Is ipsec same as ipsec-tools?

[volant]

Dear Sir / Madam,

I have two fedora servers.
Server A
Server B

I cannot find ipsec.conf in my Server A.
I tried to yum install ipsec-tools, I can install.
I tried to yum install ipsec, it says ipsec not found.

I wonder is ipsec same as ipsec-tools?
From google, it always guide user how to install ipsec-tools, but not ipsec.
Where can I get the ipsec if it is the pre-requisites of ipsec-tools?

[DBelton]

try installing openswan and ipsec-tools.

openswan is the ipsec package.

Code:

[Me@tower11 ~]$ yum info openswan
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name        : openswan
Arch        : i686
Version     : 2.6.33
Release     : 1.fc15
Size        : 2.4 M
Repo        : installed
From repo   : updates-testing
Summary     : IPSEC implementation with IKEv1 and IKEv2 keying protocols
URL         : http://www.openswan.org/
License     : GPLv2+
Description : Openswan is a free implementation of IPsec & IKE for Linux.  IPsec
            : is the Internet Protocol Security and uses strong cryptography to
            : provide both authentication and encryption services.  These
            : services allow you to build secure tunnels through untrusted
            : networks.  Everything passing through the untrusted net is
            : encrypted by the ipsec gateway machine and decrypted by the
            : gateway at the other end of the tunnel.  The resulting tunnel is a
            : virtual private network or VPN.
            : 
            : This package contains the daemons and userland tools for setting
            : up Openswan. It supports the NETKEY/XFRM IPsec kernel stack that
            : exists in the default Linux kernel.
            : 
            : Openswan 2.6.x also supports IKEv2 (RFC4306)

the linux kernel now also has a native ipsec stack. (not sure if Fedora compiles it's kernels to support the ipsec features, though. They probably do)

[volant]

Dear Sir,
Thank you for your response!
The openswan and ipsec-tools already installed on my server.

I should explain in further.
Server A - fedora 8
Server B - fedora 13

I did not install anything on f13, the ipsec service exists by default.
The ipsec.conf located in /etc/ipsec.conf
I type command: ipsec, it returns the following:
Usage: ipsec command argument ...
Use --help for list of commands, or see ipsec(8) manual page
or the Openswan documentation for names of the common ones.
Most have their own manual pages, e.g. ipsec_auto(8).
See <http://www.openswan.org> for more general info.

there is no ipsec.conf in /etc/ in my f8.
When i type command 'ipsec', it says:
[root@server]# ipsec
bash: ipsec: command not found

Anyway, i can see the ipsec service in f8 and i have enabled it.
Does it means my IPSEC is working fine in f8 as well?

[stevea]

Not sure you really want or need to run openswan anymore - tho' I'm no expert on the topic.

It appears that the primary functionality is to act as a key service. Sort of like the NetworkManager wifi supplicant. It seems to be old and poorly supported, and not generally needed if you just have a few keys to manage.

The ONLY kernel switches for IPsec are
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
Crypto, hashes and tunnel code,
and fedora, as indicated above makes all these as modules.
ah4.ko, esp4.ko ....