1 RCSID $Id: Documentation.Configure.help,v 1.10 2002/01/28 20:03:12 mcr Exp $
2 --- ./Documentation/Configure.help.preipsec Sat Aug 28 02:16:15 1999
3 +++ ./Documentation/Configure.help Sat Aug 28 02:24:58 1999
5 This is a backward compatibility option, choose Y for now.
6 This option will be removed soon.
8 +IP Security Protocol (IPSEC) (EXPERIMENTAL)
10 + This unit is experimental code.
11 + Pick 'y' for static linking, 'm' for module support or 'n' for none.
12 + This option adds support for network layer packet encryption and/or
13 + authentication with participating hosts. The standards start with:
14 + RFCs 2411, 2407 and 2401. Others are mentioned where they refer to
15 + specific features below. There are more pending which can be found
16 + at: ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-*.
17 + A description of each document can also be found at:
18 + http://ietf.org/ids.by.wg/ipsec.html.
19 + Their charter can be found at:
20 + http://www.ietf.org/html.charters/ipsec-charter.html
21 + Snapshots and releases of the current work can be found at:
22 + http://www.freeswan.org/
24 +IPSEC: IP-in-IP encapsulation
26 + This option provides support for tunnel mode IPSEC. It is recommended
29 +IPSEC: Authentication Header
31 + This option provides support for the IPSEC Authentication Header
32 + (IP protocol 51) which provides packet layer sender and content
33 + authentication. It is recommended to enable this. RFC2402
36 +CONFIG_IPSEC_AUTH_HMAC_MD5
37 + Provides support for authentication using the HMAC MD5
38 + algorithm with 96 bits of hash used as the authenticator. RFC2403
41 +CONFIG_IPSEC_AUTH_HMAC_SHA1
42 + Provides support for Authentication Header using the HMAC SHA1
43 + algorithm with 96 bits of hash used as the authenticator. RFC2404
45 +IPSEC: Encapsulating Security Payload
47 + This option provides support for the IPSEC Encapsulation Security
48 + Payload (IP protocol 50) which provides packet layer content
49 + hiding. It is recommended to enable this. RFC2406
52 +CONFIG_IPSEC_ENC_3DES
53 + Provides support for Encapsulation Security Payload protocol, using
54 + the triple DES encryption algorithm. RFC2451
56 +IPSEC Debugging Option
58 + Enables IPSEC kernel debugging. It is further controlled by the
59 + user space utility 'klipsdebug'.
61 +IPSEC Regression Testing option
63 + Enables IPSEC regression testing. Creates a number of switches in
64 + /proc/sys/net/ipsec which cause various failure modes in KLIPS.
65 + For more details see FreeSWAN source under
66 + testing/doc/regression_options.txt.
70 If you want to use a SCSI hard disk, SCSI tape drive, SCSI CDROM or