strongswan: An IPsec implementation for Linux1

Package available in: [trunk] [8.0] [7.0] [6.0]

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years. In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.

The focus is on: - simplicity of configuration - strong encryption and authentication methods - powerful IPsec policies supporting large and complex VPN networks

strongSwan features includes: - both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. - Fast connection startup and periodic update using ipsec starter - Automatic insertion and deletion of IPsec policy based firewall rules - strong 3DES, AES, Serpent, Twofish, or Blowfish encryption - NAT-Traversal (RFC 3947) and support of virtual IPs and IKE Mode Config - Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels - Authentication based on X.509 certificates or preshared keys - Authentication based on X.509 certificates or preshared keys - Generation of a default self-signed certificate during first strongSwan startup - Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP - Full support of the Online Certificate Status Protocol (OCSP, RCF 2560) - CA management (OCSP and CRL URIs, default LDAP server) - Powerful IPsec policies based on wildcards or intermediate CAs - Group policies based on X.509 attribute certificates (RFC 3281) - Optional storage of RSA private keys and certificates on a smartcard - Smartcard access via standardized PKCS #11 interface - PKCS #11 proxy function offering RSA decryption services via whack

... part of T2, get it here


Author: Andreas Steffen <andreas [dot] steffen [at] zhwin [dot] ch>
Maintainer: T2 Project <t2 [at] t2-project [dot] org>

License: GPL
Status: Stable
Version: 5.5.1

Remark: Does cross compile (as setup and patched in T2).

Download: strongswan-5.5.1.tar.bz2

T2 source: strongswan.cache
T2 source: strongswan.conf
T2 source: strongswan.desc

Build time (on reference hardware): 30% (relative to binutils)2

Installed size (on reference hardware): 2.13 MB, 204 files

Dependencies (build time detected): 00-dirtree bash binutils bzip2 coreutils curl cyrus-sasl2 diffutils gawk gcc glibc gmp grep libidn linux-header make openldap openssl patch sed sysfiles tar zlib

Installed files (on reference hardware): [show]

1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.

2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).