strongSwan User Documentation » History » Version 128
Tobias Brunner, 10.07.2014 16:35
| 1 | 92 | Andreas Steffen | h1. strongSwan User Documentation |
|---|---|---|---|
| 2 | 91 | Andreas Steffen | |
| 3 | 1 | Martin Willi | {{>toc}} |
| 4 | 1 | Martin Willi | |
| 5 | 113 | Tobias Brunner | h2. Introduction to strongSwan |
| 6 | 113 | Tobias Brunner | |
| 7 | 113 | Tobias Brunner | * [[IntroductionTostrongSwan|Introduction to strongSwan]] |
| 8 | 113 | Tobias Brunner | ** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]] |
| 9 | 113 | Tobias Brunner | |
| 10 | 113 | Tobias Brunner | |
| 11 | 51 | Andreas Steffen | h2. Features |
| 12 | 51 | Andreas Steffen | |
| 13 | 51 | Andreas Steffen | * [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2) |
| 14 | 51 | Andreas Steffen | * [[NatTraversal|NAT Traversal]] |
| 15 | 51 | Andreas Steffen | * [[MobIke|MOBIKE]] |
| 16 | 57 | Andreas Steffen | * [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl) |
| 17 | 58 | Martin Willi | * [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations |
| 18 | 58 | Martin Willi | * [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against |
| 19 | 93 | Martin Willi | * [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins |
| 20 | 51 | Andreas Steffen | |
| 21 | 51 | Andreas Steffen | h2. Configuration Files |
| 22 | 1 | Martin Willi | |
| 23 | 126 | Tobias Brunner | h3. General Options |
| 24 | 126 | Tobias Brunner | |
| 25 | 126 | Tobias Brunner | * [[strongswanConf|strongswan.conf]] file |
| 26 | 126 | Tobias Brunner | * [[strongswanDirectory|strongswan.d]] directory |
| 27 | 126 | Tobias Brunner | |
| 28 | 126 | Tobias Brunner | h3. Used by [[ipsecstarter|starter]] and the [[ipsecstroke|stroke plugin]] |
| 29 | 126 | Tobias Brunner | |
| 30 | 52 | Andreas Steffen | * [[IpsecConf|ipsec.conf]] file |
| 31 | 1 | Martin Willi | * [[IpsecSecrets|ipsec.secrets]] file |
| 32 | 1 | Martin Willi | * [[IpsecDirectory|ipsec.d]] directory |
| 33 | 126 | Tobias Brunner | |
| 34 | 126 | Tobias Brunner | h3. Used by [[swanctl]] |
| 35 | 126 | Tobias Brunner | |
| 36 | 126 | Tobias Brunner | * [[swanctl.conf|swanctl.conf]] file |
| 37 | 126 | Tobias Brunner | * [[swanctlDirectory|swanctl]] directory |
| 38 | 51 | Andreas Steffen | |
| 39 | 51 | Andreas Steffen | h2. Configuration HOWTOs |
| 40 | 51 | Andreas Steffen | |
| 41 | 71 | Andreas Steffen | * [[NetworkManager|NetworkManager client setup]] |
| 42 | 71 | Andreas Steffen | * [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]] |
| 43 | 79 | Martin Willi | * [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]] |
| 44 | 81 | Martin Willi | * [[EapTls|EAP-TLS certificate authentication]] |
| 45 | 80 | Martin Willi | * [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]] |
| 46 | 71 | Andreas Steffen | * [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]] |
| 47 | 75 | Andreas Steffen | * [[CAmanagementGUIs|CA management made easy using GUIs]] |
| 48 | 51 | Andreas Steffen | * [[HashAndUrl|Hash-and-URL HOWTO]] |
| 49 | 51 | Andreas Steffen | * [[SqlLite|SQLite HOWTO]] |
| 50 | 51 | Andreas Steffen | * [[LoggerConfiguration|Logger configuration HOWTO]] |
| 51 | 97 | Tobias Brunner | * [[JobPriority|Job priority management HOWTO]] |
| 52 | 51 | Andreas Steffen | * [[IkeSaTable|IKE_SA lookup tuning HOWTO]] |
| 53 | 55 | Martin Willi | * [[MobileIPv6|Mobile IPv6 HOWTO]] |
| 54 | 74 | Jean-Michel Pouré | * [[SmartCards|Smartcard HOWTO]] |
| 55 | 76 | Christoph Lukas | * [[EToken|Aladdin eToken HOWTO]] |
