strongSwan is a Linux-based OpenSource solution for IPsec implementation.
One of the remarkable features of strongSwan is its ability to run on both Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels. Additionally, strongSwan offers robust 3DES, AES, Serpent, Twofish, or Blowfish encryption and Authentication based on X.509 certificates or preshared keys. The software also provides powerful IPsec policies based on wildcards or intermediate CAs, retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP, full support of the Online Certificate Status Protocol (OCSP, RCF 2560), and optional storage of RSA private keys on smartcards or USB crypto tokens.
Moreover, strongSwan offers CA management (OCSP and CRL URIs, default LDAP server), Dead Peer Detection (DPD, RFC 3706), Group policies based on X.509 attribute certificates (RFC 3281), and NAT-Traversal (RFC 3947) and support Virtual IPs and IKE Mode Config. Smartcard access via standardized PKCS #11 interface and PKCS #11 proxy function that offers RSA decryption services via whack is also available.
Thanks to the latest release of strongSwan, users can enjoy some new features, including the implementation of the Ike Mode Config push mode, which allows interoperability with Cisco VPN gateways. The new edition also fixed a bug in the computation of the SHA-512-HMAC function, implemented the SHA-384 hash, and HMAC functions, and supported SHA-2 signatures in X.509 certificates. The software now comes with automatic test vector-based self-tests of all hash functions (MD5, SHA-1, SHA-2) during pluto startup to increase the reliability of the software.
Overall, strongSwan is an outstanding IPsec solution for Linux users seeking maximum security and top-notch encryption.
Version 2.8.3: N/A