This is an old revision of the document!

StrongSwan Primer

What is StrongSwan

  • Their Summary: StrongSwan is a comprehensive implementation of the Internet Key Exchange (IKE) protocols that allows securing IP traffic in policy- and route-based IPsec scenarios from simple to very complex.

Our Implementation

  • From the statement above we see that StrongSwan implements the following:
    • IKE protocols
    • Policy or route based IPsec
  • The implementation of these can vary from simple to very complex.
  • In RADIUSdesk our philosophy always been to keep things as simple as possible because Simplicity is the ultimate sophistication.
  • Our implementation uses certificates (PKI) and Route based IPsec (xfrm interfaces) similar to the other VPN implementations like Wireguard and OpenVPN.

IKE

  • Internet Key Exchange (IKE, versioned as IKEv1 and IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite.
  • IKE has come a long way and evolved over time.
  • Initially things like NAT traversal and a client whose public address changes were not supported.
  • With IKEv2 these shortcomings were addressed making the StrongSwan implementation just as versatile as other modern VPN solutions.
  • technical/strongswan-primer.1768070454.txt.gz
  • Last modified: 2026/01/10 20:40
  • by system