strongSwan User Documentation » History » Version 70
Version 69 (Jean-Michel PourĂ©, 24.12.2009 09:16) → Version 70/184 (Jean-Michel PourĂ©, 24.12.2009 09:17)
h1. strongSwan User Documentation
h2. Features
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
* [[NatTraversal|NAT Traversal]]
* [[MobIke|MOBIKE]]
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
h2. Configuration Files
* [[IpsecConf|ipsec.conf]] file
* [[IpsecSecrets|ipsec.secrets]] file
* [[IpsecDirectory|ipsec.d]] directory
* [[strongswanConf|strongswan.conf]] file
h2. Configuration HOWTOs
* "Configuration HOWTO":http://www.strongswan.org/docs/readme42.htm
* [[SimpleCA|Setting-up [[SimpleCA|Setting a simple CA using strongSwan PKI tool]]
* [[HashAndUrl|Hash-and-URL HOWTO]]
* [[SqlLite|SQLite HOWTO]]
* [[LoggerConfiguration|Logger configuration HOWTO]]
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
* [[MobileIPv6|Mobile IPv6 HOWTO]]
* [[NetworkManager|NetworkManager client setup]]
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
* [[FreeBSD|strongSwan on FreeBSD]] (IKEv2 only)
* [[MacOSX|strongSwan on Mac OS X]] (IKEv2 only)
h2. Configuration Examples
Dozens of both simple and advanced VPN scenarios:
* [[IKEv1Examples|IKEv1]] examples
* [[IKEv2Examples|IKEv2]] examples - *NEW* with *EAP-RADIUS* support
* [[IPv6Examples|IPv6]] examples
* [[CipherSuiteExamples|Advanced Cipher Suite]] examples
* [[IntegrityCryptoTestExamples|Integrity and Crypto Test]] examples
* "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults43/ikev2/rw-hash-and-url example
* "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults43/p2pnat mediation service examples
* "SQLite":http://www.strongswan.org/uml/testresults43/sql database backend examples
h2. Interoperability
* [[Windows7|Windows 7]] with IKEv2
* [[WindowsVista|Windows Vista]] with IKEv1
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
h2. Management Commands
* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.
h2. Auxiliary Tools
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_
* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates
* ipsec [[IpsecPool|pool]] manages virtual IP address pools stored in an SQL database
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon
* ipsec [[IpsecUci|uci]] configuration plugin for OpenWRT
* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon
* ipsec [[IpsecXWRT|X-WRT]] end user configuration of X-WRT for OpenWRT
h2. Linux 2.6 IPsec
* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter
* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase
h2. Frequently Asked Questions
* A [[FAQ]] is maintained [[FAQ|here]].
h2. Features
* [[VirtualIp|Virtual IP]] via mode-config (IKEv1) or configuration payload (IKEv2)
* [[NatTraversal|NAT Traversal]]
* [[MobIke|MOBIKE]]
* [[PublicKeySpeed|Public Key Benchmark]] using various crypto libraries (gmp, gcrypt, openssl)
* [[CryptoTest|Crypto tests]] provide a way to self-test used crypto implementations
* [[IntegrityTest|Integrity tests]] make sure that the daemons use plugins and libraries they were built against
h2. Configuration Files
* [[IpsecConf|ipsec.conf]] file
* [[IpsecSecrets|ipsec.secrets]] file
* [[IpsecDirectory|ipsec.d]] directory
* [[strongswanConf|strongswan.conf]] file
h2. Configuration HOWTOs
* "Configuration HOWTO":http://www.strongswan.org/docs/readme42.htm
* [[SimpleCA|Setting-up [[SimpleCA|Setting a simple CA using strongSwan PKI tool]]
* [[HashAndUrl|Hash-and-URL HOWTO]]
* [[SqlLite|SQLite HOWTO]]
* [[LoggerConfiguration|Logger configuration HOWTO]]
* [[IkeSaTable|IKE_SA lookup tuning HOWTO]]
* [[MobileIPv6|Mobile IPv6 HOWTO]]
* [[NetworkManager|NetworkManager client setup]]
* [[EapGtc|Authenticate road warriors using EAP-GTC and a PAM service]]
* [[FreeBSD|strongSwan on FreeBSD]] (IKEv2 only)
* [[MacOSX|strongSwan on Mac OS X]] (IKEv2 only)
h2. Configuration Examples
Dozens of both simple and advanced VPN scenarios:
* [[IKEv1Examples|IKEv1]] examples
* [[IKEv2Examples|IKEv2]] examples - *NEW* with *EAP-RADIUS* support
* [[IPv6Examples|IPv6]] examples
* [[CipherSuiteExamples|Advanced Cipher Suite]] examples
* [[IntegrityCryptoTestExamples|Integrity and Crypto Test]] examples
* "IKEv2 Hash-and-URL":http://www.strongswan.org/uml/testresults43/ikev2/rw-hash-and-url example
* "IKEv2 Mediation Extension":http://www.strongswan.org/uml/testresults43/p2pnat mediation service examples
* "SQLite":http://www.strongswan.org/uml/testresults43/sql database backend examples
h2. Interoperability
* [[Windows7|Windows 7]] with IKEv2
* [[WindowsVista|Windows Vista]] with IKEv1
* [[WindowsSuiteB|Windows Suite B Support]] with IKEv1
h2. Management Commands
* The powerful [[IpsecCommand|ipsec]] command starts, stops and monitors IPsec connections.
h2. Auxiliary Tools
* ipsec [[IpsecLeases|leases]] shows the assignment of virtual IP adresses stored in volatile memory
* ipsec [[OpenAc|openac]] generates _X.509 attribute certificates_
* ipsec [[IpsecPKI|pki]] generates and analyzes RSA/ECDSA private keys and X.509 certificates
* ipsec [[IpsecPool|pool]] manages virtual IP address pools stored in an SQL database
* ipsec [[ScepClient|scepclient]] implements the _Simple Certificate Enrollment Protocol (SCEP)_
* ipsec [[IpsecStarter|starter]] starts, stops, and configures the IKE daemons
* ipsec [[IpsecStroke|stroke]] controls the IKEv2 charon daemon
* ipsec [[IpsecUci|uci]] configuration plugin for OpenWRT
* ipsec [[IpsecWhack|whack]] controls the IKEv1 pluto daemon
* ipsec [[IpsecXWRT|X-WRT]] end user configuration of X-WRT for OpenWRT
h2. Linux 2.6 IPsec
* "Firewalling mit Linux 2.6 IPsec":http://www.linux-magazin.de/heft_abo/ausgaben/2004/12/sicherer_brandstifter
* "Linux netfilter IPsec policy matching":http://www.linux-magazin.de/heft_abo/ausgaben/2006/08/doppelnase
h2. Frequently Asked Questions
* A [[FAQ]] is maintained [[FAQ|here]].