[Openswan Users] Regarding IPSec Implementation

Paul Wouters paul at xelerance.com
Wed Aug 24 11:29:42 EDT 2011

On Wed, 24 Aug 2011, SaRaVanAn wrote:

>   I have implemented IKE daemon in User space. I want to use crypto
> modules in IPSec kernel stack(KLIPS/Netkey) in order to implement the
> functionality of IPSec.  I don't have any idea on IPSec kernel Stack.
> I need you ppl guidance to identity things that needs to be modified
> in Kernel Stack.
> It would be grateful if you ppl provide me basic steps or interface
> API's from IKE to IPSec stack or design doc of IPSec implementation as
> it has been implemented in OpenSwan.
> It seems to be basic question but i need you guys help desperately in
> order to proceed further.

KLIPs follows the PFKEY API. Netkey is contacted via linux netlink.

To see how openswan's IKE daemon talks to the various kernel stacks, see

You will see kernel_pfkey/kernel_klips and kernel_netlink, and even a kernel_bsd


More information about the Users mailing list