|
Journal
Gallery
Calendar
|
|
IPsec and other jargon |
Sunday, 13 November 05, 7:00 am compton |
| Editing a book about creating VPNs on Linux with IPsec. 200-300 pages long, which works out at about £450. | |
| 1 2 3 4 5 | Leave Comment |
compton7:00 am, Thursday, 17 November 05 |
|
|
Well, edited the first chapter. Actually chapter 2, but this was down to a problem with chapter 1. It was pretty short at 18 pages, which works out at £38 or so. It took around a day, in total. It is a pretty good overview of the technologies behind IPsec i.e. the protocols. It began with a concise look at network technology, and encryption, discussing ciphers, hash functions, and issues such as the exchange of secret keys over an insecure medium. The recommended way to implement IPsec communication is ESP Tunnel mode. The IP packets of the communication are wrapped in IPsec packets. To cross NAT gateways, these IPsec packets can themselves be wrapped, in UDP packets. This is necessary because NAT's address mangling would otherwise break IPsec. In ESP transport mode, the payload of the IPsec packets is the data, rather than being a packet in its own right. It's only really needed for MS interop, as it's required by MS's L2TP, or Layer 2 Tunelling Protocol. IPsec has a kernel component and a userland component. The kernel part is necessary to achieve maximum speed for the IPsec communication stack. The userland component is a daemon i.e. an app that listens for incoming connections. Lots of fundamental concepts of cryptography and IPsec are covered, pretty well I should add. Perfect Forward Secrecy for one - which is the use of transient session keys so that past data cannot be unlocked should a key ever be discovered. Lots of other stuff is very well and fully explained, such as the problem of NAT traversal and how it is solved (using a UDP wrapper as mentioned previously). The next chapter is the Openswan installation chapter. However, I may go back and do chapter 1 next, as it is ready and might be best done sooner rather than later. |
|
compton7:00 am, Saturday, 19 November 05 |
|
|
Chapter one done now. Several comments in it to be addressed, after chatting to author i expect. I understand Louay's point now about the politically emotive content. The thought even occured about shoving a lot of it into an appendix, but on reflection think it's best just to hack out a page or page and a half. Next I'll get going on chapter 3. Makes sense. I still have to check and insert the image (or images depending on whether to include the second one or not) for chapter 1. |
|
compton7:00 am, Monday, 21 November 05 |
|
| Done first 12 pages of chapter 3 now. Very sloooow going - had got to page 9 by Sunday afternoon! Motivation deficit.... | |
compton7:00 am, Monday, 21 November 05 |
|
| Ten past 5 in the morning, and chapter 3 now done. That gives me a couple of hours to play Battlefield before needing to get Ash up for school! | |
| 1 2 3 4 5 | Leave Comment |