strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years. In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.
The focus is on: - simplicity of configuration - strong encryption and authentication methods - powerful IPsec policies supporting large and complex VPN networks
strongSwan features includes: - both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. - Fast connection startup and periodic update using ipsec starter - Automatic insertion and deletion of IPsec policy based firewall rules - strong 3DES, AES, Serpent, Twofish, or Blowfish encryption - NAT-Traversal (RFC 3947) and support of virtual IPs and IKE Mode Config - Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels - Authentication based on X.509 certificates or preshared keys - Authentication based on X.509 certificates or preshared keys - Generation of a default self-signed certificate during first strongSwan startup - Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP - Full support of the Online Certificate Status Protocol (OCSP, RCF 2560) - CA management (OCSP and CRL URIs, default LDAP server) - Powerful IPsec policies based on wildcards or intermediate CAs - Group policies based on X.509 attribute certificates (RFC 3281) - Optional storage of RSA private keys and certificates on a smartcard - Smartcard access via standardized PKCS #11 interface - PKCS #11 proxy function offering RSA decryption services via whack
Author: Andreas Steffen <andreas [dot] steffen [at] zhwin [dot] ch>
Maintainer: T2 Project <t2 [at] t2-project [dot] org>
Remark: Does cross compile (as setup and patched in T2).
Build time (on reference hardware): 30% (relative to binutils)2
Installed size (on reference hardware): 2.13 MB, 204 files
Installed files (on reference hardware):
1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).