Explore opportunistic encryption using IPsec in this informative conference talk by Paul Wouters from the Libreswan IPsec VPN Project. Discover how the libreswan IKE daemon leverages XFRM code to encrypt host traffic and integrate with DNS calls for enhanced security. Learn about various authentication mechanisms, including X.509 certificates, GSSAPI, and DNSSEC secured IPSECKEY records, and their applications in enterprise, cloud, and internet-wide deployments. Follow along as Wouters demonstrates the configuration of Opportunistic IPsec for X.509-based cloud deployment and internet-wide implementation using LetsEncrypt. Gain insights into IPsec's history, Libreswan's role, and the Linux implementation of IPsec. Delve into topics such as anonymous IPsec, internal configuration, and server setup through a comprehensive demo and feature overview.
Opportunistic Encryption Using IPsec - Implementation and Configuration
Overview
Syllabus
Intro
What is IPsec
History of IPsec
What is Libreswan
What happened to IPsec
John Gilmour gave up
IPsec v2
NSA
Linux Implementation
Opportunistic Encryption
The Problem
Configuration
Internal Configuration
Anonymous IPsec
Lets Encrypt
Demo
Server config
Features
Taught by
Linux Foundation
