Chapter 50. Installation and Configuration

Due to the restrictions imposed by various countries on the exportation and importation of cryptographic software, it has been decided to distribute the crypto parts of FreeBSD IPSEC separately from the rest of eCos. Before IPSEC can be enabled the eCos package bsd_crypto must be installed. This package can be found on the eCosCentric server at ftp.ecoscentric.com:/pub/contrib. Once the package has been downloaded it must be installed using the ecosadmin.tcl script.

When the bsd_crypto package has been installed, the building of IPSEC will automatically be enabled when the FreeBSD stack is used. It can be disabled using the configuration option CYGPKG_NET_IPSEC. There are no other configuration options for IPSEC as a whole.

In order to use IPSEC, connections must be configured. This can be performed using setsockopt() calls. A more convenient way is the use the libipsec library from the KAME distribution. eCos contains a snapshot of this library, which is documented else where. The aim is to also port the racoon daemon to eCos in the near future.

It should be noted that the FreeBSD stack in eCos is quite old. IPSEC and IPv6 have continued to develop. It is quite possible there could be interoperabilty problems when using the IPSEC implementation in eCos with more modern implementations.

It should also be noted that IPSEC, libipsec etc are currently work in progress items.