strongSwan

h1. strongSwan User Documentation

{{>toc}}

h2. Introduction to strongSwan

* [[IntroductionTostrongSwan|Introduction to strongSwan]]

** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]]

h2. Frequently Asked Questions

* A list of [[FAQ]] is maintained [[FAQ|here]].

h2. Features

* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)

* [[NatTraversal|NAT Traversal]]

* [[MobIke|MOBIKE]]

* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)

* [[RaspberryPi2Benchmark|Raspberry Pi 2 ESP Benchmark]]

* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations

* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against

* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins

* [[Pcrypt|Parallel IPsec processing using pcrypt]] shows ways to accelerate IPsec processing in kernel using the pcrypt module

{{include_h(ConfigurationFiles)}}

h2. HOWTOs

* [[RouteBasedVPN|Information about route based VPNs]]

* [[CorrectTrafficDump|Taking traffic dumps correctly]]

* [[SecurityRecommendations|Security Recommendations]]

* [[NetworkManager|NetworkManager client setup]]

* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]

* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]

* [[EapTls|EAP-TLS certificate authentication]]

* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]

* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]

* [[CAmanagementGUIs|CA management made easy using GUIs]]

* [[Bliss|Post-Quantum Bimodal Lattice Signature Scheme (BLISS) HOWTO]]

* [[HashAndUrl|Hash-and-URL HOWTO]]

* [[SqlLite|SQLite HOWTO]]

* [[LoggerConfiguration|Logger configuration HOWTO]]

* [[JobPriority|Job priority management HOWTO]]

* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]

* [[MobileIPv6|Mobile IPv6 HOWTO]]

* [[SmartCards|Smartcard HOWTO]]

* [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]]

* [[BYOD|Android BYOD Security based on TNC]]

* [[IfMap|TNC IF-MAP HOWTO]]

* [[StrongTnc|strongTNC Policy Manager HOWTO]]

* [[IMA|Linux Integrity Measurement Architecture (IMA)]] 

* [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]] 

{{include_h(ConfigurationExamples)}}

h2. Portability

* [[Android|strongSwan on Android]]

* [[FreeBSD|strongSwan on FreeBSD]]

* [[MacOSX|strongSwan on Mac OS X]]

* [[Windows|strongSwan on Windows]]

* [[OpenWrt|strongSwan on OpenWrt]]

* [[Maemo|strongSwan on Maemo (Nokia N900)]]

h2. Interoperability

* [[Windows7|Windows 7 and newer]] with IKEv2

* [[WindowsVista|Windows Vista]] with IKEv1

* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1

* [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1/IKEv2

* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1

* [[BlackBerry|Blackberry OS 10 ]] with IKEv2

h2. Management Commands

* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.

* The alternative [[swanctl]] tool provides a new and portable configuration interface.

h2. Auxiliary Tools

* [[charon-cmd]] a simple command line IKE client

* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation

* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory

* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates  

* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]

* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_

* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons

* ipsec [[IpsecStroke|stroke]] controls the IKE charon daemon

* ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations