IPSec IKE(v1,v2) PSK implemented in pure Python. (For Research Purposes Only)
All IPSec softwares are stupid, clumsy and hard to configure. So comes python-esp.
- NO app install needed
- NO server configuration file
- NO network interface added
- NO iptables or "/etc" modified
Press "RETURN" to start, "CTRL+C" to stop.
$ pip3 install pesp
Successfully installed pesp-0.1.3
$ pesp -p yourpassword
Serving on UDP :500 :4500...
^COpen server's UDP port :500 :4500 to your device. In device's system setting, add an "IPSec" (iOS) or "IPSec IKE PSK" (Android) node, write down the server address and password "yourpassword". Connect.
You should change the default password "test" to keep higher security. See "pesp -h" for more options.
- Clean, lightweight
- IKEv1, IKEv2 auto-detection
- TCP stack implementation
- TCP/UDP tunnel support
- DNS cache
| Protocol Name | Name in iOS | Name in Android | Name in MacOS | Name in Windows |
|---|---|---|---|---|
| IKEv1 PSK ✔ | IPsec [1] | "IPSec Xauth PSK" | Cisco IPSec | IPSec |
| IKEv2 PSK ✔ | IKEv2 [2] | "IPSec IKEv2 PSK" | IKEv2 | IKEv2 |
[1] Do not use certificates
[2] Turn off "user authentication"
IPSec/ESP
- RFC2406 IP Encapsulating Security Payload (ESP)
- RFC3947 Negotiation of NAT-Traversal in the IKE
- RFC3948 UDP Encapsulation of IPsec ESP Packets
IKE/ISAKMP
- RFC2407 The Internet IP Security Domain of Interpretation for ISAKMP
- RFC2408 Internet Security Association and Key Management Protocol (ISAKMP)
- RFC2409 The Internet Key Exchange (IKE)
- IANA_01 Internet Key Exchange (IKE) Attributes
- IANA_02 "Magic Numbers" for ISAKMP Protocol
- DRAFT_1 The ISAKMP Configuration Method
- DRAFT_2 Extended Authentication within IKE (XAUTH)
IKEv2
- RFC7296 Internet Key Exchange Protocol Version 2 (IKEv2)
- IANA_03 Internet Key Exchange Version 2 (IKEv2) Parameters
- RFC3748 Extensible Authentication Protocol (EAP)
- RFC5106 The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method
Diffie Hellman