Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Red Hat Enterprise Linux 6 Essentials eBook now available in PDF and ePub formats for only $9.99
RHEL 6 Essentials contains 40 chapters and over 250 pages.

2.4.2.2. Configuration

Locations
This section lists and explains important directories and files used for configuring Openswan.
  • /etc/ipsec.d - main directory. Stores Openswan related files.
  • /etc/ipsec.conf - master configuration file. Further *.conf configuration files can be created in /etc/ipsec.d for individual configurations.
  • /etc/ipsec.secrets - master secrets file. Further *.secrets files can be created in /etc/ipsec.d for individual configurations.
  • /etc/ipsec.d/cert*.db - Certificate database files. The old default NSS database file is cert8.db. From Red Hat Enterprise Linux 6 onwards, NSS sqlite databases are used in the cert9.db file.
  • /etc/ipsec.d/key*.db - Key database files. The old default NSS database file is key3.db. From Red Hat Enterprise Linux 6 onwards, NSS sqlite databases are used in the key4.db file.
  • /etc/ipsec.d/cacerts - Location for Certificate Authority (CA) certificates.
  • /etc/ipsec.d/certs - Location for user certificates. Not needed when using NSS.
  • /etc/ipsec.d/policies - Groups policies. Policies can be defined as block, clear, clear-or-private, private, private-or-clear.
  • /etc/ipsec.d/nsspassword - NSS password file. This file does not exist by default, and is required if the NSS database in use is created with a password.
Configuration Parameters
This section lists some of the configuration options available, mostly written to /etc/ipsec.conf.
  • protostack - defines which protocol stack is used. The default option in Red Hat Enterprise Linux 6 is netkey. Other valid values are auto, klips and mast.
  • nat_traversal - defines if NAT workaround for connections is accepted. Default is no.
  • dumpdir - defines the location for core dump files.
  • nhelpers - When using NSS, defines the number of threads used for cryptographic operations. When not using NSS, defines the number of processes used for cryptographic operations.
  • virtual_private - subnets allowed for the client connection. Ranges that may exist behind a NAT router through which a client connects.
  • plutorestartoncrash - set to yes by default.
  • plutostderr - path for pluto error log. Points to syslog location by default.
  • connaddrfamily - can be set to either ipv4 or ipv6.
Further details about Openswan configuration can be found in the ipsec.conf(5) manual page.

 
 
  Published under the terms of the Creative Commons License Design by Interspire