[Vpn-help] dev help!

Matthew Grooms mgrooms at shrew.net
Sun Feb 11 22:46:34 CST 2007


Zhao Tongyi wrote:
> hi ,mgrooms
> 
>                  The vpn client is very  well, function is so strong.
> I plan to develop  a sample client like your's in win32 platform
> ,Please give me some advices.
>                  ipsecd need me write? and write a lib function like racoon?
> 

Zhao,

      Thanks. Its been a lot of fun and a lot of hard work. The most 
complicated part of a complete IPSEC stack is the Internet Key Exchange 
implementation. I would suggest you take a look at RFC 2407, 2408 and 
2409. To see working examples, check out the freeswan, strongswan, 
racoon, isakmpd and vpnc source code. After that, take a look at RFC 
2401, 2402, 2406 and optionally 2393 to gain a better understanding of 
the IPSEC framework and the underlying IP protocols. On win32, there is 
built in support for some of this but it is very limited in 
functionality. If you want to support advanced features like NATT and 
still be compatible with platforms other than Microsoft, you will need 
to intercept packets moving through the kernel and perform your own 
security processing. The best place to start with this is to order a 
copy of the Microsoft DDK from MSDN and look through the NDIS kernel 
driver code samples.

Hope this helps and good luck,

-Matthew



More information about the vpn-help mailing list