strongSwan plugins » History » Version 1

Version 1/84 - Next » - Current version
Martin Willi, 08.02.2011 14:58
Beginning a list of all plugins, including some links to more information

strongSwan plugins

The strongSwan distribution ships with a growing list of plugins. This allows us to add extended and specialized features, but keep the core as small as possible.

Many components of strongSwan come with a set of plugins. The plugins for libstrongswan provide cryptographic backends, URI fetchers and database layers. The plugins of libhydra are usable by the both IKE daemons, pluto and charon. libcharon comes with a large set of very specialized plugins for specific needs.

Plugin Name E S Description
E = Enabled by default
S = Plugin status: s = stable, e = experimental, d = under development/incomplete
libstrongswan plugins
aes x s AES-128/192/256 cipher software implementation
af-alg e AF_ALG Linux crypto API interface, provides ciphers/hashers/hmac/xcbc
agent s RSA private key backend connecting to SSH-Agent
blowfish s Blowfish cipher software implementation
ccm s CCM cipher mode wrapper
constraints x s X.509 certificate advanced constraint checking
ctr s CTR cipher mode wrapper
curl s libcurl based HTTP/FTP fetcher
des x s DES/3DES cipher software implementation
dnskey x s Parse RFC4034 public keys
fips-prf x s PRF specified by FIPS, used by EAP-SIM/AKA algorithms
gcm s GCM cipher mode wrapper
gcrypt s Crypto backend based on libgcrypt, provides RSA/DH/ciphers/hashers/rng
gmp x s RSA/DH crypto backend based on libgmp
hmac x s HMAC wrapper using different hashers
ldap s LDAP fetching plugin based on libldap
md4 s MD4 hasher software implementation
md5 x s MD5 hasher software implementation
mysql s MySQL database backend based on libmysqlclient
openssl s Crypto backend based on OpenSSL, provides RSA/ECDSA/DH/ECDH/ciphers/hashers/X.509/CRL
padlock e VIA padlock crypto backend, provides AES128/SHA1
pem x s PEM encoding/decoding routines
pgp x s PGP encoding/decoding routines
pkcs11 s PKCS#11 smartcard backend
pkcs1 x s PKCS#1 encoding/decoding routines
pubkey x s Wrapper to handle raw public keys as trusted certificates
random x s RNG reading from /dev/[u]random
revocation x s X.509 CRL/OCSP revocation checking
sha1 x s SHA1 hasher software implementation
sha2 x s SHA256/SHA384/SHA512 hasher software implementation
soup s libsoup based HTTP fetcher
sqlite s SQLite database backend based on libsqlite3
test-vectors s Set of test vectors for various algorithms
x509 x s Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs and OCSP messages
xcbc x s XCBC wrapper using different ciphers
libhydra plugins
attr-sql s Provides IKE attributes read from a database to peers
attr x s Provides IKE attributes configured in strongswan.conf
kernel-klips e IPsec kernel interface to an older KLIPS version
kernel-netlink x s IPsec/Networking kernel interface using Linux Netlink
kernel-pfkey e IPsec kernel interface using PF_KEY
kernel-pfroute e Networking kernel interface using PF_ROUTE
pluto plugins
xauth x s XAUTH authentication
libcharon plugins
addrblock s Narrow traffic selectors to RFC3779 address blocks in X.509 certificates
android s Android configuration/control backend, works with Android strongSwan applet
dhcp s Forward IP address pool lookup to a DHCP server
eap-aka s Generic EAP-AKA protocol handler using different backends
eap-aka-3gpp2 s EAP-AKA backend implementing standard 3GPP2 algorithm in software
eap-gtc s EAP-GTC protocol handler authenticating against PAM
eap-identity s EAP-Identity identity exchange algorithm, to use with other EAP protocols
eap-md5 s EAP-MD5 protocol handler using passwords
eap-mschapv2 s EAP-MSCHAPv2 protocol handler using passwords/NT hashes
eap-radius s EAP server proxy plugin forwarding EAP conversations to a RADIUS server
eap-sim s Generic EAP-SIM protocol handler using different backends
eap-sim-file s EAP-SIM backend reading triplets from a file
eap-simaka-pseudonym s EAP-SIM/AKA in-memory pseudonym identity database
eap-simaka-reauth s EAP-SIM/AKA in-memory reauthentication identity database
eap-simaka-sql s EAP-SIM/AKA backend reading triplets/quintuplets from a SQL database
eap-tls s EAP-TLS protocol handler, to authenticate with certificates in EAP
eap-tnc s EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel
eap-ttls s EAP-TTLS protocol handler, wraps other EAP methods securely
farp s Fakes ARP responses for requests to an address assigned to a peer
ha s High-Availability clustering
led s Let Linux LED subsystem LEDs blink on IKE activity
load-tester s Perform IKE load tests against self or a gateway
maemo e Maemo 5 configuration/control backend, works with Maemo strongSwan applet
medcli d Web interface based mediation client interface
medsrv d Web interface based mediation server interface
nm s NetworkManager configuration/control backend, works with NetworkManager strongSwan applet
resolve x s Write name servers received via IKE to a resolv.conf file
smp d XML based strongSwan Management Protocol
socket-default * s Default socket implementation for IKE messages, enabled if pluto disabled
socket-dynamic e Dynamic binding socket implementation, capable of sending IKE messages on any port
socket-raw * s RAW socket allowing charon to run parallel with pluto, enabled if pluto enabled
sql s SQL configuration backend reading configurations/credentials from a database
stroke x s Stroke configuration/control backend, to use with ipsec script and starter
tnccs-11 s Trusted Network Connect 11
tnccs-20 s Trusted Network Connect 20
tnccs-dynamic s Trusted Network Connect (Dynamic)
tnc-imc s Trusted Network Connect (IMC)
tnc-imv s Trusted Network Connect (IMV)
uci d OpenWRT UCI configuration backend
unit-tests d Unit tests to run during daemon startup
updown x s Shell script invocation during tunnel up/down events