strongSwan User Documentation » History » Version 68
Andreas Steffen, 28.08.2009 10:32
added ipsec pki
| 1 | 51 | Andreas Steffen | h1. strongSwan User Documentation |
|---|---|---|---|
| 2 | 1 | Martin Willi | |
| 3 | 1 | Martin Willi | |
| 4 | 1 | Martin Willi | |
| 5 | 51 | Andreas Steffen | h2. Features |
| 6 | 51 | Andreas Steffen | |
| 7 | 51 | Andreas Steffen | * [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2) |
| 8 | 51 | Andreas Steffen | * [[NatTraversal|NAT Traversal]] |
| 9 | 51 | Andreas Steffen | * [[MobIke|MOBIKE]] |
| 10 | 57 | Andreas Steffen | * [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl) |
| 11 | 58 | Martin Willi | * [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations |
| 12 | 58 | Martin Willi | * [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against |
| 13 | 51 | Andreas Steffen | |
| 14 | 51 | Andreas Steffen | h2. Configuration Files |
| 15 | 1 | Martin Willi | |
| 16 | 52 | Andreas Steffen | * [[IpsecConf|ipsec.conf]] file |
| 17 | 52 | Andreas Steffen | * [[IpsecSecrets|ipsec.secrets]] file |
| 18 | 52 | Andreas Steffen | * [[IpsecDirectory|ipsec.d]] directory |
| 19 | 52 | Andreas Steffen | * [[strongswanConf|strongswan.conf]] file |
| 20 | 51 | Andreas Steffen | |
| 21 | 51 | Andreas Steffen | |
| 22 | 51 | Andreas Steffen | h2. Configuration HOWTOs |
| 23 | 51 | Andreas Steffen | |
| 24 | 62 | Andreas Steffen | * "Configuration HOWTO":http://www.strongswan.org/docs/readme42.htm |
| 25 | 51 | Andreas Steffen | * [[HashAndUrl|Hash-and-URL HOWTO]] |
| 26 | 51 | Andreas Steffen | * [[SqlLite|SQLite HOWTO]] |
| 27 | 51 | Andreas Steffen | * [[LoggerConfiguration|Logger configuration HOWTO]] |
| 28 | 51 | Andreas Steffen | * [[IkeSaTable|IKE_SA lookup tuning HOWTO]] |
| 29 | 51 | Andreas Steffen | * [[MobileIPv6|Mobile IPv6 HOWTO]] |
| 30 | 55 | Martin Willi | * [[NetworkManager|NetworkManager client setup]] |
| 31 | 55 | Martin Willi | * [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]] |
| 32 | 51 | Andreas Steffen | |
| 33 | 67 | Tobias Brunner | * [[FreeBSD|strongSwan on FreeBSD]] (IKEv2 only) |
| 34 | 67 | Tobias Brunner | * [[MacOSX|strongSwan on Mac OS X]] (IKEv2 only) |
| 35 | 67 | Tobias Brunner | |
| 36 | 51 | Andreas Steffen | |
| 37 | 51 | Andreas Steffen | h2. Configuration Examples |
| 38 | 51 | Andreas Steffen | |
| 39 | 1 | Martin Willi | Dozens of both simple and advanced VPN scenarios: |
| 40 | 51 | Andreas Steffen | * [[IKEv1Examples|IKEv1]] examples |
| 41 | 51 | Andreas Steffen | * [[IKEv2Examples|IKEv2]] examples - *NEW* with *EAP-RADIUS* support |
| 42 | 66 | Andreas Steffen | * [[IPv6Examples|IPv6]] examples |
| 43 | 64 | Andreas Steffen | * [[CipherSuiteExamples|Advanced Cipher Suite]] examples |
| 44 | 65 | Andreas Steffen | * [[IntegrityCryptoTestExamples|Integrity and Crypto Test]] examples |
| 45 | 61 | Andreas Steffen | * "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults43/ikev2/rw-hash-and-url example |
| 46 | 61 | Andreas Steffen | * "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults43/p2pnat mediation service examples |
| 47 | 61 | Andreas Steffen | * "SQLite":http://www.strongswan.org/uml/testresults43/sql database backend examples |
| 48 | 22 | Martin Willi | |
| 49 | 54 | Andreas Steffen | h2. Interoperability |
| 50 | 1 | Martin Willi | |
| 51 | 54 | Andreas Steffen | * [[Windows7|Windows 7]] with IKEv2 |
| 52 | 54 | Andreas Steffen | * [[WindowsVista|Windows Vista]] with IKEv1 |
| 53 | 60 | Andreas Steffen | * [[WindowsSuiteB|Windows Suite B Support]] with IKEv1 |
| 54 | 54 | Andreas Steffen | |
| 55 | 51 | Andreas Steffen | h2. Management Commands |
| 56 | 1 | Martin Willi | |
| 57 | 51 | Andreas Steffen | * The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections. |
| 58 | 1 | Martin Willi | |
| 59 | 51 | Andreas Steffen | |
| 60 | 24 | Martin Willi | h2. Auxiliary Tools |
| 61 | 36 | Martin Willi | |
| 62 | 68 | Andreas Steffen | * ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory |
| 63 | 1 | Martin Willi | * ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_ |
| 64 | 68 | Andreas Steffen | * ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates |
| 65 | 51 | Andreas Steffen | * ipsec [[IpsecPool|pool]] manages virtual IP address pools stored in an SQL database |
| 66 | 68 | Andreas Steffen | * ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_ |
| 67 | 1 | Martin Willi | * ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons |
| 68 | 51 | Andreas Steffen | * ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon |
| 69 | 51 | Andreas Steffen | * ipsec [[IpsecUci|uci]] configuration plugin for OpenWRT |
| 70 | 68 | Andreas Steffen | * ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon |
| 71 | 51 | Andreas Steffen | * ipsec [[IpsecXWRT|X-WRT]] end user configuration of X-WRT for OpenWRT |
| 72 | 51 | Andreas Steffen | |
| 73 | 51 | Andreas Steffen | h2. Linux 2.6 IPsec |
| 74 | 51 | Andreas Steffen | |
| 75 | 51 | Andreas Steffen | * "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter |
| 76 | 51 | Andreas Steffen | * "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase |
| 77 | 51 | Andreas Steffen | |
| 78 | 51 | Andreas Steffen | |
| 79 | 51 | Andreas Steffen | h2. Frequently Asked Questions |
| 80 | 51 | Andreas Steffen | |
| 81 | 51 | Andreas Steffen | |
| 82 | 51 | Andreas Steffen | * A [[FAQ]] is maintained [[FAQ|here]]. |