strongSwan

h1. strongSwan User Documentation

h2. Features

* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)

* [[NatTraversal|NAT Traversal]]

* [[MobIke|MOBIKE]]

* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)

* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations

* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against

h2. Configuration Files

* [[IpsecConf|ipsec.conf]] file

* [[IpsecSecrets|ipsec.secrets]] file

* [[IpsecDirectory|ipsec.d]] directory

* [[strongswanConf|strongswan.conf]] file

h2. Configuration HOWTOs

* "Configuration HOWTO":http://www.strongswan.org/docs/readme42.htm

* [[HashAndUrl|Hash-and-URL HOWTO]]

* [[SqlLite|SQLite HOWTO]]

* [[LoggerConfiguration|Logger configuration HOWTO]]

* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]

* [[MobileIPv6|Mobile IPv6 HOWTO]]

* [[NetworkManager|NetworkManager client setup]]

* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]

h2. Configuration Examples

Dozens of both simple and advanced VPN scenarios:

* [[IKEv1Examples|IKEv1]] examples

* [[IKEv2Examples|IKEv2]] examples - *NEW* with *EAP-RADIUS* support

* [[CipherSuiteExamples|Cipher Suite]] examples

* "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults43/ikev2/rw-hash-and-url example

* "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults43/p2pnat mediation service examples

* "Mixed":http://www.strongswan.org/uml/testresults43/ike IKEv1/IKEv2 examples

* "IPv6":http://www.strongswan.org/uml/testresults43/ipv6 examples

* "SQLite":http://www.strongswan.org/uml/testresults43/sql database backend examples

* "IKEv1":http://www.strongswan.org/uml/testresults43/openssl-ikev1 and "IKEv2":http://www.strongswan.org/uml/testresults43/openssl-ikev2 OpenSSL crypto plugin examples

* "IKEv1":http://www.strongswan.org/uml/testresults43/gcrypt-ikev1 and "IKEv2":http://www.strongswan.org/uml/testresults43/gcrypt-ikev2 GNU Gcrypt crypto plugin examples

h2. Interoperability

* [[Windows7|Windows 7]] with IKEv2

* [[WindowsVista|Windows Vista]] with IKEv1

* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1

h2. Management Commands

* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.

h2. Auxiliary Tools

* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_

* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_

* ipsec [[IpsecPool|pool]] manages virtual IP address pools stored in an SQL database

* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory

* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons

* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon

* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon

* ipsec [[IpsecUci|uci]] configuration plugin for OpenWRT

* ipsec [[IpsecXWRT|X-WRT]] end user configuration of X-WRT for OpenWRT

h2. Linux 2.6 IPsec

* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter

* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase

h2. Frequently Asked Questions

* A [[FAQ]] is maintained [[FAQ|here]].