StrongSwan

strongSwan is a complete IPsec implementation for Linux 2.6, 3.x, and 4.x kernels. The focus of the project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface.

The project is maintained by Andreas Steffen who is a professor for Security in Communications at the University of Applied Sciences in Rapperswil, Switzerland.

As a descendant of the FreeS/WAN project, strongSwan continues to be released under the GPL license. It supports certificate revocation lists and the (OCSP). A unique feature is the use of X.509 attribute certificates to implement access control schemes based on group memberships. StrongSwan interoperates with other IPsec implementations, including various Microsoft Windows and macOS VPN clients. The modular strongSwan 5.0 branch fully implements the Internet Key Exchange (IKEv2) protocol defined by RFC 5996.

strongSwan supports IKEv1 and fully implements IKEv2.

The focus of the strongSwan project lies on the strong Authentication by means of X.509-Certificates, as well as the optional safe storage of private key on smart cards with help of the standardized PKCS#11 interface, strongSwan certificate check lists and On-line Certificate Status Protocol (OCSP).