strongSwan User Documentation » History » Version 152
Noel Kuntze, 07.01.2017 17:41
ExpiryRekey
1 | 92 | Andreas Steffen | h1. strongSwan User Documentation |
---|---|---|---|
2 | 91 | Andreas Steffen | |
3 | 1 | Martin Willi | {{>toc}} |
4 | 1 | Martin Willi | |
5 | 150 | Noel Kuntze | h2. Frequently Asked Questions |
6 | 1 | Martin Willi | |
7 | 150 | Noel Kuntze | * A list of [[FAQ|Frequently Asked Questions]] is maintained [[FAQ|here]]. |
8 | 150 | Noel Kuntze | |
9 | 150 | Noel Kuntze | h2. Important articles |
10 | 150 | Noel Kuntze | |
11 | 147 | Noel Kuntze | * [[IntroductionTostrongSwan|Introduction to strongSwan]] |
12 | 1 | Martin Willi | ** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]] |
13 | 150 | Noel Kuntze | * [[CorrectTrafficDump|Taking traffic dumps correctly]] |
14 | 150 | Noel Kuntze | * [[SecurityRecommendations|Security Recommendations]] |
15 | 150 | Noel Kuntze | * [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]] |
16 | 147 | Noel Kuntze | |
17 | 51 | Andreas Steffen | h2. Features |
18 | 51 | Andreas Steffen | |
19 | 51 | Andreas Steffen | * [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2) |
20 | 51 | Andreas Steffen | * [[NatTraversal|NAT Traversal]] |
21 | 51 | Andreas Steffen | * [[MobIke|MOBIKE]] |
22 | 58 | Martin Willi | * [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations |
23 | 58 | Martin Willi | * [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against |
24 | 93 | Martin Willi | * [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins |
25 | 1 | Martin Willi | |
26 | 1 | Martin Willi | {{include_h(ConfigurationFiles)}} |
27 | 1 | Martin Willi | |
28 | 148 | Noel Kuntze | h2. Benchmarks |
29 | 148 | Noel Kuntze | |
30 | 148 | Noel Kuntze | * [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl) |
31 | 51 | Andreas Steffen | * [[RaspberryPi2Benchmark|Raspberry Pi 2 ESP Benchmark]] |
32 | 141 | Noel Kuntze | |
33 | 148 | Noel Kuntze | h2. HOWTOs |
34 | 144 | Noel Kuntze | |
35 | 152 | Noel Kuntze | * [[ExpiryRekey|Configuring rekeying and reauthentication]] |
36 | 141 | Noel Kuntze | * [[Pcrypt|Parallel IPsec processing using pcrypt]] |
37 | 151 | Noel Kuntze | * [[RouteBasedVPN|Information about route based VPNs (Virtual Tunnel Interfaces (VTIs))]] |
38 | 71 | Andreas Steffen | * [[NetworkManager|NetworkManager client setup]] |
39 | 71 | Andreas Steffen | * [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]] |
40 | 79 | Martin Willi | * [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]] |
41 | 81 | Martin Willi | * [[EapTls|EAP-TLS certificate authentication]] |
42 | 80 | Martin Willi | * [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]] |
43 | 71 | Andreas Steffen | * [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]] |
44 | 75 | Andreas Steffen | * [[CAmanagementGUIs|CA management made easy using GUIs]] |
45 | 133 | Andreas Steffen | * [[Bliss|Post-Quantum Bimodal Lattice Signature Scheme (BLISS) HOWTO]] |
46 | 51 | Andreas Steffen | * [[HashAndUrl|Hash-and-URL HOWTO]] |
47 | 51 | Andreas Steffen | * [[SqlLite|SQLite HOWTO]] |
48 | 51 | Andreas Steffen | * [[LoggerConfiguration|Logger configuration HOWTO]] |
49 | 97 | Tobias Brunner | * [[JobPriority|Job priority management HOWTO]] |
50 | 51 | Andreas Steffen | * [[IkeSaTable|IKE_SA lookup tuning HOWTO]] |
51 | 55 | Martin Willi | * [[MobileIPv6|Mobile IPv6 HOWTO]] |
52 | 74 | Jean-Michel Pouré | * [[SmartCards|Smartcard HOWTO]] |
53 | 110 | Andreas Steffen | * [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]] |
54 | 117 | Andreas Steffen | * [[BYOD|Android BYOD Security based on TNC]] |
55 | 110 | Andreas Steffen | * [[IfMap|TNC IF-MAP HOWTO]] |
56 | 120 | Andreas Steffen | * [[StrongTnc|strongTNC Policy Manager HOWTO]] |
57 | 110 | Andreas Steffen | * [[IMA|Linux Integrity Measurement Architecture (IMA)]] |
58 | 110 | Andreas Steffen | * [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]] |
59 | 51 | Andreas Steffen | |
60 | 131 | Tobias Brunner | {{include_h(ConfigurationExamples)}} |
61 | 1 | Martin Willi | |
62 | 99 | Tobias Brunner | h2. Portability |
63 | 99 | Tobias Brunner | |
64 | 125 | Tobias Brunner | * [[Android|strongSwan on Android]] |
65 | 118 | Tobias Brunner | * [[FreeBSD|strongSwan on FreeBSD]] |
66 | 1 | Martin Willi | * [[MacOSX|strongSwan on Mac OS X]] |
67 | 1 | Martin Willi | * [[Windows|strongSwan on Windows]] |
68 | 125 | Tobias Brunner | * [[OpenWrt|strongSwan on OpenWrt]] |
69 | 125 | Tobias Brunner | * [[Maemo|strongSwan on Maemo (Nokia N900)]] |
70 | 125 | Tobias Brunner | |
71 | 99 | Tobias Brunner | |
72 | 54 | Andreas Steffen | h2. Interoperability |
73 | 1 | Martin Willi | |
74 | 145 | Noel Kuntze | * [[Windows7|Windows 7 and newer]] with IKEv2 |
75 | 54 | Andreas Steffen | * [[WindowsVista|Windows Vista]] with IKEv1 |
76 | 60 | Andreas Steffen | * [[WindowsSuiteB|Windows Suite B Support]] with IKEv1 |
77 | 143 | Noel Kuntze | * [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1/IKEv2 |
78 | 108 | Andreas Steffen | * [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1 |
79 | 142 | Noel Kuntze | * [[BlackBerry|Blackberry OS 10 ]] with IKEv2 |
80 | 89 | Andreas Steffen | |
81 | 51 | Andreas Steffen | h2. Management Commands |
82 | 1 | Martin Willi | |
83 | 51 | Andreas Steffen | * The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections. |
84 | 123 | Martin Willi | * The alternative [[swanctl]] tool provides a new and portable configuration interface. |
85 | 1 | Martin Willi | |
86 | 24 | Martin Willi | h2. Auxiliary Tools |
87 | 36 | Martin Willi | |
88 | 119 | Tobias Brunner | * [[charon-cmd]] a simple command line IKE client |
89 | 119 | Tobias Brunner | |
90 | 105 | Tobias Brunner | * ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation |
91 | 68 | Andreas Steffen | * ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory |
92 | 68 | Andreas Steffen | * ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates |
93 | 95 | Tobias Brunner | * ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]] |
94 | 51 | Andreas Steffen | * ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_ |
95 | 51 | Andreas Steffen | * ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons |
96 | 51 | Andreas Steffen | * ipsec [[IpsecStroke|stroke]] controls the IKE charon daemon |
97 | 146 | Tobias Brunner | * ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations |