IPsec/IKE Programmer's Reference

Jump to: navigation, search

Table of Contents

IPsec is a set of extensions to the IP protocol family. It provides services allowing for authentication, integrity, and confidentiality. Unlike SSL, which provides security services over TCP/IP, IPsec provides security services at the network layer so that it is transparent to the IP applications. IPsec is optional to the IPv4 stack and is recommended for the IPv6 stack (prior to RFC 6434, IPsec was mandatory for IPv6).

IPsec uses two protocols to provide traffic security - Authentication Header (AH) and Encapsulating Security Payload (ESP). A Security Association (SA) affords these security services to the traffic carried by it. AH and ESP may run in either of the two modes, transport mode or tunnel mode.

Internet Key Exchange (IKE) negotiates properties of SA between peers.

The Treck IPsec and IKE features can be found at each of the following sections.