Skip to content
Simple ESP Security Association Manager.
Erlang C Makefile Shell
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
apps
circle
rel
.gitignore
LICENSE
Makefile
README.md
circle.yml
elvis.config
pkg.vars.config
rebar.config

README.md

sesame

Simple ESP Security Association Manager.

This is a work in progress / proof of concept for a simple system intended to manage kernel security associations for IPsec in transport mode running across many machines.

The idea is to replace most of the ISAKMP work typically handled by racoon (which I have found difficult to work with and unnecessarily complex in the transport context) with a bare-bones session key negotiation over TLS.

Capabilities

Rather than either running the Erlang VM as root, or making pfkeyport setuid in order to bind a PF_KEY socket, we set the CAP_NET_ADMIN capability on it, e.g.

$ make capability
You can’t perform that action at this time.