strongSwan User Documentation

Introduction to strongSwan

Features

Configuration Files

General Options

Used by swanctl and the vici plugin

Used by starter and the stroke plugin

IKE and ESP Cipher Suites

HOWTOs

Configuration Examples

Dozens of both simple and advanced VPN scenarios (please make sure to read ConfigurationExamplesNotes):

strongSwan 5.x

strongSwan 4.x

Portability

Interoperability

Management Commands

  • The powerful ipsec command starts, stops and monitors IPsec connections.
  • The alternative swanctl tool provides a new and portable configuration interface.

Auxiliary Tools

  • ipsec attest manages measurement reference values used for TPM-based remote attestation
  • ipsec leases shows the assignment of virtual IP adresses stored in volatile memory
  • ipsec pki generates and analyzes RSA/ECDSA private keys and X.509 certificates
  • ipsec pool manages virtual IP address pools and attributes stored in an SQL database and provided by the attr-sql plugin
  • ipsec scepclient implements the Simple Certificate Enrollment Protocol (SCEP)
  • ipsec starter starts, stops, and configures the IKE daemons
  • ipsec stroke controls the IKE charon daemon
  • ipsec conftest is a tool to test IKEv2 implementations

Frequently Asked Questions