This page is outdated!!

We have moved to https://github.com/OpenIKEv2

Comparative between implementations

We have tried to interoperate with the others opensource IKEv2 implementations and we have generated a comparative table indicating with features are implemented or missed in each one. This is only a ilustrative figure, it is possible there are features in the others implementations that we had forgotten or simply not known or tested. Please, if you realize some wrong information, mail us and we change it as soon as possible. 

You can see the comparation table here.

libopenikev2 0.4 API (not fully finished)

You can use the libopenikev2 library in any application that needs perform some IKEv2 exchanges. The API documentation helps to understand how libopenikev2 works.

This documention version is not definitive and may contain some errors.

You can see the libopenikev2 API here.

libopenikev2_impl 0.4 API (not fully finished)

libopenikev2 needs some concrete implementations to its interfaces in order to perform its funcionability. libopenikev2_impl implements all of them. You can use that implementations directly or use them as example to implement your own concrete implementations. 

This documention version is not definitive and may contain some errors.

You can see the libopenikev2_impl API here.

Third-party software

There are some parts of openikev2 code based on opensource third-party code. These parts are:

Needed software

Note that libopenikev2 is totally independent of any other library. However, libopenikev2_impl needs some additional libraries to perform its functionality. These libraries are:

Please, refer to each library home page to download them or install them from your distribution if they are available.

In addition, openikev2 needs both libopenikev2 and libopenikev2_impl.

How to configure & run openikev2 application

Installing needed libraries

  1. Install the libopenikev2 library
    Untar the file libopenikev2-xxxx.tar.gz in the desired directory. Then do "./configure", "make" and "make install".
  2. Install the needed libraries
    Install them from your distribution (using apt, rpm, yum...) or follow the installation instructions of each one.
  3. Install the libopenikev2_impl library
    Untar the file libopenikev2_impl-xxxx.tar.gz in the desired directory. The do "./configure", "make" and "make install"

Compiling and installing openikev2 application

Untar the file openikev2-xxxx.tgz in the desired directory. Then do "./configure", "make" and "make install".

Configuring openikev2

openikev2 needs, at the moment, one configuration file. Its default location and name is "/etc/openikev2/openikev2.conf", but you can use another configuration file using the "-f" command line option.

An example of this configuration file is located into the "samples/openikev2.conf" directory and has the following syntax: openikev2.conf. (This is the last version configuration file. It doesn't work propertly with previous versions).

Now policies can be indicated in configuration file, and it is possible to add the the allow policies automaticaly.

Starting openikev2

Once you have the system configured, you can start the openikev2 program.  openikev2 needs root privileges in order to crate the network socket, netlink socket, SAs, security policies, etc...

When using XFRM IPsec interface implementation (this is always true for 0.6 version), it is needed to load the "xfrm_user" kernel module before start openikev2 or have the following options enabled in your kernel:

CONFIG_XFRM=y
CONFIG_XFRM_USER=y

The option "-F" allows see the log output on the screen, otherwise it will be written in the file "openike_log". The option "-f" allows specify the location and name of the configuration file. Use "-h" option to get a brief help.

When openikev2 is started in both peers, IPsec SAs will be stablished when needed.

Tested distributions

Take note that by default openikev2is installed into the /usr/local/sbin directory and you may want to include it in your path. Also remember to execute "ldconfig" at the end of the installation process in order to openikev2 could use installed libraries.

Ubuntu (any version since 5.10 "Breezy")

The build process was performed with any problems. All needed packages are included in the distrubution repositories.

Fedora Core 4

libconfuse and libhttp_fetcher are not included in the distribution, so it was necessary to install them manually. After that, put "/etc/local/lib" in "/etc/ld.so.conf" file and execute "ldconfig" if openikev2 doesn't find the installed libraries. 

Mandriva Free 2006

libconfuse and libhttp_fetcher are not included in the distribution, so it was necessary to install them manually. libopenssl-devel is not included in the distribution, so it was necessary to install it manually. We download and install libopenssl0.9.7-devel from www.rpmfind.net. After that, compilation was successfull.

Debian "Sarge"

The default kernel in Debian "Sarge" is of the 2.4.x brach. It was necessary to install a kernel with version greater than 2.6.7 in order to build OpenIKEv2 successfully. After that, the build process was performed with any problems. All needed packages are included in the distrubution repositories.

Open Suse 10

libconfuse and libhttp_fetcher are not included in the distribution, so it was necessary to install them manually. Also It was also necesary to install kernel-source package and execute "configure --with-kernel=/usr/src/linux-..." in order to allow configure to find the kernel headers. After that, compilation was successfull.