strongSwan is a fork of the FreeSwan project, providing an IPSec implementation on Linux.
It was started by Andreas Steffen, the maintainer of the X.509 patch for FreeS/WAN and focuses on PKI and policies for implementing large and complex VirtualPrivateNetworks. strongSwan supports both the native 26sec IPSec stack coming with the Linux 2.6 kernel as well as FreeSwan's KLIPS IPSec implementation for the Linux 2.4 kernel. NatTraversal is also fully supported.
A feature comparison with OpenSwan:
| Feature | strongswan-2.8.3 | openswan-2.4.7 |
| FreeS/WAN version | freeswan-2.04 | freeswan-2.04 |
| X.509 patch | x509-1.7.0 | x509-1.5.4 |
| KLIPS | Linux 2.4 | Linux 2.4 + 2.6 |
| Fast ipsec starter | yes | partial |
| Smartcard Interface | PKCS #11 | OpenSC |
| Local CRL Caching | yes | no |
| CA Management | yes | no |
| Attribute Certificates | yes | no |
| XAUTH | yes | yes |
| Aggressive Mode | no | yes |
strongSwan comes with an easy-to-use simulation environment based on UserModeLinux (UML). A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.
See also:
LinuxTag 2005 Paper: Advanced Features of Linux strongSwanstrongSwan UML testing environmentDFN 2005 Paper: Advanced Network Simulation under User-Mode Linux5 pages link to StrongSwan:
