strongSwan User Documentation » History » Version 183

Version 182 (Noel Kuntze, 11.04.2021 05:57) → Version 183/184 (Noel Kuntze, 11.04.2021 06:04)

h1. strongSwan User Documentation


h2. If you need help or have questions, check these articles first

*(style{font-size: 1.1em}) A list of [[FAQ|Frequently Asked Questions]] is maintained [[FAQ|here]]
* [[HelpRequests|Before you ask for help, read this article]]
* [[CommercialSupport|Commercial Support]]
* [[Known_Issues_caused_by_third_party_software|Known Issues caused by third party software]]

h2. Important articles

* [[IntroductionTostrongSwan|Introduction to strongSwan]]
** [[ForwardingAndSplitTunneling|Forwarding and Split-Tunneling]]
* [[CorrectTrafficDump|Taking traffic dumps correctly]]
* [[SecurityRecommendations|Security Recommendations]]
* [[SimpleCA|Setting up a simple CA using the strongSwan PKI tool]]
* [[Cloudplatforms|strongSwan on cloud platforms]]
* [[ThirdPartyTools|Third Party provided tools for strongSwan]]

h2. Features

* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
* [[NatTraversal|NAT Traversal]]
* [[MobIke|MOBIKE]]
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
* [[PluginList|Plugin list]] gives an overview about all optionally loadable strongSwan plugins



h2. Benchmarks

* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
* [[RaspberryPi2Benchmark|Raspberry Pi 2 ESP Benchmark]]

h2. Platform Security

* [[SmartCards|Smartcard HOWTO]]
* [[TpmPlugin|Using TPM 2.0 Keys with strongSwan (Updated 2021)]]
* [[TrustedNetworkConnect|Trusted Network Connect (TNC) HOWTO]]
* [[StrongTnc|strongTNC Policy Manager HOWTO]]
* [[IMA|Linux Integrity Measurement Architecture (IMA)]]
* [[BYOD|Android BYOD Security based on TNC]]

h2. HOWTOs

* [[ExpiryRekey|Configuring rekeying and reauthentication]]
* [[Pcrypt|Parallel IPsec processing using pcrypt]]
* [[RouteBasedVPN|Information about route based VPNs (Virtual Tunnel Interfaces (VTIs), XFRM interfaces (XFRMis))]] (VTIs))]]
* [[NetworkManager|NetworkManager client setup]]
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
* [[EapRadius|Use a RADIUS AAA server to authenticate clients with EAP]]
* [[EapTls|EAP-TLS certificate authentication]]
* [[HighAvailability|Configure a failsafe strongSwan High Availability cluster]]
* [[SimpleCA|Setting-up a simple CA using the strongSwan PKI tool]]
* [[CAmanagementGUIs|CA management made easy using GUIs]]
* [[Bliss|Post-Quantum Bimodal Lattice Signature Scheme (BLISS) HOWTO]]
* [[HashAndUrl|Hash-and-URL HOWTO]]
* [[SqlLite|SQLite HOWTO]]
* [[LoggerConfiguration|Logger configuration HOWTO]]
* [[JobPriority|Job priority management HOWTO]]
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
* [[MobileIPv6|Mobile IPv6 HOWTO]]
* [[AwsVpc|Setting up a VPN into the Amazon Public Cloud's VPC]]
* [[Netns|Running strongSwan in Network Namespaces on Linux]]

h2. Portability

* [[Android|strongSwan on Android]]
* [[FreeBSD|strongSwan on FreeBSD]]
* [[MacOSX|strongSwan on Mac OS X]]
* [[Windows|strongSwan on Windows]]
* [[OpenWrt|strongSwan on OpenWrt]]
* [[Maemo|strongSwan on Maemo (Nokia N900)]]

h2. Interoperability

* [[Windows7|Windows 7 and newer]] with IKEv2
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
* [[IOS_(Apple)|Apple iOS (iPhone, iPad) and Mac OS X]] with IKEv1/IKEv2
* [[CharonPlutoIKEv1|strongSwan 4.x (pluto) - 5.x (charon)]] with IKEv1
* [[BlackBerry|Blackberry OS 10 ]] with IKEv2
* [[CiscoInteroperability|CISCO brand devices]]
* [[Fortinet|Fortinet brand devices]]
* [[Checkpoint|Check Point brand devices]]
* [[AVM_FRITZ_(FRITZ!Box_)_brand_devices| AVM FRITZ (FRITZ!Box, ...) brand devices]]

h2. Management Commands

* The powerful [[swanctl]] command starts, stops and monitors IPsec connections.
* The legacy [[IpsecCommand|ipsec]] command is deprecated but currently still supported.

h2. Auxiliary Tools

* [[charon-cmd]] a simple command line IKE client
* [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates

* ipsec [[IpsecAttest|attest]] manages measurement reference values used for TPM-based remote attestation
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
* ipsec [[IpsecPool|pool]] manages virtual IP address pools and attributes stored in an SQL database and provided by the [[attrsql|attr-sql plugin]]
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
* ipsec [[IpsecStroke|stroke]] controls the IKE charon daemon
* ipsec [[IpsecConftest|conftest]] is a tool to test IKEv2 implementations

* [[PtTlsClient|pt-tls-client]] using PT-TLS to collect integrity measurement information
* [[SwCollector|sw-collector]] Extracts software installation events from dpkg history log
* [[SecUpdater|sec-updater]] Extracts security update information of Linux distributions