Project

General

Profile

Edit History

strongSwan User Documentation » History » Version 108

Andreas Steffen, 14.06.2012 09:10

1 92 Andreas Steffen 
h1. strongSwan User Documentation
2 91 Andreas Steffen 





    3
    1
    Martin Willi
    
{{>toc}}





    4
    1
    Martin Willi
    





    5
    51
    Andreas Steffen
    
h2. Features





    6
    51
    Andreas Steffen
    





    7
    51
    Andreas Steffen
    
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)





    8
    51
    Andreas Steffen
    
* [[NatTraversal|NAT Traversal]]





    9
    51
    Andreas Steffen
    
* [[MobIke|MOBIKE]]





    10
    57
    Andreas Steffen
    
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)





    11
    58
    Martin Willi
    
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations





    12
    58
    Martin Willi
    
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against





    13
    93
    Martin Willi
    
* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins





    14
    51
    Andreas Steffen
    





    15
    51
    Andreas Steffen
    
h2. Configuration Files





    16
    1
    Martin Willi
    





    17
    52
    Andreas Steffen
    
* [[IpsecConf|ipsec.conf]] file





    18
    52
    Andreas Steffen
    
* [[IpsecSecrets|ipsec.secrets]] file





    19
    52
    Andreas Steffen
    
* [[IpsecDirectory|ipsec.d]] directory





    20
    52
    Andreas Steffen
    
* [[strongswanConf|strongswan.conf]] file





    21
    51
    Andreas Steffen
    





    22
    51
    Andreas Steffen
    





    23
    51
    Andreas Steffen
    
h2. Configuration HOWTOs





    24
    51
    Andreas Steffen
    





    25
    71
    Andreas Steffen
    
* [[NetworkManager|NetworkManager client setup]]





    26
    71
    Andreas Steffen
    
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]





    27
    79
    Martin Willi
    
* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]





    28
    81
    Martin Willi
    
* [[EapTls|EAP-TLS certificate authentication]]





    29
    80
    Martin Willi
    
* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]





    30
    71
    Andreas Steffen
    
* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]





    31
    75
    Andreas Steffen
    
* [[CAmanagementGUIs|CA management made easy using GUIs]]





    32
    51
    Andreas Steffen
    
* [[HashAndUrl|Hash-and-URL HOWTO]]





    33
    51
    Andreas Steffen
    
* [[SqlLite|SQLite HOWTO]]





    34
    51
    Andreas Steffen
    
* [[LoggerConfiguration|Logger configuration HOWTO]]





    35
    97
    Tobias Brunner
    
* [[JobPriority|Job priority management HOWTO]]





    36
    51
    Andreas Steffen
    
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]





    37
    55
    Martin Willi
    
* [[MobileIPv6|Mobile IPv6 HOWTO]]





    38
    74
    Jean-Michel Pouré
    
* [[SmartCards|Smartcard HOWTO]]





    39
    76
    Christoph Lukas
    
* [[EToken|Aladdin eToken HOWTO]]





    40
    101
    Andreas Steffen
    
* [[TrustedNetworkConnect| Trusted Network Connect (TNC) HOWTO]]





    41
    103
    Andreas Steffen
    
* [[IfMap| TNC IF-MAP HOWTO]] 





    42
    104
    Yaron Sheffer
    
* [[AwsVpc| Setting up a VPN into the Amazon Public Cloud's VPC]] 





    43
    100
    Tobias Brunner
    
* [[HsrCommandLine|VPN Remote Access at HSR(Hochschule für Technik Rapperswil): Linux via Command Line]]





    44
    51
    Andreas Steffen
    





    45
    107
    Andreas Steffen
    
h2. Configuration Examples - strongSwan 4.x





    46
    51
    Andreas Steffen
    





    47
    1
    Martin Willi
    
Dozens of both simple and advanced VPN scenarios:





