                      ENABLE IPSEC IN XBONE
========================================================================
========================================================================
   >>> This document contains the instructions of how to enable    <<<
   >>> IPsec support in XBone.                                     <<< 

1. For FreeBSD platform,
XBone supports the following algorithms for ESP:
 "des"      => "des-cbc",
 "3des"     => "3des-cbc",
 "simple"   => "simple",
 "blowfish" => "blowfish-cbc",
 "twofish"  => "twofish-cbc",
 "cast128"  => "cast128-cbc",
 "aes"      => "rijndael-cbc"

and the following algorithms for AH:
 "md5"  => "hmac-md5",
 "sha1" => "hmac-sha1",
 "null" => "null"

2. For Cisco platform,
XBone supports the follwing algorithms for ESP:
 "des" => "esp-des",
 "3des" => "esp-3des"

and the following algorithms for AH:
 "md5"  => "md5-hmac",
 "sha1" => "sha-hmac",
 "null" => "null"

3. To config IPsec in XBone, you can choose the above algorithms for your
specific platform.

For example, if you run xbone in command mode, you can modify the 
corresponding lines in xb-api-client.pl as:
"IPsec_authentication" => 'sha1',
"IPsec_encryption"     => 'des',
to use "hmac-sha1" algorithm for AH and "des-cbc" algorithm for ESP.

If you run xbone in GUI mode, just choose the algorithms listed in the
corresponding webpage.

