strongSwan 4.2.1 (Default branch) |
|
|
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It also fully supports the new IKEv2 protocol with Linux 2.6 kernels. It interoperates in both IKEv1 and IKEv2 mode with most other IPsec-based VPN products. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates
to implement advanced access control schemes based on group memberships.
License: GNU General Public License (GPL)
Changes:
Support for "Hash and URL" encoded IKEv2
certificate payloads was added. Instead of the
certificates themselves, only an URL pointing to
them is transmitted, thus avoiding IP
fragmentation of IKE datagrams due to large
certificates. The IKEv1 pluto daemon now supports
the ESP encryption algorithm Camellia and the
authentication algorithm AES_XCBC_MAC.
|
