Simple ESP Security Association Manager.
Erlang C Makefile Shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
apps
circle
rel
.gitignore
LICENSE
Makefile
README.md
circle.yml
elvis.config
pkg.vars.config
rebar.config

README.md

sesame

Simple ESP Security Association Manager.

This is a work in progress / proof of concept for a simple system intended to manage kernel security associations for IPsec in transport mode running across many machines.

The idea is to replace most of the ISAKMP work typically handled by racoon (which I have found difficult to work with and unnecessarily complex in the transport context) with a bare-bones session key negotiation over TLS.

Capabilities

Rather than either running the Erlang VM as root, or making pfkeyport setuid in order to bind a PF_KEY socket, we set the CAP_NET_ADMIN capability on it, e.g.

$ make capability