Research And Implementation Of IPSEC Based On Linux

With the rapid development of the network technology, the network has already been popularized in the society, but there are inevitably some potential security problems when the network is providing open and shared resources. How to protect the transmission of secret information on the network effectively has increasingly become the focus that people concern.The proposition of IPSec aims to solve network security problems effectively. IPSec offers security services including connectionless integrity, data origin authentication, protection against replays, confidentiality and limited traffic flow confidentiality for IP and upper layer protocols. Owing to its great function and various advantages, IPSec has extensive application prospects. Network security of our country could be really protected only by having developed IPSec products with independent intellectual property right. Therefore, it is significant to study and implement IPSec.Firstly, IPSec architecture is briefly introduced, including some basic concepts, for example, security policy, security association, selector, and each component of IPSec architecture such as SPD, SAD, AH, ESP and IKE, etc.. The processing of IPSec is explained in detail, and its merits are summarized.Secondly, based on deep analysis of IPSec and Linux TCP/IP stack, the implementation of IPSec under Linux is especially completed. Referring to some commonly used methods of implementation, this thesis adopts a method, which is inserting the IPSec processing module into Linux protocol stack. ESP of tunnel mode is implemented, and this implementation can be applied to security gateway. In this implementation method, IPSec processing module is independent of Linux kernel, and the function of Linux kernel is enhanced.Finally, the implementation of IPSec is tested and applied by constructing a tentative VPN model. In function test, the communication packets are monitored and analysed by using Ethereal software, the result indicates that the content of packets is encrypted and the safe function of IPSec is verified. In performance test, the impact of IPSec on systematic performance is mainly tested.