    48
    51
    Andreas Steffen
    
* [[IKEv1Examples|IKEv1]] examples





    49
    107
    Andreas Steffen
    
* [[IKEv2Examples|IKEv2]] examples





    50
    66
    Andreas Steffen
    
* [[IPv6Examples|IPv6]] examples





    51
    1
    Martin Willi
    
* [[CipherSuiteExamples|Advanced Cipher Suite]] examples





    52
    1
    Martin Willi
    
* [[IntegrityCryptoTestExamples|Integrity and Crypto Test]] examples





    53
    1
    Martin Willi
    
* "IKEv2 High Availability":http://www.strongswan.org/uml/testresults/ha/both-active example





    54
    1
    Martin Willi
    
* "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults/ikev2/rw-hash-and-url example





    55
    1
    Martin Willi
    
* "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults/p2pnat mediation service examples





    56
    1
    Martin Willi
    
* "SQLite":http://www.strongswan.org/uml/testresults/sql database backend examples





    57
    107
    Andreas Steffen
    





    58
    107
    Andreas Steffen
    
h2. Configuration Examples - strongSwan 5.x





    59
    107
    Andreas Steffen
    





    60
    107
    Andreas Steffen
    
* [[IKEv1Examples5|IKEv1]] examples





    61
    107
    Andreas Steffen
    
* [[IKEv2Examples5|IKEv2]] examples





    62
    107
    Andreas Steffen
    
* [[IPv6Examples5|IPv6]] examples





    63
    1
    Martin Willi
    





    64
    99
    Tobias Brunner
    
h2. Portability





    65
    99
    Tobias Brunner
    





    66
    99
    Tobias Brunner
    
* [[Maemo|strongSwan on Maemo (Nokia N900)]] - NEW





    67
    99
    Tobias Brunner
    
* [[FreeBSD|strongSwan on FreeBSD]] (IKEv2 only)





    68
    99
    Tobias Brunner
    
* [[MacOSX|strongSwan on Mac OS X]] (IKEv2 only)





    69
    99
    Tobias Brunner
    
* [[Android|strongSwan on Android]] (IKEv2 only)





    70
    99
    Tobias Brunner
    
* [[OpenWrt|strongSwan on OpenWrt]]





    71
    99
    Tobias Brunner
    





    72
    54
    Andreas Steffen
    
h2. Interoperability





    73
    1
    Martin Willi
    





    74
    54
    Andreas Steffen
    
* [[Windows7|Windows 7]] with IKEv2





    75
    54
    Andreas Steffen
    
* [[WindowsVista|Windows Vista]] with IKEv1





    76
    60
    Andreas Steffen
    
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1





    77
    89
    Andreas Steffen
    
* [[IOS_(Apple)|Apple iOS (iPhone, iPad)]] with IKEv1





    78
    108
    Andreas Steffen
    
* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1





    79
    89
    Andreas Steffen
    





    80
    51
    Andreas Steffen
    
h2. Management Commands





    81
    1
    Martin Willi
    





    82
    51
    Andreas Steffen
    
* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.





    83
    1
    Martin Willi
    





    84
    51
    Andreas Steffen
    





    85
    24
    Martin Willi
    
h2. Auxiliary Tools





    86
    36
    Martin Willi
    





    87
    105
    Tobias Brunner
    
* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation





    88
    68
    Andreas Steffen
    
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory





    89
    1
    Martin Willi
    
* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_





    90
    68
    Andreas Steffen
    
* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates  





    91
    95
    Tobias Brunner
    
* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]





    92
    68
    Andreas Steffen
    
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_





    93
    1
    Martin Willi
    
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons





    94
    51
    Andreas Steffen
    
* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon





    95
    68
    Andreas Steffen
    
* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon





    96
    98
    Tobias Brunner
    





    97
    51
    Andreas Steffen
    





    98
    51
    Andreas Steffen
    
h2. Linux 2.6 IPsec





    99
    51
    Andreas Steffen
    





    100
    51
    Andreas Steffen
    
* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter





    101
    51
    Andreas Steffen
    
* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase





    102
    51
    Andreas Steffen
    





    103
    51
    Andreas Steffen
    





    104
    51
    Andreas Steffen
    
h2. Frequently Asked Questions





    105
    51
    Andreas Steffen
    





    106
    51
    Andreas Steffen
    





    107
    51
    Andreas Steffen
    
* A [[FAQ]] is maintained [[FAQ|here]].