gostipsec is pure Go ESPv3/IKEv2
implementation with AES-GCM,
curve25519 and
GOST cryptography support.
It consists of
ESPER – ESPv3 daemon (for ESPv3) and
IKER – IKEv2 daemon (for IKEv2) daemons.
Beware: this is alpha quality code, intended only for IPsec
testing purposes! ESPER was not extensively tested with IPv4
and currently it works only under FreeBSD
(probably under OpenBSD too).
IKER lacks many many production necessary features and proper
error handling, trusting remote’s side behaviour, panicking if something
goes wrong.
┌──────┐ ┌────┐ ┌─────┐ ┌────┐
│remote│ │iker│ │esper│ │ipfw│
└──┬───┘ └─┬──┘ └──┬──┘ └─┬──┘
│ │ │ │
╔══════╤═════╪════════════════╪════════════╗ │ │
║ UDP │ │ │ ║ │ │
╟──────┘ │ IKEv2... │ ║ │ │
║ │ <─────────────── ║ │ │
║ │ │ ║ │ │
║ │ IKEv2... │ ║ │ │
║ │ ───────────────> ║ │ │
╚════════════╪════════════════╪════════════╝ │ │
│ │ │ │
│ │ │ │
│ ╔═══════════╪══╤═════════════╪════════════╗ │
│ ║ UNIX-SOCKET │ │ ║ │
│ ╟─────────────setkey-commands│ ║ │
│ ║ │ ───────────────> ║ │
│ ╚═══════════╪════════════════╪════════════╝ │
│ │ │ │
│ │ │ │
│ │ ╔════════════╪═══╤═══════════╪════════════╗
│ │ ║ DIVERT-SOCKET │ │ ║
│ │ ╟──────────────encrypted ESP │ ║
│ │ ║ │ <────────────── ║
│ │ ║ │ │ ║
│ │ ║ │ decrypted ESP │ ║
│ │ ║ │ ──────────────> ║
│ │ ║ │ │ ║
│ │ ║ │ unencrypted IP│ ║
│ │ ║ │ <────────────── ║
│ │ ║ │ │ ║
│ │ ║ │ encrypted IP │ ║
│ │ ║ │ ──────────────> ║
│ │ ╚════════════╪═══════════════╪════════════╝
│ │ │ │
gostipsec is
copylefted
free software
licenced under GNU Affero GPLv3.
Official website is http://www.gostipsec.cypherpunks.ru/.
This manual is for gostipsec – pure Go ESPv3/IKEv2 implementation.
Copyright © 2019-2022 Sergey Matveev
| • Installation: | ||
| • ESPER: | ||
| • IKER: |