strongSwan 5.0.4

An IPsec implementation for the Linux OS
strongSwan - The strongSwan Manager
  1 Screenshot
strongSwan is an open source IPsec implementation for the Linux operating system.

In other words, strongSwan is an IPsec-based VPN solution for Linux distributions.

Main features:

  • Runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels
  • Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
  • Authentication based on X.509 certificates or preshared keys
  • Powerful IPsec policies based on wildcards or intermediate CAs
  • Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
  • Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
  • Optional storage of RSA private keys on smartcards or USB crypto tokens
  • Smartcard access via standardized PKCS #11 interface
  • PKCS #11 proxy function offering RSA decryption services via whack
  • NAT-Traversal (RFC 3947) and support of Virtual IPs and IKE Mode Config
  • CA management (OCSP and CRL URIs, default LDAP server)
  • Dead Peer Detection (DPD, RFC 3706)
  • Group policies based on X.509 attribute certificates ( RFC 3281)
  • Generation of default self-signed certificates during strongSwan setup

last updated on:
May 1st, 2013, 14:32 GMT
license type:
GPL (GNU General Public License) 
developed by:
Andreas Steffen
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating 31



Rate it!
What's New in This Release:
  • Fixed a security vulnerability in the openssl plugin which was reported by Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA signature verification was used, due to a misinterpretation of the error code returned by the OpenSSL ECDSA_verify() function, an empty or zeroed signature was accepted as a legitimate one. Refer to our blog for details.
  • The handling of a couple of other non-security relevant OpenSSL return codes was fixed as well.
  • The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its TCG TNC IF-MAP 2.1 interface.
  • The charon.initiator_only strongswan.conf option causes charon to ignore IKE initiation requests.
read full changelog

Add your review!