Due to the restrictions imposed by various countries on the exportation and importation of cryptographic software, it has been decided to distribute the crypto parts of FreeBSD IPSEC separately from the rest of eCos. Before IPSEC can be enabled the eCos package bsd_crypto must be installed. This package can be found on the eCosCentric server at ftp.ecoscentric.com:/pub/contrib. Once the package has been downloaded it must be installed using the ecosadmin.tcl script.
When the bsd_crypto package has been installed, the building of IPSEC will automatically be enabled when the FreeBSD stack is used. It can be disabled using the configuration option CYGPKG_NET_IPSEC. There are no other configuration options for IPSEC as a whole.
In order to use IPSEC, connections must be configured. This can be
performed using setsockopt()
calls. A more
convenient way is the use the libipsec library
from the KAME distribution. eCos
contains a snapshot of this library, which is documented else
where. The aim is to also port the
racoon daemon to eCos in the near
future.
It should be noted that the FreeBSD stack in eCos is quite old. IPSEC and IPv6 have continued to develop. It is quite possible there could be interoperabilty problems when using the IPSEC implementation in eCos with more modern implementations.
It should also be noted that IPSEC, libipsec etc are currently work in progress items.