Projects / Linux FreeS/WAN

Linux FreeS/WAN

Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) as well as various rc scripts and documentation. It is known to interoperate with other IPSEC and IKE system already deployed by other vendors such as OpenBSD, Cisco, or CheckPoint. It also features Opportunistic Encryption, subnet extrusion, and with the appropriate patches interops nicely with Microsoft Windows XP/2000 using X.509 certificates.

Operating Systems

Recent releases

  •  23 Aug 2004 12:33

    Release Notes: This is the last version that will be released by the FreeS/WAN team. No new versions of this software will be released. New features are mostly the removal of transport mode, KLIPS port for 2.6, and some netlink security fixes.

    •  08 Mar 2004 21:35

      Release Notes: Removal of AH and better support for 2.6 kernels, an experimental lightweight DNS queue, and support for DNSSec.

      •  26 Nov 2003 00:49

        Release Notes: This version features a workaround for the Linux 2.6 netlink security problem.

        •  09 Oct 2003 13:35

          Release Notes: Preliminary support for 2.6 kernels was added, either via KLIPS or the native 2.6 kernel IPsec. See the new 2.6.known-issues document for more details. A fix was made for SHA1 packet reception and several verify buglets. An iproute2 based _updown script was added.

          •  05 Sep 2003 23:32

            Release Notes: One-line configuration for initiator-only Opportunistic Encryption, (OE) using ipsec.conf's new "myid" option. There is a new RPM spec file. This will help folks who need to compile RPMs from the FreeS/WAN source. In addition, wavesec and OE now coexist nicely.

            Recent comments

            06 Sep 2002 16:46 danbeck

            Intersting project, but poorly organized and overly-complex install
            The FreeS/WAN project group seems to be poorly organized. At the time of this comment, their website hadn't been updated since mid February; version information on the site was three versions behind and their online documention links did not work.

            The install process is overly complex, forcing people to use their special and sparsely documented Makefile to patch and recompile your kernel. Excuse me, but I don't need to recompile my kernel, I only need to recompile the appropriate modules. After some serious searching, I was able to figure out how I could only make and install the modules themselves, but that was still broken, failing to copy the appropriate *.o files to my /lib/modules directories.

            What ever happend to giving us sysadmins a patch and allowing us to make our own choices and decisions?


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.