26sec is the name for the IPSec implementation in the Linux 2.6 kernel. It is also known as "NET_KEY" (it's name in .config).

It is based on the kernel API from the KAME project, a Japanese project to bring IPsec to BSD operating systems.

26sec does away with the KLIPS system of having an ipsec0 device to route traffic over and firewall on. Shorewall have some patches to netfilter for matching IPSec traffic using the 26sec API.

There are two sets of userspace tools (and several forks of one of them!) you can use with 26sec:

See also: