This is an old revision of the document!

StrongSwan Primer

What is StrongSwan

  • Their Summary: StrongSwan is a comprehensive implementation of the Internet Key Exchange (IKE) protocols that allows securing IP traffic in policy- and route-based IPsec scenarios from simple to very complex.

Our Implementation

  • From the statement above we see that StrongSwan implements the following:
    • IKE protocols
    • Policy or route based IPsec
  • The implementation of these can vary from simple to very complex.
  • In RADIUSdesk our philosophy always been to keep things as simple as possible because Simplicity is the ultimate sophistication.
  • Our implementation uses certificates (PKI) and Route based IPsec (xfrm interfaces) similar to the other VPN implementations like Wireguard and OpenVPN.

IKE

  • Internet Key Exchange (IKE, versioned as IKEv1 and IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite.
  • IKE has come a long way and evolved over time.
  • Initially things like NAT traversal and a client whose public address changes were not supported.
  • With IKEv2 these shortcomings were addressed making the StrongSwan implementation just as versatile as other modern VPN solutions.

Some basic concepts and terminology with StrongSwan

  • StrongSwan has been around for a long time and it also have been and still is under active development.
  • This is both a strength and a weakness.
  • The strength means there are lots of documentation around and there are many existing deployments.
  • The weakness is that there was a major change in terms of config and even architecture between older and more recent versions of StrongSwan.
  • You thus have to be careful when consulting documentation on StrongSwan.
  • Most AI engines mess up in this area and I would recommend to use the documentation on the StrongSwan website as the first choice.
  • technical/strongswan-primer.1768071005.txt.gz
  • Last modified: 2026/01/10 20:50
  • by system