strongSwan is a complete IPsec implementation for Linux 2.4 and 2.6 kernels.

It is a descendant of the FreeS/WAN project, and continues to be GPLed. The project is actively maintained by Andreas Steffen who is a professor for Security in Communications at the University of Applied Sciences Rapperswil in Switzerland. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. It supports certificate revocation lists and the Online Certificate Status Protocol (OCSP). A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

strongSwan has an easy and straightforward approach to configuration and interoperates smoothly with most other IPsec implementations including various Microsoft Windows and Mac OS X VPN clients.

The newly created strongSwan 4.0 development branch is going to implement the IKEv2 protocol defined by RFC 4306.

UML simulation environment

strongSwan comes with an easy-to-use simulation environment based on User-mode Linux. A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.

External links

• strongSwan website
• strongSwan UML testing environment
• LinuxTag 2005 Paper: Advanced Features of Linux strongSwan
• DFN 2005 Paper: Advanced Network Simulation under User-Mode Linux

Cryptographic protocols

StrongSwan