Xelerance
 
 
about   services   appliances   software   support   training   engagements   contact
     
 

Openswan customization and support

Openswan is an implementation of the IPSec & IKE protocols for Linux. These protocols allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end.

One result is Virtual Private Network or VPN. This is a restricted access, access controlled network which uses the public Internet as a transport media. Effectively private even though it includes machines at several different sites connected by the insecure Internet.

Another result is ubiquitous privacy through Opportunistic Encryption. OE provides for privacy among large groups of mutually suspicious hosts. OE is appropriate when the access control and authentication will occur in another protocol (such as SIP), but privacy is desired.

See Openswan Support or Openswan consulting.

xL2TPD

xL2TPD is our Layer 2 Tunneling Protocol (L2TP) daemon for use on Linux system. This is typically used with Openswan to do L2TP over IPSec, and is designed to support Microsoft Windows XP/2003 and Apple OSX Native VPN clients.

xL2TPD is available on our xL2TPD page

freeRadius

Xelerance offers consulting and customization of Freeradius. Freeradius is a complete implementation of the RADIUS protocol for Linux & Unix operating systems which allows one to set up a radius protocol server, which is usually used for authentication and accounting of users. Freeradius is a community effort, produced under GPL.

DNSSec

DNSSec is the next generation DNS system, which provides secure and authoritative DNS lookups. DNSSec was recently ratified as an IETF standard - RCF4033, RCF4034, RCF4035.

Xelerance has written dnssec-conf which is a utility to configure and prime DNSSEC and DLV.

sshfp

sshfp is a small utility that generates RFC4255 SSHFP DNS records based on the public keys stored in a known_hosts file or obtained by using ssh-keyscan (1). If the nameserver of the domain allows zone tranfers (AXFR), an entire domain can be processed for all its A records. These can then be easilly added to a zone, and then secured by DNSSEC.

sshfp is available on our sshfp page. On Fedora based systems, you can install it using yum install sshfp.

 
     
| | appliances about | services | appliances | software | support | training | engagements | contact |

All content & images © 2004-2008 Xelerance Corporation. All rights reserved.