OpenSource IPsec-based VPN Solution
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
- Sources inherited from project SUSE:SLE-15-SP5:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.5:Update/strongswan && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
0001-marvell-auth-els-strongswan-5.9.7-v1.patch | 0000201755 197 KB | |
0005-ikev1-Don-t-retransmit-Aggressive-Mode-respon |
0000001088 1.06 KB | |
0055-vici-dont-lock-connection-in-write-mode-when- |
0000003871 3.78 KB | |
README.SUSE | 0000002956 2.89 KB | |
fips-enforce.conf | 0000000742 742 Bytes | |
fipscheck.sh.in | 0000001934 1.89 KB | |
strongswan-5.9.7.tar.bz2 | 0004741967 4.52 MB | |
strongswan-5.9.7.tar.bz2.sig | 0000000659 659 Bytes | |
strongswan-rpmlintrc | 0000000428 428 Bytes | |
strongswan.changes | 0000134056 131 KB | |
strongswan.init.in | 0000008747 8.54 KB | |
strongswan.keyring | 0000003085 3.01 KB | |
strongswan.spec | 0000041339 40.4 KB | |
strongswan_fipscheck.patch | 0000001920 1.88 KB | |
strongswan_ipsec_service.patch | 0000000189 189 Bytes |
Latest Revision
- Fix crash when swanctl command gets stuck intermittently (bsc#1207489) [+ 0055-vici-dont-lock-connection-in-write-mode-when-enabling-on_write-callback.patch] - Modified README file to reflect rcipsec usage
Comments 0