StrongSwan is an OpenSource IPsec-based VPN Solution for Linux

* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec)
kernels

* implements both the IKEv1 and IKEv2 (RFC 4306) key exchange
protocols

* NEW: Fully tested support of IPv6 IPsec tunnel connections

* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC
4555)

* Fast connection startup and periodic update using ipsec starter

* Automatic insertion and deletion of IPsec policy based firewall
rules

* Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption

* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)

* Static Virtual IPs and IKE Mode Config Pull and Push modes

* XAUTH server and client functionality on top of IKE Main Mode
authentication

* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels

* Authentication based on X.509 certificates or preshared keys

* Generation of a default self-signed certificate during first
strongSwan startup

* Retrieval and local caching of Certificate Revocation Lists via
HTTP or LDAP

* Full support of the Online Certificate Status Protocol (OCSP, RCF
2560).

* CA management (OCSP and CRL URIs, default LDAP server)

* Powerful IPsec policies based on wildcards or intermediate CAs

* Group policies based on X.509 attribute certificates ( RFC 3281)

* Optional storage of RSA private keys and certificates on a
smartcard

* Smartcard access via standardized PKCS #11 interface

* PKCS #11 proxy function offering RSA decryption services via whack

* NEW: strongSwan Manager - a graphical management interface for IKEv2