Email and IPSec

I'd like to hear an explanation of how IPSec works with specific relation to email, in particular, I'd like to know how the encryption of the ESP header relates to the IP header with the routing information in it - for example, do network routers need to decrypt the ESP to do routing, or can they use a (presumably still) unencrypted IP header destination address - if it is indeed still unencrypted? (I say this because I understand that the ESP is dropped in before the IP header, and therefore I'm assuming that the IP header is left alone. This is what I want to clear up for myself mostly.) Thanks.
LVL 17
krakatoaAsked:
Who is Participating?
 
nociSoftware EngineerCommented:
IPSEC is mostly used between two peaces of equipment.
and what it does is to encapsulate packets received by either prepending an extra ESP header.
(tunnel mode) or replacing the IP header (transport mode).

So you wouldnt normally handle it yourself. If you what to do that, then you might want to look into the code produced by f.e. openswan  project.

The outer stuff is (ESP(id=50) is in itself an IP protocol, just like TCP(id=6) or UDP(id=17)).
Routers only act on an address, and the IP header has just that.  So routers dont unpack it, they just pass on the packet.
After the ESP header all content is encrypted, even the IP header in tunnel mode.
0
 
DonbooCommented:
This might offer some insight....

http://en.wikipedia.org/wiki/IPsec
0
 
krakatoaAuthor Commented:
I've seen that, thanks, but that type of explanation is no good to me.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
krakatoaAuthor Commented:
I've discovered that my underlying problem is that a DatagramSocketImpl's receive() method evidently does not want to recognise the packet's existence - requesting the sender's InetAddress and port from the packet returns "null" and "-1" every time.

How is this possible? What do I need to do to get the DatagramSocketImpl to handle the packet?
0
 
krakatoaAuthor Commented:
That's really a super-concise and very helpful explanation, noci.

Is there any lit. or doc. sources known to you about how to operate on these fields, and IPSec, via Java by any chance?
0
 
krakatoaAuthor Commented:
Thanks for your help noci.
0
 
nociSoftware EngineerCommented:
For IPSEC look into the freeswan project (now dead, but the doc is stil usable).
OpenSwan & StrongSwan are fork that continued with a different focus.
1st on inter connectivity, 2nd on using X509 as authentication.

for freeswan you may need to google.
http://www.openswan.org/
http://www.strongswan.org/

This can be found using google:
http://www.tml.tkk.fi/Tutkimus/IPSEC/toc.html

As IPSEC is an IP level protocol i doubt you will find ANY implementation in higherorder languaged other than use of an API.
IPSEC is rather different from SSL beased solutions.
0
 
krakatoaAuthor Commented:
>>As IPSEC is an IP leve

Super. Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.