ipsecesp man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]


       ipsecesp, ESP - IPsec Encapsulating Security Payload


       The  ipsecesp  module  provides confidentiality, integrity, authentica‐
       tion, and partial sequence integrity (replay protection)	 to  IP	 data‐
       grams.  The encapsulating security payload (ESP) encapsulates its data,
       enabling it to protect data that follows in the datagram. For TCP pack‐
       ets,  ESP encapsulates the TCP header and its data only.	 If the packet
       is an IP in IP datagram, ESP protects  the  inner  IP  datagram.	  Per-
       socket  policy  allows  "self-encapsulation"  so ESP can encapsulate IP
       options when necessary. See ipsec(7P).

       Unlike the authentication header (AH), ESP allows multiple varieties of
       datagram	 protection.  (Using  a	 single	 datagram  protection form can
       expose vulnerabilities.) For example, only ESP can be used  to  provide
       confidentiality.	 But protecting confidentiality alone exposes vulnera‐
       bilities in both replay attacks and cut-and-paste  attacks.  Similarly,
       if  ESP	protects  only	integrity  and	does not fully protect against
       eavesdropping,  it  may	provide	 weaker	 protection   than   AH.   See

   ESP Device
       ESP  is	implemented as a module that is auto-pushed on top of IP.  Use
       the /dev/ipsecesp entry to tune ESP with ndd(1M).

       ESPuses encryption and authentication algorithms. Authentication	 algo‐
       rithms  include	HMAC-MD5 and HMAC-SHA-1. Encryption algorithms include
       DES, Triple-DES, Blowfish and AES. Each authentication  and  encryption
       algorithm  contain key size and key format properties. You can obtain a
       list of authentication and encryption algorithms and  their  properties
       by  using  the  ipsecalgs(1M)  command.	You can also use the functions
       described in the getipsecalgbyname(3NSL) man page to retrieve the prop‐
       erties  of algorithms. Because of export laws in the United States, not
       all encryption algorithms are available outside of the United States.

   Security Considerations
       ESP without authentication  exposes  vulnerabilities  to	 cut-and-paste
       cryptographic attacks as well as eavesdropping attacks. Like AH, ESP is
       vulnerable to eavesdropping when used without confidentiality.

       See attributes(5) for descriptions of the following attributes:

       │Interface Stability │ Evolving	      │

       ipsecalgs(1M), ipsecconf(1M),  ndd(1M),	attributes(5),	getipsecalgby‐
       name(3NSL), ip(7P), ipsec(7P), ipsecah(7P)

       Kent,  S.  and  Atkinson, R.RFC 2406, IP Encapsulating Security Payload
       (ESP), The Internet Society, 1998.

				 May 18, 2003			  IPSECESP(7P)

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net