strongSwan User Documentation

Introduction to strongSwan


Configuration Files

Configuration HOWTOs

Configuration Examples

Dozens of both simple and advanced VPN scenarios:

strongSwan 5.x

strongSwan 4.x



Management Commands

  • The powerful ipsec command starts, stops and monitors IPsec connections.

Auxiliary Tools

  • ipsec attest manages measurement reference values used for TPM-based remote attestation
  • ipsec leases shows the assignment of virtual IP adresses stored in volatile memory
  • ipsec pki generates and analyzes RSA/ECDSA private keys and X.509 certificates
  • ipsec pool manages virtual IP address pools and attributes stored in an SQL database and provided by the attr-sql plugin
  • ipsec scepclient implements the Simple Certificate Enrollment Protocol (SCEP)
  • ipsec starter starts, stops, and configures the IKE daemons
  • ipsec stroke controls the IKEv2 charon daemon
  • ipsec whack controls the IKEv1 pluto daemon
  • ipsec conftest is a tool to test IKEv2 implementations
  • ipsec openac generates X.509 attribute certificates (removed with 5.1.3)

Linux 2.6 IPsec

Frequently Asked Questions