strongSwan is a fork of the FreeSwan project, providing an IPSec implementation on Linux.

It was started by Andreas Steffen, the maintainer of the X.509 patch for FreeS/WAN and focuses on PKI and policies for implementing large and complex VirtualPrivateNetworks. strongSwan supports both the native 26sec IPSec stack coming with the Linux 2.6 kernel as well as FreeSwan's KLIPS IPSec implementation for the Linux 2.4 kernel. NatTraversal is also fully supported.

A feature comparison with OpenSwan:

 Feature   strongswan-2.8.3   openswan-2.4.7 
 FreeS/WAN version   freeswan-2.04   freeswan-2.04 
 X.509 patch   x509-1.7.0   x509-1.5.4 
 KLIPS   Linux 2.4   Linux 2.4 + 2.6 
 Fast ipsec starter   yes   partial 
 Smartcard Interface   PKCS #11   OpenSC 
 Local CRL Caching   yes   no 
 CA Management   yes   no 
 Attribute Certificates   yes   no 
 XAUTH   yes   yes 
 Aggressive Mode   no   yes 

strongSwan comes with an easy-to-use simulation environment based on UserModeLinux (UML). A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.

See also: