FreeS/WAN: Securing the Internet against Wiretapping
My project for 1996
was to secure 5% of the Internet traffic against passive wiretapping.
It didn't happen in 1996, so I'm still working on it in 1999!
If we get 5% in 1999 or 2000, we can
secure 20% the next year, against both active and passive attacks; and
80% the following year. Soon the whole Internet will be private and secure.
The project is called S/WAN or S/Wan or Swan for Secure Wide Area Network;
since it's free software, we call it FreeS/WAN to distinguish it from
various commercial implementations.
RSA came up with the term "S/WAN".
Our main web site is at
Want to help?
The idea is to deploy PC-based boxes
that will sit between your local area network and
the Internet (near your firewall or router) which opportunistically
encrypt your Internet packets. Whenever you talk to a
machine (like a Web site)
that doesn't support encryption, your traffic goes out "in the
clear" as usual. Whenever you connect to a machine that does support this
kind of encryption, this box automatically encrypts all your packets,
and decrypts the ones that come in. In effect, each packet gets put into
an "envelope" on one side of the net, and removed from the envelope when
it reaches its destination. This works for all kinds of Internet
traffic, including Web access, Telnet, FTP, email, IRC, Usenet, etc.
encryption boxes are standard PC's that use
freely available Linux software that you can download over the Internet,
or install from a cheap CDROM.
This wasn't just my idea; lots of people have been working on it for years.
The encryption protocols for these boxes are called
They have been developed by the
Security Working Group of the
Internet Engineering Task Force,
be a standard part of the next major version of the Internet protocols
For today's (IP version 4) Internet, they are an option.
Internet Architecture Board and
Internet Engineering Steering Group
have taken a
strong stand that the Internet should use
powerful encryption to provide security and privacy. I think these protocols
are the best chance to do that, because they can be deployed very easily,
without changing your hardware or software or retraining your users.
They offer the best security we know how to build, using the Triple-DES,
RSA, and Diffie-Hellman algorithms.
This "opportunistic encryption box" offers the "fax effect". As each
person installs one for their own use, it becomes more valuable for their
neighbors to install one too, because there's one more person to use
it with. The software automatically notices each newly installed box,
and doesn't require a network administrator to reconfigure it. Instead of
"virtual private networks" we have a "REAL private network"; we add
privacy to the real network instead of layering a manually-maintained
virtual network on top of an insecure Internet.
The US government would like to control the deployment of IP Security with
crypto export laws.
This isn't a problem for my effort, because
the cryptographic work is happening outside the United States. A foreign
philanthropist, and others, have
donated the resources required to add these protocols
to the Linux operating system.
is a complete, freely available
operating system for IBM PC's and several kinds of workstation, which
is compatible with Unix. It was written by Linus Torvalds, and is still
maintained by a talented team of expert programmers working
all over the world and coordinating over the Internet. Linux is distributed
GNU Public License,
which gives everyone the right to copy it,
improve it, give it to their friends, sell it commercially, or do just
about anything else with it, without paying anyone for the privilege.
Organizations that want to secure their
network will be able to put two Ethernet cards into an IBM PC, install
Linux on it from a $30 CDROM or by downloading it over the net, and
plug it in between their Ethernet and their Internet link or firewall.
That's all they'll have to do to encrypt their Internet traffic everywhere
outside their own local area network.
Travelers will be able to run Linux on their
laptops, to secure their connection back to their home network (and to
everywhere else that they connect to, such as customer sites).
Anyone who runs Linux on a standalone PC will also be able to secure their
network connections, without changing their application software or
how they operate their computer from day to day.
There are already numerous commercially available hardware and software
products that use the IPSEC technology.
The FreeS/WAN team regularly participates in interoperability tests
to ensure that our software communicates cleanly and securely
with other vendors' products.
Eventually IPSEC will move into the operating systems
and networking protocol stacks of major vendors. This will probably take
longer, because those vendors will have to figure out what they want to do
about the export controls.
My initial goal of securing 5% of the net by Christmas '96 was not met.
