isakmp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

psk: pre-shared key
pki: public key infrastructure
pkcs: the public-key cryptography standards
ah: authentication header
esp: encapsulating security payload
esn: extended sequence number, rfc 4304
spi: security parameter index
ike: internet key exchange
isakmp: internet security association and key management protocol
sa: security association
spd: security policy database
sad: sa database
pad: peer authorization database
dh: diffie-hellman, oakley
gre: general routing encapsulation
nas: network access server
pap: password authentication protocol
chap: challenge-handshake authentication protocol
eap: extensible authentication protocol
leap: lightweight eap
peap: protected eap
tls：transport layer security
ssl: secure socket layer
fast: flexible authentication via secure tunneling
pac: protected authentication credential
pptp: point to point tunneling protocol
l2f: layer 2 forwarding
l2tp: layer 2 tunneling protocol
sstp: secure socket tunneling protocol
vrc: vpn remote client
des: data encryption standard
aes: advanced encryption standard
 ecb: electronic codebook book
 cbc: cipher block chaining
 ctr: counter
 cfb: cipher feedback
 ofb: output feedback
hmac: hash-based message authentication code
sha1: secure hash algorithm 1
prf: pseudo-random function
aead: authenticated encryption with associated data
icv: integrity check value
ocsp: online certificate status protocol
dpd: dead peer detection

psk: pre-shared key pki: public key infrastructure pkcs: the public-key cryptography standards ah: authentication header esp: encapsulating security payload esn: extended sequence number, rfc 4304 spi: security parameter index ike: internet key exchange isakmp: internet security association and key management protocol sa: security association spd: security policy database sad: sa database pad: peer authorization database dh: diffie-hellman, oakley gre: general routing encapsulation nas: network access server pap: password authentication protocol chap: challenge-handshake authentication protocol eap: extensible authentication protocol leap: lightweight eap peap: protected eap tls：transport layer security ssl: secure socket layer fast: flexible authentication via secure tunneling pac: protected authentication credential pptp: point to point tunneling protocol l2f: layer 2 forwarding l2tp: layer 2 tunneling protocol sstp: secure socket tunneling protocol vrc: vpn remote client des: data encryption standard aes: advanced encryption standard ecb: electronic codebook book cbc: cipher block chaining ctr: counter cfb: cipher feedback ofb: output feedback hmac: hash-based message authentication code sha1: secure hash algorithm 1 prf: pseudo-random function aead: authenticated encryption with associated data icv: integrity check value ocsp: online certificate status protocol dpd: dead peer detection

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

rfc1994: PPP Challenge Handshake Authentication Protocol (CHAP)
rfc2865: Remote Authentication Dial In User Service (RADIUS)
rfc3579: RADIUS Support For Extensible Authentication Protocol (EAP)
rfc3748: Extensible Authentication Protocol (EAP)
rfc4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM)
rfc4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
rfc4301: Security Architecture for the Internet Protocol
rfc4306: Internet Key Exchange (IKEv2) Protocol
rfc4307: Cryptographic Algorithms for Use in IKEv2
rfc4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
rfc4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
rfc4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
rfc4718: IKEv2 Clarifications and Implementation Guidelines
rfc4739: Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
rfc4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
rfc5996: Internet Key Exchange Protocol Version 2 (IKEv2)
rfc5998: An Extension for EAP-Only Authentication in IKEv2
rfc6479: IPsec Anti-Replay Algorithm without Bit Shifting

rfc1994: PPP Challenge Handshake Authentication Protocol (CHAP) rfc2865: Remote Authentication Dial In User Service (RADIUS) rfc3579: RADIUS Support For Extensible Authentication Protocol (EAP) rfc3748: Extensible Authentication Protocol (EAP) rfc4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM) rfc4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA) rfc4301: Security Architecture for the Internet Protocol rfc4306: Internet Key Exchange (IKEv2) Protocol rfc4307: Cryptographic Algorithms for Use in IKEv2 rfc4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol rfc4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH rfc4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE) rfc4718: IKEv2 Clarifications and Implementation Guidelines rfc4739: Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol rfc4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2 rfc5996: Internet Key Exchange Protocol Version 2 (IKEv2) rfc5998: An Extension for EAP-Only Authentication in IKEv2 rfc6479: IPsec Anti-Replay Algorithm without Bit Shifting

1
2

setkey: sad, spd
racoon: ike sa, ipsec sa

setkey: sad, spd racoon: ike sa, ipsec sa

1
2
3
4
5

物理层，也叫第一层
链路层，也叫第二层（MAC）
网络层，也叫第三层（IP）
传输层（TCP）
应用层（HTTP）

物理层，也叫第一层 链路层，也叫第二层（MAC） 网络层，也叫第三层（IP） 传输层（TCP） 应用层（HTTP）

1
2
3
4
5
6
7
8
9
10

tos: type of service
ecn: explicit congestion notification
dscp: differentiated services codepoint
rtt: round-trip time
ttl: time to live
tso: tcp segmentation offloading
ufo: udp fragmentation offloading
qdisc: queueing discipline
poe: power over ethernet
toe: tcp offload engine

tos: type of service ecn: explicit congestion notification dscp: differentiated services codepoint rtt: round-trip time ttl: time to live tso: tcp segmentation offloading ufo: udp fragmentation offloading qdisc: queueing discipline poe: power over ethernet toe: tcp offload engine

1
2

ids: intrusion detection system
ips: intrusion prevention system

ids: intrusion detection system ips: intrusion prevention system