[Openswan Users] IKE v2

Andreas Steffen andreas.steffen at strongsec.net
Thu Nov 2 08:25:21 EST 2006

Hi Mike,

strongswan-4.0 has IKEv2 support. It can be downloaded from


EAP functionality is planned for 2007. What you can do right now
is mixed IKE authentication. The VPN gateway has an X.509 certificate
and uses RSA authentication whereas the VPN clients are using
distinct pre-shared keys. You can find a configuration example
(ipsec.conf, ipsec.secrets) under the link.


IKEv2 mode is selected with the connection option keyexchange=ikev2.

Best regards


Mike Horn wrote:
> Hi,
> Are there any plans to add support for IKE v2 to Openswan?  If so, any
> rough ideas on time frame?  In particular I'm interested in support for
> EAP to replace XAUTH for remote access user authentication.
> Thanks,
> -mike

Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3413 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20061102/2dde877f/attachment.bin 

More information about the Users mailing list