IPsec - Internet Protocol Security ==================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is IPsec?** IPsec (Internet Protocol Security) is a suite of protocols that secures IP communications by encrypting and authenticating each IP packet. When used outside of VPN, IPsec operates directly between endpoints (e.g., host-to-host or network-to-network) without creating a virtual tunnel. Think of it as a secure envelope for each individual IP packet, without the need for a full VPN tunnel. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is IPsec important outside VPN?** * Data Confidentiality: Encrypts individual IP packets to prevent unauthorized access. * Data Integrity: Ensures packets haven’t been altered during transit. * Authentication: Verifies the identity of communicating devices. * Granular Security: Secures specific traffic flows without tunneling all traffic. * Low Overhead: No need for virtual interfaces or VPN clients. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How IPsec works (in simple steps):** * Negotiation: Devices agree on security parameters using IKE (Internet Key Exchange). * Authentication: Devices authenticate using pre-shared keys or certificates. * Encryption & Integrity: Each IP packet is encrypted and signed. * Transmission: Secure packets are sent directly between endpoints. * Decryption: Receiving device decrypts and verifies each packet. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is IPsec used?** * Host-to-Host Security: Direct secure communication between two servers or endpoints. * Intranet Protection: Secures internal traffic within a corporate LAN or WAN. * IoT Security: Protects data exchanged between IoT devices and control systems. * Mobile IP: Maintains secure sessions as users move across networks. * VoIP & Video: Secures real-time communication without tunneling overhead. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why OSI Layer: Network Layer (Layer 3)?** * IPsec operates directly on IP packets, securing all traffic regardless of application. * It works below the transport layer (TCP/UDP) and above the data link layer, making it part of the Network Layer. * This allows IPsec to secure all communication without modifying higher-layer protocols. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`IPsec Version&RFC Details ` * :ref:`IPsec Basic Setup on Ubuntu using IPv4 ` * :ref:`IPsec Basic Setup on Ubuntu using IPv6 ` * :ref:`IPsec Protocol Packet Details ` * :ref:`IPsec Usecases ` * :ref:`IPsec Basic Features ` * :ref:`IPsec Feature : Encryption ` * :ref:`IPsec Feature : Authentication ` * :ref:`IPsec Feature : Integrity Checking ` * :ref:`IPsec Feature : Transport Mode Support ` * :ref:`IPsec Feature : Key Exchange (IKE/IKEv2) ` * :ref:`IPsec Feature : Security Associations (SAs) ` * :ref:`IPsec Feature : Protocol Support (ESP & AH) ` * :ref:`IPsec Feature : NAT Traversal ` * :ref:`IPsec Feature : Replay Protection ` * :ref:`IPsec Feature : Flexible Algorithm Support ` * :ref:`Reference links ` .. _IPsec_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _IPsec_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _IPsec_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _IPsec_step5: .. tab-set:: .. tab-item:: IPsec Version&RFC Details .. csv-table:: :file: ./IPsec/IPssec_Version_&_RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _IPsec_step20: .. tab-set:: .. tab-item:: IPsec Basic Setup on Ubuntu using IPv4 **Setup** .. _IPsec_step21: .. tab-set:: .. tab-item:: IPsec Basic Setup on Ubuntu using IPv6 **Setup** .. _IPsec_step6: .. tab-set:: .. tab-item:: IPsec Protocol Packet Details **Transport Mode with AH** .. csv-table:: :file: ./IPsec/IPsec_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **Transport Mode with ESP** .. csv-table:: :file: ./IPsec/IPsec_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 .. _IPsec_step7: .. tab-set:: .. tab-item:: IPsec Usecases .. csv-table:: :file: ./IPsec/IPsec_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _IPsec_step8: .. tab-set:: .. tab-item:: IPsec Basic Features .. csv-table:: :file: ./IPsec/IPsec_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _IPsec_step9: .. tab-set:: .. tab-item:: IPsec Feature : Encryption **Encryption - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature1_Encryption_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step10: .. tab-set:: .. tab-item:: IPsec Feature : Authentication **Authentication - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature2_Authentication_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step11: .. tab-set:: .. tab-item:: IPsec Feature : Integrity Checking **Integrity Checking - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature3_Integrity_Checking_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step12: .. tab-set:: .. tab-item:: IPsec Feature : Transport Mode Support **Transport Mode Support - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature4_Transport_Mode_Support_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step13: .. tab-set:: .. tab-item:: IPsec Feature : Key Exchange (IKE/IKEv2) **Key Exchange (IKE/IKEv2) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature5_Key_Exchange(IKE_IKEv2)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step14: .. tab-set:: .. tab-item:: IPsec Feature : Security Associations (SAs) **Security Associations (SAs) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_feature6_Security_Associations(SAs)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step15: .. tab-set:: .. tab-item:: IPsec Feature : Protocol Support (ESP & AH) **Protocol Support (ESP & AH) - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature7_Protocol_Support(ESP&AH)_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step16: .. tab-set:: .. tab-item:: IPsec Feature : NAT Traversal **NAT Traversal - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature8_NAT_Traversal_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step17: .. tab-set:: .. tab-item:: IPsec Feature : Replay Protection **Replay Protection - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature9_Replay_Protection_Test Cases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step18: .. tab-set:: .. tab-item:: IPsec Feature : Flexible Algorithm Support **Flexible Algorithm Support - Testcases** .. csv-table:: :file: ./IPsec/IPsec_Feature10_Flexible_Algorithm_Support_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _IPsec_step19: .. tab-set:: .. tab-item:: Reference links * Reference links