strongSwan - strongSwan - IKEv2/IPsec VPN for Linux, Android, FreeBSD, Mac OS X

UserDocumentation

Version 104 (Yaron Sheffer, 26.12.2011 10:41)

-Andreas Steffen
+h1. strongSwan User Documentation
 Andreas Steffen
-Martin Willi
+{{>toc}}
 Martin Willi
-Andreas Steffen
+h2. Features
 Andreas Steffen
-Andreas Steffen
+* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
-Andreas Steffen
+* [[NatTraversal|NAT Traversal]]
-Andreas Steffen
+* [[MobIke|MOBIKE]]
-Andreas Steffen
+* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
-Martin Willi
+* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
-Martin Willi
+* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
-Martin Willi
+* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins
 Andreas Steffen
-Andreas Steffen
+h2. Configuration Files
 Martin Willi
-Andreas Steffen
+* [[IpsecConf|ipsec.conf]] file
-Andreas Steffen
+* [[IpsecSecrets|ipsec.secrets]] file
-Andreas Steffen
+* [[IpsecDirectory|ipsec.d]] directory
-Andreas Steffen
+* [[strongswanConf|strongswan.conf]] file
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+h2. Configuration HOWTOs
 Andreas Steffen
-Andreas Steffen
+* [[NetworkManager|NetworkManager client setup]]
-Andreas Steffen
+* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
-Martin Willi
+* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]
-Martin Willi
+* [[EapTls|EAP-TLS certificate authentication]]
-Martin Willi
+* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]
-Andreas Steffen
+* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]
-Andreas Steffen
+* [[CAmanagementGUIs|CA management made easy using GUIs]]
-Andreas Steffen
+* [[HashAndUrl|Hash-and-URL HOWTO]]
-Andreas Steffen
+* [[SqlLite|SQLite HOWTO]]
-Andreas Steffen
+* [[LoggerConfiguration|Logger configuration HOWTO]]
-Tobias Brunner
+* [[JobPriority|Job priority management HOWTO]]
-Andreas Steffen
+* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
-Martin Willi
+* [[MobileIPv6|Mobile IPv6 HOWTO]]
-Jean-Michel Pouré
+* [[SmartCards|Smartcard HOWTO]]
-Christoph Lukas
+* [[EToken|Aladdin eToken HOWTO]]
-Andreas Steffen
+* [[TrustedNetworkConnect| Trusted Network Connect (TNC) HOWTO]]
-Andreas Steffen
+* [[IfMap| TNC IF-MAP HOWTO]]
-Yaron Sheffer
+* [[AwsVpc| Setting up a VPN into the Amazon Public Cloud's VPC]]
-Tobias Brunner
+* [[HsrCommandLine|VPN Remote Access at HSR(Hochschule für Technik Rapperswil): Linux via Command Line]]
 Andreas Steffen
-Andreas Steffen
+h2. Configuration Examples
 Andreas Steffen
-Martin Willi
+Dozens of both simple and advanced VPN scenarios:
-Andreas Steffen
+* [[IKEv1Examples|IKEv1]] examples
-Andreas Steffen
+* [[IKEv2Examples|IKEv2]] examples - *NEW* with *EAP-TLS*, *EAP-TTLS* and *EAP-TNC* support
-Andreas Steffen
+* [[IPv6Examples|IPv6]] examples
-Martin Willi
+* [[CipherSuiteExamples|Advanced Cipher Suite]] examples
-Martin Willi
+* [[IntegrityCryptoTestExamples|Integrity and Crypto Test]] examples
-Martin Willi
+* "IKEv2 High Availability":http://www.strongswan.org/uml/testresults/ha/both-active example
-Martin Willi
+* "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults/ikev2/rw-hash-and-url example
-Martin Willi
+* "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults/p2pnat mediation service examples
-Martin Willi
+* "SQLite":http://www.strongswan.org/uml/testresults/sql database backend examples
 Martin Willi
-Tobias Brunner
+h2. Portability
 Tobias Brunner
-Tobias Brunner
+* [[Maemo|strongSwan on Maemo (Nokia N900)]] - NEW
-Tobias Brunner
+* [[FreeBSD|strongSwan on FreeBSD]] (IKEv2 only)
-Tobias Brunner
+* [[MacOSX|strongSwan on Mac OS X]] (IKEv2 only)
-Tobias Brunner
+* [[Android|strongSwan on Android]] (IKEv2 only)
-Tobias Brunner
+* [[OpenWrt|strongSwan on OpenWrt]]
 Tobias Brunner
-Andreas Steffen
+h2. Interoperability
 Martin Willi
-Andreas Steffen
+* [[Windows7|Windows 7]] with IKEv2
-Andreas Steffen
+* [[WindowsVista|Windows Vista]] with IKEv1
-Andreas Steffen
+* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
-Andreas Steffen
+* [[IOS_(Apple)|Apple iOS (iPhone, iPad)]] with IKEv1
 Andreas Steffen
-Andreas Steffen
+h2. Management Commands
 Martin Willi
-Andreas Steffen
+* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.
 Martin Willi
 Andreas Steffen
-Martin Willi
+h2. Auxiliary Tools
 Martin Willi
-Andreas Steffen
+* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
-Martin Willi
+* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_
-Andreas Steffen
+* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates
-Tobias Brunner
+* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]
-Andreas Steffen
+* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
-Martin Willi
+* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
-Andreas Steffen
+* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon
-Andreas Steffen
+* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon
 Tobias Brunner
 Andreas Steffen
-Andreas Steffen
+h2. Linux 2.6 IPsec
 Andreas Steffen
-Andreas Steffen
+* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter
-Andreas Steffen
+* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+h2. Frequently Asked Questions
 Andreas Steffen
 Andreas Steffen
-Andreas Steffen
+* A [[FAQ]] is maintained [[FAQ|here]].