4
1
IPsec is a protocol suite built on top of IP. Originally designed with IPv6, it also exists in IPv4.
IPsec enables encrypted communications between hosts at the IP level (that is, upper layers such as TCP, or HTTP, or HTTPS, SSL do not have to be aware of its existence).
Well that sounds good. i want my http traffic to superuser.com (or my UDP torrent traffic) to be encrypted. How do i make it happen?
For over a decade Windows has supported IPsec, but i don't think all my internet traffic (i.e. anything using Internet Protocol) is encrypted. How do i make it go?
You can read endless amounts of technical details about IPsec:
- Authentication Headers
- Encapsulating Security Payloads
- Security Associations
- Transport mode/Tunnel mode
but still not find any information on how to use it.
At least VPN makes sense. You have to find a VPN Client, and use it to connect to a VPN Server:
But that requires a vpn server on the other end. In this example it wouldn't work because superuser.com
isn't running a vpn server listening on port 1723
. But IPsec doesn't require a "server"; IPsec is built into IP, and is completely transparent.
So how do i make all my IP connections encrypted? How do i use IPsec?
The more i read about "Internet Protocol security" (IPsec), the more it seems that you cannot use it over the "Internet" - only over local area networks.
Plain IPsec can be configured in Security Policy (
secpol.msc
), and yes it works over the Internet, although it's got problems with NATs. – user1686 – 2012-05-09T11:59:57.123