View Source: StrongSwan - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages

[strongSwan|http://www.strongswan.org/] is a fork of the FreeSwan project, providing an [IPSec] implementation on Linux.

It was started by Andreas Steffen, the maintainer of the X.509 patch for FreeS/WAN and focuses on [PKI] and policies for implementing large and complex [VirtualPrivateNetwork]s. strongSwan supports both the native [26sec] [IPSec] stack coming with the Linux 2.6 kernel as well as [FreeSwan]'s [KLIPS] [IPSec] implementation for the Linux 2.4 kernel. NatTraversal is also fully supported.

A feature comparison with OpenSwan:

<?plugin OldStyleTable

| __Feature__ | __strongswan-2.8.3__ | __openswan-2.4.7__
| FreeS/WAN version | freeswan-2.04 | freeswan-2.04
| X.509 patch | x509-1.7.0 | x509-1.5.4
| KLIPS | Linux 2.4 | Linux 2.4 + 2.6
| Fast ipsec starter | yes | partial
| Smartcard Interface | PKCS #11 | OpenSC
| Local CRL Caching | yes | no
| CA Management | yes | no
| Attribute Certificates | yes | no
| XAUTH | __yes__ | yes
| Aggressive Mode | no | yes

?>

strongSwan comes with an easy-to-use simulation environment based on [UserModeLinux] (UML). A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior [VPN] scenarios.

See also:

* [LinuxTag 2005 Paper: Advanced Features of Linux strongSwan|http://www.strongswan.org/docs/LinuxTag2005-strongSwan.pdf]
* [strongSwan UML testing environment|http://www.strongswan.org/uml/]
* [DFN 2005 Paper: Advanced Network Simulation under User-Mode Linux|http://www.strongswan.org/uml/DFN_UML.pdf]

----
CategorySecurity

5 pages link to StrongSwan:

Last edited on Monday, February 26, 2007 4:02:24 am by "AndreasSteffen"

Edit PageHistory Diff Info LikePages