Maciej Piechotka asked:
What’s the differences between OpenSwan and StrongSwan? All I found is compartation between outdated FreeSwan and testing version of OpenSwan – i.e. current stable of OpenSwan is 2.6 (3.0 is comparation) and current stable for StrongSwan is 4.4 (4.1.7 in comparation) which seems grossly unfare (there is no point in comparing Windows 98 with Ubuntu 10.10 or Mac OS X 10.7 with Slackware 8.0).
From websites StrongSwan seems to be better maintained while OpenSwan seems to be more popular.
Libreswan is the project the Openswan developers created after the company they had originally founded to develop Openswan sued them over the trademark. So Libreswan is what we will discuss here.
The most obvious differences are:
- StrongSwan has much more comprehensive and developed documentation than Libreswan.
- StrongSwan has support for EAP authentication methods, which make it easier to integrate into heterogeneous environments (such as authenticating to Active Directory). These are less well developed or even missing from Libreswan.
- StrongSwan can be clustered and load balanced. Libreswan does not seem to have any support to do either.
- Libreswan supports more hardware crypto accelerators than StrongSwan, but requires kernel patches to do so.
RHEL 7 ships Libreswan, though StrongSwan is available in EPEL.
IPSec-tools was a port of the KAME IPSec userland from BSD to Linux. It appears to be no longer maintained.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.