From Fedora Project Wiki
< Tools
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Strongswan can be considered the most powerful IPsec implementation available in Fedora. | Strongswan can be considered the most powerful IPsec implementation available in Fedora and EPEL. | ||
== Features == | == Features == | ||
Revision as of 00:55, 27 May 2012
Strongswan can be considered the most powerful IPsec implementation available in Fedora and EPEL.
Features
- IKEv1, IKEv2 (older and current version of Internet Key Exchange)
- MOBIKE (mobility and multihoming extension to IKEv2)
- IPv4, IPv6 (old and new Internet Protocol)
- Road warror setup
- NAT traversal
- NetworkManager plugin
- And much more...
Things Strongswan can do but Openswan cannot
- IKEv2 + road warrior
- IPv6 + road warrior
- Hybrid IPv4/IPv6 tunnels
- Multiple IPv4 on a single device
Openswan gives confusing error messages when using IPv6 addresses. You can even have problems if you want to choose a single IPv4 address on an interface where other IPv4 addresses are set up.
Tested with: openswan-2.6.33-1.fc15.x86_64
Source: [1] (in Czech)
Use cases
Simple bi-directional transport channel
conn test
auto=route
type=transport
left=2001:db8::a
right=2001:db8::b
authby=psk
mobike=no
Road warrior (server)
conn test
auto=add
type=transport
left=%any
right=2001:db8::b
authby=psk
mobike=no
Road warrior (client)
conn test
auto=add
type=transport
left=%defaultroute
leftid=@alpha.example.net
right=2001:db8::b
authby=psk
mobike=no
Tunnel mode
conn test
auto=route
type=tunnel
left=2001:db8::a
leftsubnet=2001:db8:a:a::/64
right=2001:db8::b
leftsubnet=2001:db8:b:b::/64
authby=psk
mobike=no