StrongSwan is a free open-source IPsec based VPN client that is available for most of the operating systems out there. It implements both the IKEv1 and IKEv2 key exchange protocols to exchange cryptic certification keys between hosts and clients. There are a lot of technical terms to understands here, starting with IPsec and then moving on to IKE.
strongSwan VPN
Understanding and working with project strongSwan is no child’s play, rather it requires deep knowledge and a sound understanding of Internet Protocols and other security features related to it.
Here is the list of features sourced from the official strongSwan website, the list may include some difficult terms but inquisitiveness has always been the biggest teacher. So head up to Google or Bing, and search and know more about them:
- Runs on Linux 2.6, 3.x and 4.x kernels, Android, FreeBSD, OS X and Windows
- Implements both the IKEv1 and IKEv2 (RFC 7296) key exchange protocols
- Fully tested support of IPv6 IPsec tunnel and transport connections
- Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
- Automatic insertion and deletion of IPsec-policy-based firewall rules
- NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
- Support of IKEv2 message fragmentation (RFC 7383) to avoid issues with IP fragmentation
- Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
- Static virtual IPs and IKEv1 ModeConfig pull and push modes
- XAUTH server and client functionality on top of IKEv1 Main Mode authentication
- Virtual IP address pool managed by IKE daemon or SQL database
- Secure IKEv2 EAP user authentication (EAP-SIM, EAP-AKA, EAP-TLS, EAP-MSCHAPv2, etc.)
- Optional relaying of EAP messages to AAA server via EAP-RADIUS plugin
- Support of IKEv2 Multiple Authentication Exchanges (RFC 4739)
- Authentication based on X.509 certificates or preshared keys
- Use of strong signature algorithms with Signature Authentication in IKEv2 (RFC 7427)
- Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
- Full support of the Online Certificate Status Protocol (OCSP, RFC 2560).
- CA management (OCSP and CRL URIs, default LDAP server)
- Powerful IPsec policies based on wildcards or intermediate CAs
- Storage of RSA private keys and certificates on a smartcard (PKCS #11 interface)
- Modular plugins for crypto algorithms and relational database interfaces
- Support of elliptic curve DH groups and ECDSA certificates (Suite B, RFC 4869)
- Optional built-in integrity and crypto tests for plugins and libraries
- Smooth Linux desktop integration via the strongSwan NetworkManager applet
- Trusted Network Connect compliant to PB-TNC (RFC 5793) and PA-TNC (RFC 5792)
strongSwan is fully functional on Linux Based operating systems and distribution packages are also available but for Windows, no distribution package is available yet and you need to build the code yourself using MinGW toolchain. All the features are not available on Windows and there are a lot of limitations associated with the project. For running strongSwan properly you need to disable the native IKE service on Windows and a few other things.
Installation and configuration on Windows is a tedious task for now, but it is expected that the project would come up with installable binary packages soon to make the installation and configuration an easier task. You can read more about strongSwan for Windows OS here.
strongSwan project is being maintained by Andreas Steffen, who is a professor for Security in Communications at the University of Applied Sciences in Rapperswil, Switzerland. Also, the project is being sponsored by major IT security companies and Secunet, Sophos, Revosec being one of them.
strongSwan is a well-written implementation of IPsec. It is completely open source and available free of cost. You can download it, build it yourself and then create your own virtual network. Although it requires some technical knowledge to understand the working and the code as well. But you can check out the the project documentation to know more about it and read the installation instructions and other details.
What is StrongSwan VPN?
As the name denotes, StrongSwan is a VPN app which is built upon IPsec. The main intention of this VPN application is top-notch security. The best thing about this app is that you can download and use it on multiple platforms, including Windows, Android, Mac, Linux, etc.
How do I configure StrongSwan site to site VPN?
To configure StrongSwan site to site VPN, you need a few things. For example, a public IP address, private IP address, gateway, etc., are required for the virtual server. Secondly, you need a virtual server and a remote server so that the remote server can be used as a virtual private network. Next, you must have the external address and Subnet mask in 1.1.1.1 format.
Go here if you are looking for some free VPN software for your Window PC.