Introduction to FreeS/WAN
Short for Free Secure Wide Area Network, FreeS/WAN (freeswan.org) is a community project focused on a Linux implementation of the IPSec security protocol, the basis for VPN technology and on the belief that encryption, and the privacy it provides, should be free, easily accessible, and widely implemented on the Internet.
Begun in 1999, the FreeS/WAN project’s goals center largely on creating an environment in which much of the communication taking place on the Internet is encrypted. According to the project’s documentation, its founders believe that FreeS/WAN’s widespread deployment, given certain of its features, would make it impossible for even large, well-funded agencies to monitor the traffic travelling the Internet.
Because the export laws of some countries, including the US, restrict the distribution of strong cryptography, say FreeS/WAN’s developers, its code is written outside the US and not at all by US citizens or residents, in order that the project not be subject to those laws.
Because IPSec provides encryption at the IP level of the network protocol stack, it can protect any traffic carried over IP, unlike many other encryption methods, which tend to protect only higher-level protocols such as PGP, SSH and SSL. The protocol can be employed by dedicated IPSec gateways, installed at the network edges to protect traffic, and can run on routers, firewall devices, application servers and end user machines.
Two applications are particularly common among implementations of IPSec, both of which commonly fall under the “virtual private network” umbrella, and both of which are supported by the FreeS/WAN project. The first is the construction of encrypted “tunnels” between multiple sites through an insecure connection, such as the Internet, allowing secure communication between those sites. The other is allowing remote workers to connect securely to sensitive information, from their home computers or laptops, using the Internet.
FreeS/WAN supports both of these applications, as well as a number of less common IPSec applications and the FreeS/WAN development team’s own application, called “opportunistic encryption,” which allows FreeS/WAN gateways to be set to allow encrypted tunnels to be automatically established when packets pass between them. Once set up for opportunistic encryption, the gateway will look for opportunities to encrypt and encrypt whenever possible. Whether the device will accept unencrypted transmissions is up to the administrator, and specifically configured tunnels are able to co-exist with opportunistic encryption.
Because of restrictions in the export laws of some countries the FreeS/WAN code is not included in the standard Linux kernel, and is not included in many distributions. But users interested in implementing it are able to acquire the code from the organizations Web site.
FreeS/WAN is also used in several turnkey VPN devices built by vendors that recognize its effectiveness. And these are certainly an option for a user seeking simply to implement a VPN solution. Ultimately, whether a user supports the ideology behind the project, or is attracted to the fact that it makes VPN technology possible for free, FreeS/WAN is unquestionably a significant presence in both the open source and IPSec communities.
VPN News Headlines
|