[Openswan Users] Openswan and strongSwan

Troy Telford ttelford.groups at gmail.com
Wed Sep 22 19:23:40 EDT 2010

I'm not looking to start a flamewar... but what advantages does 
Openswan have over strongSwan?

The feature comparison at:


Is awfully dated - it claims to be for Openswan 3 - but Openswan 3 
appears to have been abandoned years ago, if the git repo is at all 

I know Openswan is starting to add IKEv2 support (though it's currently 
incomplete); the comparison lists IKEv2 support as "No" for Openswan 

I know that Openswan supports KLIPS/MAST as well as NETKEY, and 
strongSwan appears to only support NETKEY... but I have no idea if 
there's anything that KLIPS/MAST can do that NETKEY can't ; I know 
NETKEY can do IPv6 and KLIPS can't.

I know Openswan supports aggressive mode... which is recommended 
against in the Openswan book, so it's not much of an advantage.

I'm not sure how strongSwan or Openswan's support of L2TP and NAT 
differ; I'd imagine they are similar, but...

So how do these two siblings differ in their development priorities?

Also - is the wiki going to be fixed so people can register and edit 
entries again?

Troy Telford

More information about the Users mailing list