[Vpn-help] dev help!
Matthew Grooms
mgrooms at shrew.net
Sun Feb 11 22:46:34 CST 2007
Zhao Tongyi wrote:
> hi ,mgrooms
>
> The vpn client is very well, function is so strong.
> I plan to develop a sample client like your's in win32 platform
> ,Please give me some advices.
> ipsecd need me write? and write a lib function like racoon?
>
Zhao,
Thanks. Its been a lot of fun and a lot of hard work. The most
complicated part of a complete IPSEC stack is the Internet Key Exchange
implementation. I would suggest you take a look at RFC 2407, 2408 and
2409. To see working examples, check out the freeswan, strongswan,
racoon, isakmpd and vpnc source code. After that, take a look at RFC
2401, 2402, 2406 and optionally 2393 to gain a better understanding of
the IPSEC framework and the underlying IP protocols. On win32, there is
built in support for some of this but it is very limited in
functionality. If you want to support advanced features like NATT and
still be compatible with platforms other than Microsoft, you will need
to intercept packets moving through the kernel and perform your own
security processing. The best place to start with this is to order a
copy of the Microsoft DDK from MSDN and look through the NDIS kernel
driver code samples.
Hope this helps and good luck,
-Matthew
More information about the vpn-help
mailing list