Next: A word on NAT-Traversal Up: IPsec Previous: IPsec
The IPsec Stack itself is implemented in the kernel space.
ISAKMP usually happens in userspace, this is where racoon or openswan come into play. Both, racoon and openswan are ISAKMP daemons. They deal with either pre-shared keys, or certificates, listen on UDP Port 500 and 4500 (optional for NAT-T), interact with the filesystem, and are necessary for the handshake. As soon as the encryption mechanisms and handshakes have been made, the kernel will communicate with the the corresponding side.