Shared December 8, 2016
Opportunistic Encryption Using IPsec - Paul Wouters, Libreswan IPsec VPN Project
Opportunistic IPsec (Paul Wouters, Red Hat) - Leveraging the XFRM code inside the kernel, the libreswan IKE daemon can create XFRM kernel so it will be notified of each new netflow. It uses this information to encrypt as much of the host's traffic as possible towards other hosts with the same IPsec capability. In addition to packet-triggered events, it can also hook itself into the system via DNS calls, attempting to setup IPsec encryption before the application has even been given the IP address to contact.
By supporting different authentication mechanisms, such as X.509 certificates, GSSAPI, or DNSSEC secured IPSECKEY records, this method can be deployed on any enterprise or cloud platform or even for internet hosts at large.
Wouters will show how to configure Opportunistic IPsec for an X.509 based cloud deployment and for internet-wide deployment using LetsEncrypt.
About Paul Wouters
Paul Wouters is one of the core developers for the Libreswan IPsec VPN project. He is an active IETF member in security and DNS related working groups and author of several RFC's related to IPsec and DNS. He is one of the IETF liaisons for ICANN's Technical Experts Group and a member of the ICANN DNSSEC Root zone Key Signing Key Design Team. He is the co-chair of the IETF Certificate Transparency working group.
Paul is currently the IPsec VPN maintainer for Red Hat Enterprise Linux and an active Fedora contributor
Understanding AH vs ESP and ISKAKMP vs IPSec in VPN tunnels
MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets
USENIX Security '18 - The Dangers of Key Reuse: Practical Attacks on IPsec IKE
QC Ubiquiti EdgeMAX - Site to Site IPsec VPN to Linux Server (strongSwan)
IPSec VPN concepts and basic configuration in Cisco IOS router
IPsec Basics 19 Mar 2014
Networking - IPSec Theory
World's Most Famous Hacker Kevin Mitnick & KnowBe4's Stu Sjouwerman Opening Keynote
How to configure a Linux Debian Openswan VPN (Virtual Private Network) for the server
Network Security 101: Full Workshop
CCIE Routing & Switching version 5: IPsec- IKE phase 1
Multi Region VPN Connection Using Strongswan
NETWORK SECURITY - IP SECURITY PART 1 (AUTHENTICATION HEADER)
Oracle Cloud Infrastructure: IPSec Tunnel
VPN server and client Linux