strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It also fully supports the new IKEv2 protocol with Linux 2.6 kernels. It interoperates in both IKEv1 and IKEv2 mode with most other IPsec-based VPN products. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships. License: GNU General Public License (GPL) Changes:
Major performance improvements were made by introducing hash table lookups, allowing the setup of thousands of IKEv2 connections in seconds. Smartcard support for IKEv2 connections was added using the OpenSSL Engine API.