OpenSource IPsec-based VPN Solution
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) kernels
* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange protocols
* Fully tested support of IPv6 IPsec tunnel and transport connections
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
* Automatic insertion and deletion of IPsec-policy-based firewall rules
* Strong 128/192/256 bit AES or Camellia encryption, 3DES support
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Static virtual IPs and IKEv1 ModeConfig pull and push modes
* XAUTH server and client functionality on top of IKEv1 Main Mode authentication
* Virtual IP address pool managed by IKE daemon or SQL database
* Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-MSCHAPv2, etc.)
* Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
* Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates (RFC 3281)
* Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
* Modular plugins for crypto algorithms and relational database interfaces
* Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
* Optional built-in integrity and crypto tests for plugins and libraries
* Smooth Linux desktop integration via the strongSwan NetworkManager applet
This package triggers the installation of both, IKEv1 and IKEv2 daemons.
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.6:Update/strongswan && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
0001-ikev1-Don-t-retransmit-Aggressive-Mode-respon |
0000001088 1.06 KB | |
README.SUSE | 0000002956 2.89 KB | |
fips-enforce.conf | 0000000742 742 Bytes | |
fipscheck.sh.in | 0000001934 1.89 KB | |
strongswan-5.9.12.tar.bz2 | 0004825696 4.6 MB | |
strongswan-5.9.12.tar.bz2.sig | 0000000659 659 Bytes | |
strongswan-rpmlintrc | 0000000428 428 Bytes | |
strongswan.changes | 0000136698 133 KB | |
strongswan.init.in | 0000008747 8.54 KB | |
strongswan.keyring | 0000003085 3.01 KB | |
strongswan.spec | 0000040697 39.7 KB | |
strongswan_fipscheck.patch | 0000001920 1.88 KB | |
strongswan_ipsec_service.patch | 0000000189 189 Bytes |
Latest Revision
- Updated to version 5.9.12 (jsc#PED-5765 bsc#1216901) * Fixed a buffer overflow in charon-tkm [CVE-2023-41913] * Support for ``nameConstraints`` of type ``iPAddress`` are now supported by the "x509", "openssl" and "constraints" plugins * Support for encoding subjectAlternativeName extensions of type uniformResourceIdentifier in X.509 certificates has been added. * Make the NetworkManager plugin (charon-nm) actually use the XFRM interface it creates since 5.9.10. This involves setting interface IDs on SAs and policies, and installing routes via the interface. To avoid routing loops if the remote traffic selectors include the VPN server, IKE and ESP packets are marked to bypass the routing table that contains the routes via XFRM interface. * The kernel-libipsec plugin now always installs routes to remote networks even if no address is found in the local traffic selectors, which allows forwarding traffic from networks the VPN host is not part of. * Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors. - Removed following patch which is part of updated package [- strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch]
Comments 0