2.7.4. Creating an IPsec Connection
connection is split into two logical phases. In phase 1, an IPsec
node initializes the connection with the remote node or network. The remote node or network checks the requesting node's credentials and both parties negotiate the authentication method for the connection.
On Fedora systems, an IPsec
connection uses the pre-shared key
method of IPsec
node authentication. In a pre-shared key IPsec
connection, both hosts must use the same key in order to move to Phase 2 of the IPsec
Phase 2 of the IPsec
connection is where the Security Association
) is created between IPsec
nodes. This phase establishes an SA
database with configuration information, such as the encryption method, secret session key exchange parameters, and more. This phase manages the actual IPsec
connection between remote nodes and networks.
The Fedora implementation of IPsec
uses IKE for sharing keys between hosts across the Internet. The
keying daemon handles the IKE key distribution and exchange. Refer to the
man page for more information about this daemon.