Project

General

Profile

strongSwan User Documentation » History » Version 174

« Previous - Version 174/175 (diff) - Next » - Current version
Tobias Brunner, 28.04.2020 15:30
Don't use h3 to increase font size of a list


strongSwan User Documentation

If you need help or have questions, check these articles first

Important articles

Features

Configuration Files

General Options

Used by swanctl and the preferred vici plugin

Used by starter and the deprecated stroke plugin

IKE and ESP Cipher Suites

Benchmarks

Configuration Examples

Dozens of both simple and advanced VPN scenarios are available. Please make sure to read the ConfigurationExamplesNotes.

Modern vici-based Scenarios

These scenarios use the modern Versatile IKE Control Interface (VICI) as implemented by vici plugin and the swanctl command line tool.

Legacy stroke-based Scenarios

These scenarios use the deprecated stroke interface as implemented by the stroke plugin and the ipsec command line tool.

HOWTOs

Portability

Interoperability

Management Commands

  • The powerful swanctl command starts, stops and monitors IPsec connections.
  • The legacy ipsec command is deprecated but currently still supported.

Auxiliary Tools

  • charon-cmd a simple command line IKE client
  • pki generates and analyzes RSA/ECDSA private keys and X.509 certificates
  • ipsec attest manages measurement reference values used for TPM-based remote attestation
  • ipsec leases shows the assignment of virtual IP adresses stored in volatile memory
  • ipsec pool manages virtual IP address pools and attributes stored in an SQL database and provided by the attr-sql plugin
  • ipsec scepclient implements the Simple Certificate Enrollment Protocol (SCEP)
  • ipsec starter starts, stops, and configures the IKE daemons
  • ipsec stroke controls the IKE charon daemon
  • ipsec conftest is a tool to test IKEv2 implementations
  • pt-tls-client using PT-TLS to collect integrity measurement information
  • sw-collector Extracts software installation events from dpkg history log
  • sec-updater Extracts security update information of Linux distributions