|
|
|
|
|
Openswan |
|
About Openswan is the premier IPsec implementation for the Linux operating system. If you want to build VPNs on Linux, you need Openswan. Built off a stable, open source codebase, Openswan brings all of the features needed for building and deploying enterprise grade VPNs to Linux. Xelerance can tailor Openswan to suit your Linux based device; from a highly available Firewall or VPN Server cluster to a matchbox sized residential gateway. Openswan is distribution independent, and will run on any Linux based platform with minimal requirements. Features Stability: Openswan codebase has been in active development for nearly 5 years. Regression testing occurs every night; ensuring bugs are caught before any code is released. Scalability: Openswan has no limits on the number of simultaneous tunnels. You are only limited by available CPU* power. Reliability/Redundancy: supports being run in an HA configuration, using most Linux HA packages. Easy Integration: hooks for dynamic actions based on who the VPN peer is are already built in. Do dynamic firewalling, filtering based on remote user(s), or trigger application start/stop based on tunnel events. Standards Compliant: Openswan conforms to nearly all IPsec + IKE RFCs, and has one of the best interoperability track records of any IPsec implementation. It is compatible with products from Microsoft, Cisco, Nortel, Netscreen, Checkpoint, and many others vendors. Ideal for Embedding: supports Linux 2.4 and 2.6 kernels, which makes it ideal for small embedded devices such as residential router/gateways. Full NAT Traversal support means Openswan will work in all common ISP and Telco networks.
* Tests show an Intel P4 2.4ghz can do 100mbps using AES, or 75mbps using 3DES |
Support Xelerance provides level 3 engineering and defect support for Openswan, giving you direct access to the software developers who maintain the code. No middle tier vendor to deal with. Services Custom development, consulting and implementation support is available for Openswan from Xelerance, just ask! Our team has deployed & helped deploy hundreds of IPsec based VPNs, and has the experience required to handle yours. Technical Specs: Platforms:
x86, IA64, PPC, PPC64, MIPS, Alpha, StrongArm |
|
Frequently asked questions about Linux IPsec |
|
Q: What are the various versions of IPsec software available on Linux? A: There are two separate IPsec packages; Openswan (Formerly FreeS/WAN) and Racoon. Openswan works on all Linux kernels, Racoon only works on Linux 2.6.3+
Q: Does the Linux 2.6 IPsec Kernel code replace Openswan? A: No. IPsec consists of a kernel portion, and userland tools. The Linux 2.6 Kernel only supplies the kernel portion; the userland is not part of it. Openswan's userland tools ("Pluto") can talk to both the Linux 2.6 Kernel's IPsec stack, and the Openswan IPsec stack ("KLIPS").
Q: Which IPsec package will the Linux distributions use? A: Developers of Redhat, SuSE and Debian are all looking at integrating the Linux 2.6 native code with the Openswan userland ("Pluto") into their distribution. Many of these vendors used to ship FreeS/WAN.
Q: Why did Xelerance fork the FreeS/WAN code as Openswan? A: FreeS/WAN was a privately funded project which would ended in Q1 2004. Xelerance, which consists of former FreeS/WAN employees and community members, was founded in Q4 2003 to continue the development and maintenance of the code. The name-change was made to clearly signify this change.
Q: Is there commercial support for Openswan? A: Xelerance offers commercial support and other related services such as a notification service, custom extensions, source tree outsourcing and training. Please see our website for a full description of the services we offer. |
XC01 Deploying DNSSEC w/bind9+nsd XC02 Introduction to IPsec w/Openswan XC03 Deploying Opportunistic Encryption XC04 Remote-Access IPsec (Openswan X.509, Win2K) XC05 Securing Wireless with IPsec ("WaveSec") XC06 Installation and Operation of freeradius XC07 Advanced Use and Extension of freeRadius
Xelerance
Corporation |
|
IPsec for Linux |
