StrongSwan

StrongSwan

Infobox Software
name = strongSwan



caption =
author =
developer = Andreas Steffen & Martin Willi
released =
latest release version = 4.2.7
latest release date = September 18, 2008
latest preview version =
latest preview date =
operating system = Linux
platform =
language =
status =
genre = IPsec
license = GNU General Public License
website = [http://www.strongswan.org/ www.strongswan.org]

strongSwan is a complete IPsec implementation for Linux 2.4 and 2.6 kernels.

It is a descendant of the FreeS/WAN project, and continues to be released under the GPL license. The project is actively maintained by Andreas Steffenwho is a professor for Security in Communications at the [http://www.hsr.ch University of Applied Sciences Rapperswil] in Switzerland.The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. It supports certificate revocation lists and the
Online Certificate Status Protocol (OCSP). A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

strongSwan has an easy and straightforward approach to configuration and interoperatessmoothly with most other IPsec implementations including various Microsoft Windows and
Mac OS X VPN clients.

The modular strongSwan 4.2 branch fully implements the IKEv2 protocol defined by RFC 4306. Software architect and main developer of the IKEv2 keying daemon is Martin Willi. NAT traversal for IKEv2 was contributed by Tobias Brunner and Daniel Röthlisberger. The IKEv2 Mediation Service defined in [http://tools.ietf.org/html/draft-brunner-ikev2-mediation draft-brunner-ikev2-mediation] was implemented by Tobias Brunner.

UML simulation environment

strongSwan comes with an easy-to-use simulation environment based on User-mode Linux. A network of eight virtual hosts allows the user to enact a multitude of site-to-site and roadwarrior VPN scenarios.

External links

* [http://www.strongswan.org/ strongSwan website]
* [http://www.strongswan.org/uml/ strongSwan UML testing environment]
* [http://www.strongswan.org/docs/LinuxTag2007-strongSwan.pdf LinuxTag 2007 Paper: strongSwan - the new IKEv2 VPN Solution]
* [http://www.strongswan.org/docs/LinuxTag2005-strongSwan.pdf LinuxTag 2005 Paper: Advanced Features of Linux strongSwan]
* [http://www.strongswan.org/uml/DFN_UML.pdf DFN 2005 Paper: Advanced Network Simulation under User-Mode Linux]
* [http://www.mudynamics.com/news/press/pr091908.html Mu Dynamics discovers, remediates leading open source VPN vulnerability: StrongSwan IKEv2 Denial Of Service]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • StrongSwan — Basisdaten Entwickler: Andreas Steffen, Martin Willi Tobias Brunner, HSR Aktuelle Version …   Deutsch Wikipedia

  • Strongswan — Basisdaten Entwickler: Andreas Steffen, Martin Willi Tobias Brunner, HSR Aktuelle Version …   Deutsch Wikipedia

  • strongSwan — Basisdaten Entwickler Andreas Steffen, Martin Willi Tobias Brunner, HSR Aktuelle V …   Deutsch Wikipedia

  • Virtuelles privates Netz — Virtual Private Network (dt. virtuelles privates Netz; kurz VPN) dient der Einbindung von Geräten eines benachbarten Netzes an das eigene Netz, ohne dass die Netzwerke zueinander kompatibel sein müssen. Inhaltsverzeichnis 1 Grundlagen 1.1… …   Deutsch Wikipedia

  • Virtuelles privates Netzwerk — Virtual Private Network (dt. virtuelles privates Netz; kurz VPN) dient der Einbindung von Geräten eines benachbarten Netzes an das eigene Netz, ohne dass die Netzwerke zueinander kompatibel sein müssen. Inhaltsverzeichnis 1 Grundlagen 1.1… …   Deutsch Wikipedia

  • IKEv2 — is the next version of the Internet Key Exchange protocol which is used to negotiate a Security Association at the outset of an IPsec session. Overview IKEv2 is described in RFC 4306 although there are other related RFCs that are important. RFC… …   Wikipedia

  • IPsec — Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each in a data stream. IPsec also includes protocols for cryptographic key establishment.… …   Wikipedia

  • Opportunistic encryption — (OE) refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre arrangement between the two systems. Opportunistic …   Wikipedia

  • Astaro — AG Unternehmensform Aktiengesellschaft Gründung 2000 Unternehmenssitz …   Deutsch Wikipedia

  • Geschichte von Rapperswil — In diesem Artikel wird die Geschichte der Stadt Rapperswil (SG) bis 1. Januar 2007 behandelt, dem Zeitpunkt der Gemeindefusion mit Jona (SG) unter dem neuen Namen Rapperswil Jona. Die Halblinsel mit Altstadt, Herrenberg …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”