| 56 | 110 | Andreas Steffen | * [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]] |
| 57 | 117 | Andreas Steffen | * [[BYOD|Android BYOD Security based on TNC]] |
| 58 | 110 | Andreas Steffen | * [[IfMap|TNC IF-MAP HOWTO]] |
| 59 | 120 | Andreas Steffen | * [[StrongTnc|strongTNC Policy Manager HOWTO]] |
| 60 | 110 | Andreas Steffen | * [[IMA|Linux Integrity Measurement Architecture (IMA)]] |
| 61 | 110 | Andreas Steffen | * [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]] |
| 62 | 51 | Andreas Steffen | |
| 63 | 112 | Tobias Brunner | {{include(ConfigurationExamples)}} |
| 64 | 1 | Martin Willi | |
| 65 | 99 | Tobias Brunner | h2. Portability |
| 66 | 99 | Tobias Brunner | |
| 67 | 125 | Tobias Brunner | * [[Android|strongSwan on Android]] |
| 68 | 118 | Tobias Brunner | * [[FreeBSD|strongSwan on FreeBSD]] |
| 69 | 1 | Martin Willi | * [[MacOSX|strongSwan on Mac OS X]] |
| 70 | 1 | Martin Willi | * [[Windows|strongSwan on Windows]] |
| 71 | 125 | Tobias Brunner | * [[OpenWrt|strongSwan on OpenWrt]] |
| 72 | 125 | Tobias Brunner | * [[Maemo|strongSwan on Maemo (Nokia N900)]] |
| 73 | 125 | Tobias Brunner | |
| 74 | 99 | Tobias Brunner | |
| 75 | 54 | Andreas Steffen | h2. Interoperability |
| 76 | 1 | Martin Willi | |
| 77 | 54 | Andreas Steffen | * [[Windows7|Windows 7]] with IKEv2 |
| 78 | 54 | Andreas Steffen | * [[WindowsVista|Windows Vista]] with IKEv1 |
| 79 | 60 | Andreas Steffen | * [[WindowsSuiteB|Windows Suite B Support]] with IKEv1 |
| 80 | 109 | Robert Cambridge | * [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1 |
| 81 | 115 | Tobias Brunner | * [[BlackBerry|BlackBerry OS]] with IKEv1 or IKEv2 |
| 82 | 108 | Andreas Steffen | * [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1 |
| 83 | 89 | Andreas Steffen | |
| 84 | 51 | Andreas Steffen | h2. Management Commands |
| 85 | 1 | Martin Willi | |
| 86 | 51 | Andreas Steffen | * The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections. |
| 87 | 123 | Martin Willi | * The alternative [[swanctl]] tool provides a new and portable configuration interface. |
| 88 | 1 | Martin Willi | |
| 89 | 24 | Martin Willi | h2. Auxiliary Tools |
| 90 | 36 | Martin Willi | |
| 91 | 119 | Tobias Brunner | * [[charon-cmd]] a simple command line IKE client |
| 92 | 119 | Tobias Brunner | |
| 93 | 105 | Tobias Brunner | * ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation |
| 94 | 68 | Andreas Steffen | * ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory |
| 95 | 68 | Andreas Steffen | * ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates |
| 96 | 95 | Tobias Brunner | * ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]] |
| 97 | 68 | Andreas Steffen | * ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_ |
| 98 | 1 | Martin Willi | * ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons |
| 99 | 127 | Tobias Brunner | * ipsec [[IpsecStroke|stroke]] controls the IKE charon daemon |
| 100 | 122 | Tobias Brunner | * ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations |
| 101 | 51 | Andreas Steffen | |
| 102 | 51 | Andreas Steffen | h2. Linux 2.6 IPsec |
| 103 | 51 | Andreas Steffen | |
| 104 | 51 | Andreas Steffen | * "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter |
| 105 | 51 | Andreas Steffen | * "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase |
| 106 | 51 | Andreas Steffen | |
| 107 | 51 | Andreas Steffen | |
| 108 | 51 | Andreas Steffen | h2. Frequently Asked Questions |
| 109 | 51 | Andreas Steffen | |
| 110 | 51 | Andreas Steffen | |
| 111 | 51 | Andreas Steffen | * A [[FAQ]] is maintained [[FAQ|here]]. |