuring kernel level packet filter-based
149 you can define IPsec policies against packets using rules similar to packet
155 Depending on the socket's address family, IPPROTO_IP or IPPROTO_IPV6
156 transport level and IP_IPSEC_POLICY or IPV6_IPSEC_POLICY socket options
157 may be used to configure per-socket security policies.
158 A properly-formed IPsec policy specification structure can be
160 .Xr ipsec_set_policy 3
161 function and used as socket option value for the
165 When setting policies using the
169 option instructs the system to use its default policy, as
170 explained below, for processing packets.
171 The following sysctl variables are available for configuring the
172 system's IPsec behavior.
173 The variables can have one of two values.
178 which means that if there is a security association then use it but if
179 there is not then the packets are not processed by IPsec.
184 which requires that a security association must exist for the packets
185 to move, and not be dropped.
186 These terms are defined in
187 .Xr ipsec_set_policy 8 .
188 .Bl -column net.inet6.ipsec6.esp_trans_deflev integerxxx
189 .It Sy "Name Type Changeable"
190 .It "net.inet.ipsec.esp_trans_deflev integer yes"
191 .It "net.inet.ipsec.esp_net_deflev integer yes"
192 .It "net.inet.ipsec.ah_trans_deflev integer yes"
193 .It "net.inet.ipsec.ah_net_deflev integer yes"
194 .It "net.inet6.ipsec6.esp_trans_deflev integer yes"
195 .It "net.inet6.ipsec6.esp_net_deflev integer yes"
196 .It "net.inet6.ipsec6.ah_trans_deflev integer yes"
197 .It "net.inet6.ipsec6.ah_net_deflev integer yes"
200 If the kernel does not find a matching, system wide, policy then the
201 default value is applied.
202 The system wide default policy is specified
209 which asks the kernel to drop the packet.
213 .Bl -column net.inet6.ipsec6.def_policy integerxxx
214 .It Sy "Name Type Changeable"
215 .It "net.inet.ipsec.def_policy integer yes"
216 .It "net.inet6.ipsec6.def_policy integer yes"
219 .Ss Miscellaneous sysctl variables
222 protocols are configured for use, all protocols are included in the system.
223 To selectively enable/disable protocols, use
225 .Bl -column net.inet.ipcomp.ipcomp_enable
226 .It Sy "Name Default"
227 .It "net.inet.esp.esp_enable On"
228 .It "net.inet.ah.ah_enable On"
229 .It "net.inet.ipcomp.ipcomp_enable On"
232 In addition the following variables are accessible via
234 for tweaking the kernel's IPsec behavior:
235 .Bl -column net.inet6.ipsec6.inbonud_call_ike integerxxx
236 .It Sy "Name Type Changeable"
237 .It "net.inet.ipsec.ah_cleartos integer yes"
238 .It "net.inet.ipsec.ah_offsetmask integer yes"
239 .It "net.inet.ipsec.dfbit integer yes"
240 .It "net.inet.ipsec.ecn integer yes"
241 .It "net.inet.ipsec.debug integer yes"
242 .It "net.inet.ipsec.natt_cksum_policy integer yes"
243 .It "net.inet.ipsec.check_policy_history integer yes"
244 .It "net.inet6.ipsec6.ecn integer yes"
245 .It "net.inet6.ipsec6.debug integer yes"
248 The variables are interpreted as follows:
250 .It Li ipsec.ah_cleartos
251 If set to non-zero, the kernel clears the type-of-service field in the IPv4 header
252 during AH authentication data computation.
253 This variable is used to get current systems to inter-operate with devices that
254 implement RFC1826 AH.
255 It should be set to non-zero
256 (clear the type-of-service field)
257 for RFC2402 conformance.
258 .It Li ipsec.ah_offsetmask
259 During AH authentication data computation, the kernel will include a
260 16bit fragment offset field
261 (including flag bits)
262 in the IPv4 header, after computing logical AND with the variable.
263 The variable is used for inter-operating with devices that
264 implement RFC1826 AH.
265 It should be set to zero
266 (clear the fragment offset field during computation)
267 for RFC2402 conformance.
269 This variable configures the kernel behavior on IPv4 IPsec tunnel encapsulation.
270 If set to 0, the DF bit on the outer IPv4 header will be cleared while
271 1 means that the outer DF bit is set regardless from the inner DF bit and
272 2 indicates that the DF bit is copied from the inner header to the
274 The variable is supplied to conform to RFC2401 chapter 6.1.
276 If set to non-zero, IPv4 IPsec tunnel encapsulation/decapsulation behavior will
278 (explicit congestion notification),
280 .Li draft-ietf-ipsec-ecn-02.txt .
282 talks more about the behavior.
284 If set to non-zero, debug messages will be generated via
286 .It Li ipsec.natt_cksum_policy
287 Controls how the kernel handles TCP and UDP checksums when ESP in UDP
288 encapsulation is used for IPsec transport mode.
289 If set to a non-zero value, the kernel fully recomputes checksums for
290 inbound TCP segments and UDP datagrams after they are decapsulated and
292 If set to 0 and original addresses were configured for corresponding SA
293 by the IKE daemon, the kernel incrementally recomputes checksums for
294 inbound TCP segments and UDP datagrams.
295 If addresses were not configured, the checksums are ignored.
296 .It Li ipsec.check_policy_history
297 Enables strict policy checking for inbound packets.
298 By default, inbound security policies check that packets handled by IPsec
299 have been decrypted and authenticated.
300 If this variable is set to a non-zero value, each packet handled by IPsec
301 is checked against the history of IPsec security associations.
302 The IPsec security protocol, mode, and SA addresses must match.
307 tree have similar meanings to those described above.
312 protocol acts as a plug-in to the
316 protocols and therefore supports most of the protocols defined upon
317 those IP-layer protocols.
322 protocols may behave differently with
330 routines from looking into the IP payload.
335 .Xr ipsec_set_policy 3 ,
348 .%T "IP Authentication Header"
354 .%T "IP Encapsulating Security Payload (ESP)"
359 .%A Daniel L. McDonald
362 .%T "PF_KEY Key Management API, Version 2"
369 .%T "A Simple IP Security API Extension to BSD Sockets"
371 .%N "draft-mcdonald-simple-ipsec-api-03.txt"
372 .%O work in progress material
377 implementation appeared in the WIDE/KAME IPv6/IPsec stack.
381 a fully locked IPsec implementation called fast_ipsec was brought in.
382 The protocols drew heavily on the
384 implementation of the
387 The policy management code was derived from the
393 The fast_ipsec implementation lacked
395 support but made use of the
402 support was added to fast_ipsec.
403 After this the old KAME IPsec implementation was dropped and fast_ipsec
404 became what now is the only
409 There is no single standard for the policy engine API,
410 so the policy engine API described herein is just for this implementation.
412 AH and tunnel mode encapsulation may not work as you might expect.
413 If you configure inbound
415 policy with an AH tunnel or any IPsec encapsulating policy with AH
417 .Dq Li esp/tunnel/A-B/use ah/transport/A-B/require ) ,
418 tunnelled packets will be rejected.
419 This is because the policy check is enforced on the inner packet on reception,
420 and AH authenticates encapsulating
422 packet, not the encapsulated
425 (so for the receiving kernel there is no sign of authenticity).
426 The issue will be solved when we revamp our policy engine to keep all the
427 packet decapsulation history.
429 When a large database of security associations or policies is present
436 sockets may fail due to lack of space.
437 Increasing the socket buffer
438 size may alleviate this problem.
442 protocol may occasionally error because of
446 This documentation needs more review.