Simple ESP Security Association Manager.
This is a work in progress / proof of concept for a simple system intended to
manage kernel security
associations for IPsec in
transport mode running
across many machines.
The idea is to replace most of the
work typically handled by racoon (which
I have found difficult to work with and unnecessarily complex in the transport
context) with a bare-bones session key negotiation over TLS.
Rather than either running the Erlang VM as root, or making
in order to bind a PF_KEY socket, we set
the CAP_NET_ADMIN capability on
$ make capability