strongSwan User Documentation » History » Version 126
Version 125 (Tobias Brunner, 27.06.2014 15:52) → Version 126/184 (Tobias Brunner, 08.07.2014 11:29)
h1. strongSwan User Documentation
{{>toc}}
h2. Introduction to strongSwan
* [[IntroductionTostrongSwan|Introduction to strongSwan]]
** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]]
h2. Features
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
* [[NatTraversal|NAT Traversal]]
* [[MobIke|MOBIKE]]
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins
h2. Configuration Files
h3. General Options
* [[strongswanConf|strongswan.conf]] file
* [[strongswanDirectory|strongswan.d]] directory
h3. Used by [[ipsecstarter|starter]] and the [[ipsecstroke|stroke plugin]]
* [[IpsecConf|ipsec.conf]] file
* [[IpsecSecrets|ipsec.secrets]] file
* [[IpsecDirectory|ipsec.d]] directory
h3. Used by [[swanctl]]
* [[swanctl.conf|swanctl.conf]] [[strongswanConf|strongswan.conf]] file
* [[swanctlDirectory|swanctl]] [[strongswanDirectory|strongswan.d]] directory
h2. Configuration HOWTOs
* [[NetworkManager|NetworkManager client setup]]
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]
* [[EapTls|EAP-TLS certificate authentication]]
* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]
* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]
* [[CAmanagementGUIs|CA management made easy using GUIs]]
* [[HashAndUrl|Hash-and-URL HOWTO]]
* [[SqlLite|SQLite HOWTO]]
* [[LoggerConfiguration|Logger configuration HOWTO]]
* [[JobPriority|Job priority management HOWTO]]
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
* [[MobileIPv6|Mobile IPv6 HOWTO]]
* [[SmartCards|Smartcard HOWTO]]
* [[EToken|Aladdin eToken HOWTO]]
* [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]]
* [[BYOD|Android BYOD Security based on TNC]]
* [[IfMap|TNC IF-MAP HOWTO]]
* [[StrongTnc|strongTNC Policy Manager HOWTO]]
* [[IMA|Linux Integrity Measurement Architecture (IMA)]]
* [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]]
* [[HsrCommandLine|VPN Remote Access at HSR(Hochschule für Technik Rapperswil): Linux via Command Line]]
{{include(ConfigurationExamples)}}
h2. Portability
* [[Android|strongSwan on Android]]
* [[FreeBSD|strongSwan on FreeBSD]]
* [[MacOSX|strongSwan on Mac OS X]]
* [[Windows|strongSwan on Windows]]
* [[OpenWrt|strongSwan on OpenWrt]]
* [[Maemo|strongSwan on Maemo (Nokia N900)]]
h2. Interoperability
* [[Windows7|Windows 7]] with IKEv2
* [[WindowsVista|Windows Vista]] with IKEv1
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
* [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1
* [[BlackBerry|BlackBerry OS]] with IKEv1 or IKEv2
* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1
h2. Management Commands
* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.
* The alternative [[swanctl]] tool provides a new and portable configuration interface.
h2. Auxiliary Tools
* [[charon-cmd]] a simple command line IKE client
* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates
* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon
* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon
* ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations
* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_ (removed with [[5.1.3]])
h2. Linux 2.6 IPsec
* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter
* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase
h2. Frequently Asked Questions
* A [[FAQ]] is maintained [[FAQ|here]].
{{>toc}}
h2. Introduction to strongSwan
* [[IntroductionTostrongSwan|Introduction to strongSwan]]
** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]]
h2. Features
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
* [[NatTraversal|NAT Traversal]]
* [[MobIke|MOBIKE]]
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins
h2. Configuration Files
h3. General Options
* [[strongswanConf|strongswan.conf]] file
* [[strongswanDirectory|strongswan.d]] directory
h3. Used by [[ipsecstarter|starter]] and the [[ipsecstroke|stroke plugin]]
* [[IpsecConf|ipsec.conf]] file
* [[IpsecSecrets|ipsec.secrets]] file
* [[IpsecDirectory|ipsec.d]] directory
h3. Used by [[swanctl]]
* [[swanctl.conf|swanctl.conf]] [[strongswanConf|strongswan.conf]] file
* [[swanctlDirectory|swanctl]] [[strongswanDirectory|strongswan.d]] directory
h2. Configuration HOWTOs
* [[NetworkManager|NetworkManager client setup]]
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]
* [[EapTls|EAP-TLS certificate authentication]]
* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]
* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]
* [[CAmanagementGUIs|CA management made easy using GUIs]]
* [[HashAndUrl|Hash-and-URL HOWTO]]
* [[SqlLite|SQLite HOWTO]]
* [[LoggerConfiguration|Logger configuration HOWTO]]
* [[JobPriority|Job priority management HOWTO]]
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
* [[MobileIPv6|Mobile IPv6 HOWTO]]
* [[SmartCards|Smartcard HOWTO]]
* [[EToken|Aladdin eToken HOWTO]]
* [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]]
* [[BYOD|Android BYOD Security based on TNC]]
* [[IfMap|TNC IF-MAP HOWTO]]
* [[StrongTnc|strongTNC Policy Manager HOWTO]]
* [[IMA|Linux Integrity Measurement Architecture (IMA)]]
* [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]]
* [[HsrCommandLine|VPN Remote Access at HSR(Hochschule für Technik Rapperswil): Linux via Command Line]]
{{include(ConfigurationExamples)}}
h2. Portability
* [[Android|strongSwan on Android]]
* [[FreeBSD|strongSwan on FreeBSD]]
* [[MacOSX|strongSwan on Mac OS X]]
* [[Windows|strongSwan on Windows]]
* [[OpenWrt|strongSwan on OpenWrt]]
* [[Maemo|strongSwan on Maemo (Nokia N900)]]
h2. Interoperability
* [[Windows7|Windows 7]] with IKEv2
* [[WindowsVista|Windows Vista]] with IKEv1
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
* [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1
* [[BlackBerry|BlackBerry OS]] with IKEv1 or IKEv2
* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1
h2. Management Commands
* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.
* The alternative [[swanctl]] tool provides a new and portable configuration interface.
h2. Auxiliary Tools
* [[charon-cmd]] a simple command line IKE client
* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates
* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon
* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon
* ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations
* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_ (removed with [[5.1.3]])
h2. Linux 2.6 IPsec
* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter
* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase
h2. Frequently Asked Questions
* A [[FAQ]] is maintained [[FAQ|here]].