3 <title>FreeS/WAN roadmap</title>
4 <meta name="keywords" content="Linux, IPsec, VPN, security, FreeSWAN">
8 Written by Sandy Harris for the Linux FreeS/WAN project
9 Freely distributable under the GNU General Public License
11 More information at www.freeswan.org
12 Feedback to users@lists.freeswan.org
15 RCS ID: $Id: roadmap.html,v 1.7 2001/12/29 17:06:09 sandy Exp $
16 Last changed: $Date: 2001/12/29 17:06:09 $
17 Revision number: $Revision: 1.7 $
19 CVS revision numbers do not correspond to FreeS/WAN release numbers.
24 <h1><a name="roadmap">Distribution Roadmap: What's Where in Linux FreeS/WAN</a></h1>
27 This file is a guide to the locations of files within the FreeS/WAN
28 distribution. Everything described here should be on your system once you
29 download, gunzip, and untar the distribution.</p>
31 <p>This distribution contains two major subsystems
34 <dt><a href="#klips.roadmap">KLIPS</a></dt>
35 <dd>the kernel code</dd>
36 <dt><a href="#pluto.roadmap">Pluto</a></dt>
37 <dd>the user-level key-management daemon</dd>
40 <p>plus assorted odds and ends.
42 <h2><a name="top">Top directory</a></h2>
44 <p>The top directory has essential information in text files:</p>
48 <dd>introduction to the software</dd>
50 <dd>short experts-only installation procedures. More detalied procedures are in
51 <a href="install.html">installation</a> and
52 <a href="config.html">configuration</a> HTML documents.</dd>
54 <dd>major known bugs in the current release.</dd>
56 <dd>changes from previous releases</dd>
58 <dd>acknowledgement of contributors</dd>
60 <dd>licensing and distribution information</dd>
63 <h2><a name="doc">Documentation</a></h2>
66 The doc directory contains the bulk of the documentation, most of it in
67 HTML format. See the <a href="index.html">index file</a> for details.
70 <h2><a name="klips.roadmap">KLIPS: kernel IP security</a></h2>
73 <a href="glossary.html#KLIPS">KLIPS</a> is <strong>K</strong>erne<strong>L</strong>
74 <strong>IP</strong> <strong>S</strong>ecurity. It lives in the klips
79 <dd>documentation</dd>
80 <dt>klips/patches</dt>
81 <dd>patches for existing kernel files</dd>
85 <dd>low-level user utilities</dd>
86 <dt>klips/net/ipsec</dt>
87 <dd>actual klips kernel files</dd>
89 <dd>symbolic link to klips/net/ipsec
90 <p>The "make insert" step of installation installs the patches and makes
91 a symbolic link from the kernel tree to klips/net/ipsec. The odd name of
92 klips/net/ipsec is dictated by some annoying limitations of the scripts
93 which build the Linux kernel. The symbolic-link business is a bit
94 messy, but all the alternatives are worse.</p>
102 <dd>manipulate IPsec extended routing tables</dd>
104 <dd>set Klips (kernel IPsec support) debug features and level</dd>
106 <dd>manage IPsec Security Associations</dd>
108 <dd>group/ungroup IPsec Security Associations</dd>
110 <dd>associate IPsec virtual interface with real interface</dd>
112 <p>These are all normally invoked by ipsec(8) with commands such as</p>
113 <pre> ipsec tncfg <var>arguments</var></pre>
114 There are section 8 man pages for all of these; the names have "ipsec_"
115 as a prefix, so your man command should be something like:
116 <pre> man 8 ipsec_tncfg</pre>
120 <h2><a name="pluto.roadmap">Pluto key and connection management daemon</a></h2>
123 <a href="glossary.html#Pluto">Pluto</a> is our key management and negotiation daemon. It
124 lives in the pluto directory, along with its low-level user utility,
128 There are no subdirectories. Documentation is a man page,
129 <a href="manpage.d/ipsec_pluto.8.html">pluto.8</a>. This covers whack as well.
132 <h2><a name="utils">Utils</a></h2>
135 The utils directory contains a growing collection of higher-level user
136 utilities, the commands that administer and control the software. Most of the
137 things that you will actually have to run yourself are in there.
141 <dd>invoke IPsec utilities
142 <p>ipsec(8) is normally the only program installed in a standard
143 directory, /usr/local/sbin. It is used to invoke the others, both those
144 listed below and the ones in klips/utils mentioned above.</p>
148 <dd>control automatically-keyed IPsec connections</dd>
150 <dd>take manually-keyed IPsec connections up and down</dd>
152 <dd>generate copious debugging output</dd>
154 <dd>generate moderate amounts of debugging output</dd>
157 There are .8 manual pages for these. look is covered in barf.8. The man pages
158 have an "ipsec_" prefix so your man command should be something like:
163 Examples are in various files with names utils/*.eg</p>
165 <h2><a name="lib">Libraries</a></h2>
167 <h3><a name="fswanlib">FreeS/WAN Library</a></h3>
170 The lib directory is the FreeS/WAN library, also steadily growing, used by
171 both user-level and kernel code.<br />
172 It includes section 3 <a href="manpages.html">man pages</a> for the library routines.
174 <h3><a name="otherlib">Imported Libraries</a></h3>
178 The libdes library, originally from SSLeay, is used by both Klips and Pluto
179 for <a href="glossary.html#3DES">Triple DES</a> encryption. Single DES is not
180 used because <a href="politics.html#desnotsecure">it is
183 Note that this library has its own license, different from the
184 <a href="glossary.html#GPL">GPL</a> used for other code in FreeS/WAN.
187 The library includes its own documentation.
192 The GMP (GNU multi-precision) library is used for multi-precision arithmetic
193 in Pluto's key-exchange code and public key code.
195 Older versions (up to 1.7) of FreeS/WAN included a copy of this library in
196 the FreeS/WAN distribution.
198 Since 1.8, we have begun to rely on the system copy of GMP.