strongSwan
From Wikipedia, the free encyclopedia
| strongSwan | |
|---|---|
| Developed by | Andreas Steffen & Martin Willi |
| Latest release | 4.2.3 / May 24, 2008 |
| OS | Linux |
| Genre | IPsec |
| License | GNU General Public License |
| Website | www.strongswan.org |
strongSwan is a complete IPsec implementation for Linux 2.4 and 2.6 kernels.
It is a descendant of the FreeS/WAN project, and continues to be released under the GPL license. The project is actively maintained by Andreas Steffen who is a professor for Security in Communications at the University of Applied Sciences Rapperswil in Switzerland. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. It supports certificate revocation lists and the Online Certificate Status Protocol (OCSP). A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
strongSwan has an easy and straightforward approach to configuration and interoperates smoothly with most other IPsec implementations including various Microsoft Windows and Mac OS X VPN clients.
The modular strongSwan 4.2 branch fully implements the IKEv2 protocol defined by RFC 4306. Software architect and main developer of the IKEv2 keying daemon is Martin Willi. NAT traversal for IKEv2 was contributed by Tobias Brunner and Daniel Röthlisberger. The IKEv2 Mediation Service defined in draft-brunner-ikev2-mediation was implemented by Tobias Brunner.
[edit] UML simulation environment
strongSwan comes with an easy-to-use simulation environment based on User-mode Linux. A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.
