2 IP Security Protocol (IPSEC) (EXPERIMENTAL)
4 This unit is experimental code.
5 Pick 'y' for static linking, 'm' for module support or 'n' for none.
6 This option adds support for network layer packet encryption and/or
7 authentication with participating hosts. The standards start with:
8 RFCs 2411, 2407 and 2401. Others are mentioned where they refer to
9 specific features below. There are more pending which can be found
10 at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*.
11 A description of each document can also be found at:
12 http://ietf.org/ids.by.wg/ipsec.html.
13 Their charter can be found at:
14 http://www.ietf.org/html.charters/ipsec-charter.html
15 Snapshots and releases of the current work can be found at:
16 http://www.freeswan.org/
18 IPSEC: IP-in-IP encapsulation
20 This option provides support for tunnel mode IPSEC. It is recommended
23 IPSEC: Authentication Header
25 This option provides support for the IPSEC Authentication Header
26 (IP protocol 51) which provides packet layer sender and content
27 authentication. It is recommended to enable this. RFC2402
30 CONFIG_IPSEC_AUTH_HMAC_MD5
31 Provides support for authentication using the HMAC MD5
32 algorithm with 96 bits of hash used as the authenticator. RFC2403
35 CONFIG_IPSEC_AUTH_HMAC_SHA1
36 Provides support for Authentication Header using the HMAC SHA1
37 algorithm with 96 bits of hash used as the authenticator. RFC2404
39 IPSEC: Encapsulating Security Payload
41 This option provides support for the IPSEC Encapsulation Security
42 Payload (IP protocol 50) which provides packet layer content
43 hiding. It is recommended to enable this. RFC2406
47 Provides support for Encapsulation Security Payload protocol, using
48 the triple DES encryption algorithm. RFC2451
50 IPSEC Debugging Option
52 Enables IPSEC kernel debugging. It is further controlled by the
53 user space utility 'klipsdebug'.