It was an ambitious goal, and inspired me and others to work hard, but was
ultimately too ambitious. The protocols were in an early stage
of development, and needed a lot more protocol design before
they could be implemented. In April 1999, we released
version 1.00 of the software
which is suitable for setting up Virtual Private Networks using
shared secrets for authentication. It does not yet do
opportunistic encryption, or use DNSSEC for authentication; those
features are coming in a future release.
Check the FreeS/WAN web site
for more frequently updated status.
The low-level encrypted packet formats are defined. The system for
publishing keys and providing secure domain name service is defined.
The IP Security working group has settled on a complex NSA-sponsored protocol
for key agreement (called IKE). The protocol
is not yet defined to enable opportunistic encryption or the use of
- Linux Implementation
The Linux implementation has reached its first major release
and is ready for production use in manually-configured networks,
using Linux kernel version 2.0.36. Later snapshots work on 2.2.x
- Domain Name System Security
All BIND releases starting with BIND-4.9.5 include support for the KEY
records that will soon be needed by FreeS/WAN.
The latest BIND releases, after 8.2, includes most DNS Security
features, including cryptographic integrity protection if you
sign your domain's records.
BIND releases are available
Internet Software Consortium
FTP site. None of these BIND releases are export-controlled; the
early ones don't contain cryptography, and the later ones merely use
it for authentication, which is also exportable.
Good documentation on the DNSSEC features is missing, though.
Because I can. I have made enough money from several
successful startup companies, that for a while
I don't have to work to support myself.
I spend my energies and money creating the kind of world
that I'd like to live in and that I'd like my (future) kids to live in.
Keeping and improving on the civil rights
we have in the United States, as we move more of our lives into
cyberspace, is a particular goal of mine.
What You Can Do
Would you like to help? I can use people who
are willing to write documentation, install early releases for testing,
write cryptographic code outside the United States, support users and
companies (for money) who want to use FreeS/WAN, sell pre-packaged
software or systems including this technology, and teach classes
for network administrators who want to install this technology.
To offer to help, send me email at email@example.com. Tell me what country
you live in and what your citizenship is (it matters due to the
export control laws; personally I don't care). Include a copy of your
resume and the URL of your home page. Describe what you'd like to do
for the project, and what you're uniquely qualified for. Mention what
other volunteer projects you've been involved in (and how they worked out).
Helping out will require that you be able to commit to doing particular things,
meet your commitments, and be responsive by email. Volunteer projects
just don't work without those things.
- Set up a Linux system
Get a machine running Linux (say the 6.1 release from
Give the machine two Ethernet cards.
- Install the Linux IPSEC (FreeS/WAN) software
If you're an experienced sysadmin or Linux hacker, install
the freeswan-1.0 release, or any later release or snapshot.
do NOT provide automated "opportunistic" operation; they must
be manually configured for each site you wish to encrypt with.
- Get on the linux-ipsec mailing list
The discussion forum for people working on the project, and testing
the code and documentation, is: firstname.lastname@example.org.
To join this mailing list, send email to
containing a line of text that says "subscribe linux-ipsec".
(You can later get off the mailing list the same way -- just
send "unsubscribe linux-ipsec").
- Install a recent BIND at your site.
You won't be able to publish any keys for your domain, until you
have upgraded your copy of BIND. The thing you really need from
it is the new version of named, the Name Daemon, which knows
about the KEY and SIG record types. So, download it from the
Internet Software Consortium
and install it on your name server
machine (or get your system administrator, or Internet Service Provider,
to install it). Both your primary DNS site and all of your secondary
DNS sites will need the new release before you will be able to publish
your keys. You can tell which sites this is by running the Unix
command "dig MYDOMAIN ns" and seeing which sites are mentioned in your
NS (name server) records.
- IPSEC for NetBSD
This prototype implementation of the IP Security protocols is for another
free operating system.
- IPSEC for OpenBSD
This prototype implementation of the IP Security protocols is for yet another
free operating system. It is directly integrated into the OS release, since
the OS is maintained in Canada, which has freedom of speech in software.
I've also collected a small bit of information about
network encryption history and patents.
my home page
An equal opportunistic encryptor.
Wed Sep 15 00:50:50 PDT 1999