It was started by Andreas Steffen, the maintainer of the X.509 patch for FreeS/WAN and focuses on PKI and policies for implementing large and complex VirtualPrivateNetworks. strongSwan supports both the native 26sec IPSec stack coming with the Linux 2.6 kernel as well as FreeSwan's KLIPS IPSec implementation for the Linux 2.4 kernel. NatTraversal is also fully supported.
A feature comparison with OpenSwan:
|KLIPS||Linux 2.4||Linux 2.4 + 2.6|
|Fast ipsec starter||yes||partial|
|Smartcard Interface||PKCS #11||OpenSC|
|Local CRL Caching||yes||no|
strongSwan comes with an easy-to-use simulation environment based on UserModeLinux (UML). A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.