The Network Configuration (.fnet) file provides the information for network communication between all the systems defined in the project. In particular, the file includes the systems in the project, the network resources and their rdefs, and the connections between the systems.
The basic structure of the file follows:
Below is a sample of a network configuration for multiple systems:
1. system guard;
2. system translator;
3. networkresource in { secmark };
4. networkresource guardcom { ipsec ( 3des-cbc "thisistheencryptionkey" ) ( hmac-md5 "authentication" ) };
5. connection guard.filterout { 192.168.15.6 } translator.filterin { 192.168.6.4 } guardcom { 5485 };
Lines 1 and 2 define the systems in the project: guard and translator.
Lines 3 and 4 define network resources: in and guardcom. The network resource in uses IPTables, as defined by the rdef secmark in curly brackets. There is no additional information required for secmark network resources. The network resource guardcom uses Labeled Networking, as defined by the rdef ipsec. In this case, the line must also include the encryption and authentication types and their associated keys.
Finally, line 5 defines connections between systems for the ipsec network resoruces; secmark network resources obtain all needed information from the System Resources (.fsys) file. In this example, the source is the system name guard and the source domain filterout, specified as guard.filterout. Inside the curly brackets, the IP address 192.168.15.6 is defined (this could be a DNS name); the port number has been omitted. The target information is specified in the same format: system name, domain name, and ip/port information. In this example, the target system is translater and the target domain filterin. The IP address is 192.168.6.4 and the port number omitted. Finally the line specifies the name of the network resource used and, in curly brackets, a unique esp number which is used by setket to setup the network connection.
©2005 - 2009 Tresys Technology, LLC
Patent Pending