strongSwan 2.8.3

strongSwan is an OpenSource IPsec implementation for the Linux operating system.
strongSwan is an OpenSource IPsec implementation for the Linux operating system. strongSwan is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years.

In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.

Here are some key features of "strongSwan":

runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels
strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
Authentication based on X.509 certificates or preshared keys
Powerful IPsec policies based on wildcards or intermediate CAs
Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
Optional storage of RSA private keys on smartcards or USB crypto tokens
Smartcard access via standardized PKCS #11 interface
PKCS #11 proxy function offering RSA decryption services via whack
NAT-Traversal (RFC 3947) and support of Virtual IPs and IKE Mode Config
CA management (OCSP and CRL URIs, default LDAP server)
Dead Peer Detection (DPD, RFC 3706)
Group policies based on X.509 attribute certificates ( RFC 3281)
Generation of default self-signed certificates during strongSwan setup

What's New in 2.8.0 Stable Release:

The implementation of the IKE Mode Config push mode allows interoperability with Cisco VPN gateways.
By setting "modeconfig=push", strongSwan will wait for the peer to push down a virtual IP address that can be used within an IPsec tunnel.
The default value of the new keyword is "modeconfig=pull".
The command "ipsec statusall" now shows "DPD active" for all ISAKMP Security Associations that are under active Dead Peer Detection control.

What's New in 4.0.7 Development Release:

Extended authentication (XAUTH) in conjunction with IKE Main Mode authentication (RSA and PSK) is now possible with most VPN clients and gateways (e.g. Cisco, NCP, Shrew, etc.).

What's New in 2.8.3 Stable Release:

A bug in the computation of the SHA-512-HMAC function was fixed.
The SHA-384 hash and HMAC functions were implemented.
SHA-2 signatures are now supported in X.509 certificates.
Automatic test vector-based self-tests of all hash functions (MD5, SHA-1, SHA-2) during pluto startup was introduced to increase the reliability of the software.

last updated on:
February 23rd, 2007, 12:35 GMT
license type:
GPL (GNU General Public License) 
developed by:
Andreas Steffen
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating 3



Rate it!

Add your review!