From Fedora Project Wiki
< Tools
No edit summary |
No edit summary |
||
Line 10: | Line 10: | ||
* NetworkManager plugin | * NetworkManager plugin | ||
* And much more... | * And much more... | ||
== Things Strongswan can do but Openswan cannot == | |||
* IKEv2 + road warrior | |||
* IPv6 + road warrior | |||
* Hybrid IPv4/IPv6 tunnels | |||
* Multiple IPv4 on a single device | |||
Openswan gives confusing error messages when using IPv6 addresses. You | |||
can even have problems if you want to choose a single IPv4 address on | |||
an interface where other IPv4 addresses are set up. | |||
Tested with: openswan-2.6.33-1.fc15.x86_64 | |||
Source: [http://data.pavlix.net/europen/39/] (in Czech) | |||
== Use cases == | == Use cases == |
Revision as of 00:55, 27 May 2012
Strongswan can be considered the most powerful IPsec implementation in Fedora.
Features
- IKEv1, IKEv2 (older and current version of Internet Key Exchange)
- MOBIKE (mobility and multihoming extension to IKEv2)
- IPv4, IPv6 (old and new Internet Protocol)
- Road warror setup
- NAT traversal
- NetworkManager plugin
- And much more...
Things Strongswan can do but Openswan cannot
- IKEv2 + road warrior
- IPv6 + road warrior
- Hybrid IPv4/IPv6 tunnels
- Multiple IPv4 on a single device
Openswan gives confusing error messages when using IPv6 addresses. You can even have problems if you want to choose a single IPv4 address on an interface where other IPv4 addresses are set up.
Tested with: openswan-2.6.33-1.fc15.x86_64
Source: [1] (in Czech)
Use cases
Simple bi-directional transport channel
conn test auto=route type=transport left=2001:db8::a right=2001:db8::b authby=psk mobike=no
Road warrior (server)
conn test auto=add type=transport left=%any right=2001:db8::b authby=psk mobike=no
Road warrior (client)
conn test auto=add type=transport left=%defaultroute leftid=@alpha.example.net right=2001:db8::b authby=psk mobike=no
Tunnel mode
conn test auto=route type=tunnel left=2001:db8::a leftsubnet=2001:db8:a:a::/64 right=2001:db8::b leftsubnet=2001:db8:b:b::/64 authby=psk mobike=no