1

I have searched all over the internet (including man pages) for a way to open a socket which will be secured with ipsec (using C).

I am interested in controlling and configuring the socket form within the program (internally).

I tried to follow https://blogs.oracle.com/danmcd/entry/put_ipsec_to_work_in but I am using ubuntu 12.04 and it is not Compatible

yakov
  • 61
  • 2
  • 6

1 Answers1

-2

IPSec encrytps data between networks automatically. When opening a socket, you don't have to do anything special.

Once you have an IPSec tunnel between two machines, all traffic between these two machines (and if they serve as routers - machine behind them) would be encrypted.

So in C, you just open a socket normally.

ugoren
  • 16,023
  • 3
  • 35
  • 65
  • I want the socket to be the tunnel. There is no tunnel other than the socket. – yakov Oct 15 '13 at 15:12
  • Looks like you're mixing things up. In IPSec, there's a separation between the tunnel, which isn't a TCP connection (but ESP/IP), and the connections encrypted over it, which can be any IP connection. – ugoren Oct 17 '13 at 06:27
  • How could it be automatic? At the very least I should specify public key of the other endpoint and my private key. When establishing TLS connection this is handled via certificates and you can chose which certificates to trust and (optionally if you are client) provide your own certificate. – Simon Apr 30 '15 at 19:10
  • @Simon, there's tunnel setup and connection setup. When setting up an IPSec tunnel, you need lots of things, such as establishing trust and exchanging keys. When opening a connection, you need to do nothing - just open a connection, and if the kernel thinks this connection should go over a tunnel, it will. – ugoren May 04 '15 at 12:33