The configuration of IPSec (Internet Protocol Security) can be done for different deployment scenarios with the RPM package Openswan as basic IPSec module.
The SOA framework-Core framework supports the following deployment scenarios.
Pure Lotus Sametime Unified Telephony
The entire communication system is operated in a protected subnet and the communication connections need not to be additionally protected.
Additional autonomous servers
The additional servers are not necessarily located in a protected subnet and the communication connections between them an the Lotus Sametime Unified Telephony must be protected by a secured tunnel. Such a secured connection can be realized by the IPSec communication protocol.
The RPM package Openswan must be installed on a SUSE Linux system. Openswan offers support for AES (Advanced Encryption Standard) encryption an authentication by X.509 certificate.
In case of usage of FreeS/WAN module, additional patches must be installed.
System Specific Information
The following IPSec commands are specific to Openswan:
Parent topic: IPSec (Internet Protocol Security)
Start of IPSec daemon:
Restart of IPSec daemon:
Stop of IPSec daemon:
Add a specific IPSec connection:
ipsec auto --add %CONNECTION_NAME%
Delete a specific IPSec connection:
ipsec auto --delete %CONNECTION_NAME%
Set up a specific IPSec connection:
ipsec auto --up %CONNECTION_NAME%
Tier down a specific IPSec connection:
ipsec auto --down %CONNECTION_NAME%
Show current IPSec state:
ipsec auto --status
How to Check the IPSec (Internet Protocol Security) Installation Function
How to Configure IPSec (Internet) - ipsec.conf
file is used for the configuration for general IPSec (Internet Protocol Security) and connection-specific settings.
How to Configure IPSec (Internet Protocol Security) - ipsec.secrets
file is used for the Configuration of IPSec (Internet Protocol Security) Credentials.
How to Update IPSec (Internet Protocol Security) Credentials
The IPSec (Internet Protocol security) credentials are replaced with customer-specific ones and changed from pre-shared secrets to X.509 PKI (Public Key Infrastructure) based credentials.