This page is for general notes about IPSec

With IPSec, each host has a policy about which hosts it can (or must) communicate with over an encrypted link

the encrypted link is secured with a temporary session key

the session key is negotiated between hosts via some mutual authentication:

  • shared keys
  • RSA public/private keys
  • GSSAPI (we're using GSSAPI at CAL)

racoon is the daemon which handles the mutual authentication and negotiation of the session key.