Virtual Private Networks (VPN) allow users and telecommuters to connect to their corporate intranets using their local internet connection. The VPN method used in SISO is based on IP Security (IPsec). This is a standard for securing communications by authenticating and encrypting IP packets. Key protocols in IPsec are encryption using Encapsulating Security Payload (ESP) and Internet Key Exchange protocol (IKE).
The Linux-2.6 kernel already contains the (KAME based) IPsec. The
user-space tools will build in this section. Download and unpack
the sources. Note that 0.6.1 is used, as the current version
0.6.6 fails complilation with conflicting types for
'SHA256_CTX'
wget -P $DL_DIR http://superb-west.dl.sourceforge.net/sourceforge/ipsec-tools/ipsec-tools-0.7.tar.bz2 # was 0.5rc1, 0.6.1 tar -C $PRJ_DIR/apps -xvjf $DL_DIR/ipsec-tools-0.7.tar.bz2 cd $PRJ_DIR/apps/ipsec-tools-0.7
Configure.
make clean
./configure AR="${TOOLCHAIN_CROSS}ar" AS=${TOOLCHAIN_CROSS}as \
LD=${TOOLCHAIN_CROSS}ld NM=${TOOLCHAIN_CROSS}nm \
CC=${TOOLCHAIN_CROSS}gcc GCC=${TOOLCHAIN_CROSS}gcc \
CXX=${TOOLCHAIN_CROSS}g++ RANLIB=${TOOLCHAIN_CROSS}ranlib \
CPP=${TOOLCHAIN_CROSS}cpp \
CPPFLAGS="-I$TOOLCHAIN_DIR/include -I$ROOTFS_DIR/usr/include" \
LDFLAGS="-L$TOOLCHAIN_DIR/lib -L$ROOTFS_DIR/usr/lib -ldl" \
--host=i686-linux \
--build=i586-linux \
--disable-ipv6 \
--prefix=$ROOTFS_DIR/usr \
--with-kernel-headers=$LINUX_DIR/include \
--with-openssl=$ROOTFS_DIR/usr \
--enable-natt \
--enable-frag \
--enable-dpdNote: with 0.6.1, I had to comment out the #warning in src/include-glibc/linux/list.h
Compile and install to rootfs.d.
make install-strip
Configuration examples of IPsec can be found in Chapter 6, Virtual Private Network Server.