1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
4 <TITLE> Introduction to FreeS/WAN</TITLE>
5 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
8 <A HREF="toc.html">Contents</a>
9 <A HREF="kernel.html">Previous</a>
10 <A HREF="compat.html">Next</a>
12 <H1><A name="roadmap">Distribution Roadmap: What's Where in Linux
14 <P> This file is a guide to the locations of files within the FreeS/WAN
15 distribution. Everything described here should be on your system once
16 you download, gunzip, and untar the distribution.</P>
17 <P>This distribution contains two major subsystems </P>
19 <DT><A href="#klips.roadmap">KLIPS</A></DT>
20 <DD>the kernel code</DD>
21 <DT><A href="#pluto.roadmap">Pluto</A></DT>
22 <DD>the user-level key-management daemon</DD>
24 <P>plus assorted odds and ends. </P>
25 <H2><A name="top">Top directory</A></H2>
26 <P>The top directory has essential information in text files:</P>
29 <DD>introduction to the software</DD>
31 <DD>short experts-only installation procedures. More detalied
32 procedures are in <A href="install.html"> installation</A> and <A href="config.html">
33 configuration</A> HTML documents.</DD>
35 <DD>major known bugs in the current release.</DD>
37 <DD>changes from previous releases</DD>
39 <DD>acknowledgement of contributors</DD>
41 <DD>licensing and distribution information</DD>
43 <H2><A name="doc">Documentation</A></H2>
44 <P> The doc directory contains the bulk of the documentation, most of
45 it in HTML format. See the <A href="index.html">index file</A> for
47 <H2><A name="klips.roadmap">KLIPS: kernel IP security</A></H2>
48 <P><A href="glossary.html#KLIPS"> KLIPS</A> is <STRONG>K</STRONG>erne<STRONG>
49 L</STRONG><STRONG> IP</STRONG><STRONG> S</STRONG>ecurity. It lives in
50 the klips directory, of course. </P>
53 <DD>documentation</DD>
54 <DT>klips/patches</DT>
55 <DD>patches for existing kernel files</DD>
59 <DD>low-level user utilities</DD>
60 <DT>klips/net/ipsec</DT>
61 <DD>actual klips kernel files</DD>
63 <DD>symbolic link to klips/net/ipsec </DD>
64 <P>The "make insert" step of installation installs the patches and
65 makes a symbolic link from the kernel tree to klips/net/ipsec. The odd
66 name of klips/net/ipsec is dictated by some annoying limitations of
67 the scripts which build the Linux kernel. The symbolic-link business
68 is a bit messy, but all the alternatives are worse.</P>
71 <DD>Utility programs: </DD>
75 <DD>manipulate IPSEC extended routing tables</DD>
77 <DD>set Klips (kernel IPSEC support) debug features and level</DD>
79 <DD>manage IPSEC Security Associations</DD>
81 <DD>group/ungroup IPSEC Security Associations</DD>
83 <DD>associate IPSEC virtual interface with real interface</DD>
85 <P>These are all normally invoked by ipsec(8) with commands such as</P>
86 <PRE> ipsec tncfg <VAR>arguments</VAR></PRE>
87 There are section 8 man pages for all of these; the names have
88 "ipsec_" as a prefix, so your man command should be something like:
89 <PRE> man 8 ipsec_tncfg</PRE>
91 <H2><A name="pluto.roadmap">Pluto key and connection management daemon</A>
93 <P><A href="glossary.html#Pluto"> Pluto</A> is our key management and
94 negotiation daemon. It lives in the pluto directory, along with its
95 low-level user utility, whack. </P>
96 <P> There are no subdirectories. Documentation is a man page, <A href="manpage.d/ipsec_pluto.8.html">
97 pluto.8</A>. This covers whack as well. </P>
98 <H2><A name="utils">Utils</A></H2>
99 <P> The utils directory contains a growing collection of higher-level
100 user utilities, the commands that administer and control the software.
101 Most of the things that you will actually have to run yourself are in
105 <DD>invoke IPSEC utilities </DD>
106 <P>ipsec(8) is normally the only program installed in a standard
107 directory, /usr/local/sbin. It is used to invoke the others, both
108 those listed below and the ones in klips/utils mentioned above.</P>
111 <DD>control automatically-keyed IPSEC connections</DD>
113 <DD>take manually-keyed IPSEC connections up and down</DD>
115 <DD>generate copious debugging output</DD>
117 <DD>generate moderate amounts of debugging output</DD>
119 <P> There are .8 manual pages for these. look is covered in barf.8. The
120 man pages have an "ipsec_" prefix so your man command should be
125 <P> Examples are in various files with names utils/*.eg</P>
126 <H2><A name="lib">Libraries</A></H2>
127 <H3><A name="fswanlib">FreeS/WAN Library</A></H3>
128 <P> The lib directory is the FreeS/WAN library, also steadily growing,
129 used by both user-level and kernel code.
130 <BR /> It includes section 3 <A href="manpages.html">man pages</A> for
131 the library routines. </P>
132 <H3><A name="otherlib">Imported Libraries</A></H3>
134 The libdes library, originally from SSLeay, is used by both Klips and
135 Pluto for <A href="glossary.html#3DES">Triple DES</A> encryption.
136 Single DES is not used because <A href="politics.html#desnotsecure">it
138 <P> Note that this library has its own license, different from the <A href="glossary.html#GPL">
139 GPL</A> used for other code in FreeS/WAN. </P>
140 <P> The library includes its own documentation. </P>
142 The GMP (GNU multi-precision) library is used for multi-precision
143 arithmetic in Pluto's key-exchange code and public key code.
144 <P> Older versions (up to 1.7) of FreeS/WAN included a copy of this
145 library in the FreeS/WAN distribution. </P>
146 <P> Since 1.8, we have begun to rely on the system copy of GMP. </P>
148 <A HREF="toc.html">Contents</a>
149 <A HREF="kernel.html">Previous</a>
150 <A HREF="compat.html">Next</a>