strongSwan is an OpenSource IPsec implementation for the Linux operating system
strongSwan is an OpenSource IPsec implementation for the Linux operating system. strongSwan is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years.
In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.
Here are some key features of "strongSwan":
runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels
strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
Authentication based on X.509 certificates or preshared keys
Powerful IPsec policies based on wildcards or intermediate CAs
Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
Optional storage of RSA private keys on smartcards or USB crypto tokens
Smartcard access via standardized PKCS #11 interface
PKCS #11 proxy function offering RSA decryption services via whack
NAT-Traversal (RFC 3947) and support of Virtual IPs and IKE Mode Config
CA management (OCSP and CRL URIs, default LDAP server)
Dead Peer Detection (DPD, RFC 3706)
Group policies based on X.509 attribute certificates ( RFC 3281)
Generation of default self-signed certificates during strongSwan setup
What's New in 2.8.0 Stable Release:
The implementation of the IKE Mode Config push mode allows interoperability with Cisco VPN gateways.
By setting "modeconfig=push", strongSwan will wait for the peer to push down a virtual IP address that can be used within an IPsec tunnel.
The default value of the new keyword is "modeconfig=pull".
The command "ipsec statusall" now shows "DPD active" for all ISAKMP Security Associations that are under active Dead Peer Detection control.
What's New in 4.0.5 Development Release:
Major improvements were done for the monitoring, debugging, and logging functions for the IKEv2 keying daemon.
Informational console output is now available during connection startup.
IKEv1 Mode Config Push mode was backported from strongswan 2.8.0.
for the mode config config push push mode peer detection dead peer policies based ike mode
Download strongSwan 4.0.5
DX-PKI 1.9.0 (by Idealx)
IDX-PKI is an Open Source implementation of a Public Key Infrastructure which aims to be IETF compliant for PKIX recommendation
Pam_p11 0.1.2 (by OpenSC Developers)
Pam_p11 is a plugable authentication module (pam) package for using crpytographic tokes such as smart cards and usb crypto tokens for
xca 0.5.1 (by Christian Hohnstaedt)
This application is a graphical user interface to OpenSSL, RSA public keys, certificates, signing requests and revokation lists.
Other software in this category
Nmap 4.20 (by Fyodor)
Nmap is a utility for network exploration or security auditing
iptables 1.3.7 (by Harald Welte)
iptables and netfilter are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel
rdesktop 1.5.0 (by matthewc)
rdesktop is an open source client for Windows NT Terminal Server and Windows 2000/2003 Terminal Services, capable of natively speakin
jEdit 4.3 pre8
jEdit is an Open Source text editor written in Java
Surf the Internet in a safer, faster, and easier way with Opera browser
GNU Aspell 0.60.4
GNU Aspell is a Free and Open Source spell checker designed to eventually replace Ispell