strongSwan
| strongSwan
|
|
|---|---|
|
|
| Basic data
|
|
| developer | Andreas Steffen, Martin Willi & Tobias Brunner, HSR |
| Current version | 5.8.4 (March 30, 2020) |
| operating system | Linux , Android , Maemo , FreeBSD , OS X |
| programming language | C. |
| category | VPN , IPsec |
| License | GPL ( Free Software ) |
| German speaking | No |
| www.strongswan.org | |
strongSwan (from the English strong and swan , freely translated as "strong swan ") is an implementation of the IKE protocol for setting up VPNs via IPsec . This allows confidential data to be transmitted securely over public networks such as the Internet .
History and more details
As one of the successors to the FreeS / WAN project, strongSwan is under the GNU General Public License . The project is supervised by Andreas Steffen, Professor for Security and Communication at the University of Applied Sciences Rapperswil (Switzerland). The software architect and main developer of the IKEv2 keying daemon is Martin Willi. NAT Traversal for IKEv2 was contributed by Tobias Brunner and Daniel Röthlisberger.
The focus of the strongSwan project is on strong authentication using X.509 - certificates , as well as the optional secure storage of private keys on smart cards with the help of standardized PKCS # 11 interface. strongSwan supports certificate revocation lists and the Online Certificate Status Protocol (OCSP).
A unique performance feature is the use of X.509 attribute certificates, which allow complex access control mechanisms to be implemented on the basis of group memberships.
strongSwan is easy to set up, however, and works seamlessly with almost all other IPsec implementations (or implementations ), especially with different VPN products for the Windows and macOS operating system platforms .
strongSwan fully supports version 2 of the Internet Key Exchange Protocol ( IKEv2 ), which is described by RFC 4306 and establishes an IPsec tunnel by exchanging only four messages. The older IKEv1 protocol requires nine messages for this. With version 4.3, multiple authentication exchanges (according to RFC
Alternative IPSec implementations
Web links
-
strongSwan (English) - public homepage
- Trusted Network Connect (TNC) HOWTO (English)
- strongSwan - Test Scenarios (English)
- strongSwan VPNs: scalable and modularized! (English; PDF, 1.6 MB) - LinuxTag 2008 file ; As of May 5, 2008
- Advanced Network Simulation under User-Mode Linux (English; PDF, 1.3 MB) - file from GI and DFN ; Status: October 6, 2005
supporting documents
- ↑ strongSwan 5.8.4 Released
- ↑ strongSwan - IPsec VPN for Linux, Android, FreeBSD, Mac OS X, Windows . (accessed on February 16, 2018).
- ↑ The strongswan Open Source Project on Open Hub: Languages Page . In: Open Hub . (accessed on July 18, 2018).
- ↑ RFC 4306 : Internet Key Exchange (IKEv2) Protocol (English) - page at the IETF ; Status: 12.2005, accessed on: May 2, 2013.
- ↑ RFC 4739 : Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol (English) - page at the IETF ; Status: 11.2006, accessed on: May 2, 2013.
- ^ IKEv2 Mediation Extension: draft-brunner-ikev2-mediation-00 (English) - page at the IETF ; Status: October 18, 2008, accessed on: May 2, 2013.