OpenSource IPsec-based VPN Solution

Edit Package strongswan

StrongSwan is an OpenSource IPsec-based VPN Solution for Linux

* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet

This package triggers the installation of both, IKEv1 and IKEv2 daemons.

Refresh
Refresh
Source Files
Filename Size Changed
0001-Modularize-the-IKEv2-key-derivation-so-it-can-be-pro.patch 0000140523 137 KB
0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch 0000001088 1.06 KB
0006-Resolve-multiple-definition-of-swanctl_dir.patch 0000000430 430 Bytes
0007-Fix-typo-in-README.patch 0000000781 781 Bytes
0008-gcrypt-Use-a-dummy-buffer-to-initialize-static-alloc.patch 0000001361 1.33 KB
0009-strongswan-openssl-aead-add-ccm-support.patch 0000006987 6.82 KB
README.SUSE 0000002495 2.44 KB
fips-enforce.conf 0000000742 742 Bytes
fipscheck.sh.in 0000001934 1.89 KB
strongswan-4.4.1-5.9.3_cert-cache-random.patch 0000001522 1.49 KB
strongswan-5.5.0-5.9.4_eap_success-CVE-2021-45079.patch 0000005873 5.74 KB
strongswan-5.6.1-5.9.3_gmp-rsa-ssa-salt-len.patch 0000002263 2.21 KB
strongswan-5.8.2.tar.bz2 0004533402 4.32 MB
strongswan-5.8.2.tar.bz2.sig 0000000648 648 Bytes
strongswan-marvell-auth-els.patch 0000154804 151 KB
strongswan-rpmlintrc 0000000428 428 Bytes
strongswan.changes 0000128481 125 KB
strongswan.init.in 0000008747 8.54 KB
strongswan.keyring 0000003085 3.01 KB
strongswan.spec 0000040875 39.9 KB
strongswan_fipscheck.patch 0000001920 1.88 KB
strongswan_ipsec_service.patch 0000000189 189 Bytes
Latest Revision
Gustavo Yokoyama Ribeiro's avatar Gustavo Yokoyama Ribeiro (gyribeiro) committed (revision 2)
- 0001-Modularize-the-IKEv2-key-derivation-so-it-can-be-pro.patch:
  Outsource the IKE key deriviation to openssl for FIPS certification.
  (bsc#1195919)
Comments 0
openSUSE Build Service is sponsored by