strongSwan 4.0.5 review

by on

strongSwan is an OpenSource IPsec implementation for the Linux operating system

License: GPL (GNU General Public License)
File size: 2475K
Developer: Andreas Steffen
0 stars award from

strongSwan is an OpenSource IPsec implementation for the Linux operating system. strongSwan is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years.

In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.

Here are some key features of "strongSwan":
runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels
strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
Authentication based on X.509 certificates or preshared keys
Powerful IPsec policies based on wildcards or intermediate CAs
Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
Optional storage of RSA private keys on smartcards or USB crypto tokens
Smartcard access via standardized PKCS #11 interface
PKCS #11 proxy function offering RSA decryption services via whack
NAT-Traversal (RFC 3947) and support of Virtual IPs and IKE Mode Config
CA management (OCSP and CRL URIs, default LDAP server)
Dead Peer Detection (DPD, RFC 3706)
Group policies based on X.509 attribute certificates ( RFC 3281)
Generation of default self-signed certificates during strongSwan setup

What's New in 2.8.0 Stable Release:
The implementation of the IKE Mode Config push mode allows interoperability with Cisco VPN gateways.
By setting "modeconfig=push", strongSwan will wait for the peer to push down a virtual IP address that can be used within an IPsec tunnel.
The default value of the new keyword is "modeconfig=pull".
The command "ipsec statusall" now shows "DPD active" for all ISAKMP Security Associations that are under active Dead Peer Detection control.

What's New in 4.0.5 Development Release:
Major improvements were done for the monitoring, debugging, and logging functions for the IKEv2 keying daemon.
Informational console output is now available during connection startup.
IKEv1 Mode Config Push mode was backported from strongswan 2.8.0.

strongSwan 4.0.5 keywords