Contents Previous Next

Web links

The Linux FreeS/WAN Project

The main project web site is

Links to other project-related sites are provided in our introduction section.

Add-ons and patches for FreeS/WAN

Some user-contributed patches gave been integrated into the FreeS/WAN distribution. For a variety of reasons, those listed below have not.

Patches believed current at time of writing (March 2001, just before 1.9 release):

Before using these, check the mailing list for news of newer versions and to see whether they have been incorporated into more recent versions of FreeS/WAN.

Note: At one point the way PGP generates RSA keys and the way FreeS/WAN checks them for validity before using them were slightly different, so quite a few PGP-generated keys would be rejected by FreeS/WAN, confusing users no end. This is fixed in 1.9.

A set of PKIX patches were recently announced on the mailing list:

Subject: a different PKIX patch.
   Date: Mon, 5 Mar 2001
   From: Luc Lanthier <>

I'd like to invite volunteers to use the now-complete PKIX project I've
been working on since about August. Because of this, the patch is for
FreeSWAN 1.5, not 1.8... I haven't really felt the need to update it since
I don't use IPV6 nor DNSSec.

This is similar, but different than Andreas Steffen's pkix
implementation. I've based this work on Neil Dunbar's openssl-pkix patch
for FreeSWAN 1.1. I've updated it to run on FreeSWAN 1.5 correctly, and
added support for ID_DER_ASN1_DN ID packet support. It will do LDAP
certificate lookups no problem, as well as local flatfile, directory, or
DB lookup for testing or speed.

IE: It's a full CA-compatible client, capable of looking up, checking the
CRL for expiry and such. It will not only do the classic PSK and RSASIG
freeswan methods just fine, but also does PKIX's RSASIG, PKE and
RPKE. I've spent a lot of time adding RoadWarrior support for these last
IKE exchange methods.

The patch can be found as:
There are also freeswan-1.5 - kernel 2.4 patches for those who need them.

Let me know. Feedback is appreciated.

Older patches:

These patches are for older versions of FreeS/WAN and will likely not work with the current version. Older versions of FreeS/WAN may be available on some of the distribution sites , but we recommend using the current release.

VPN masquerade patches

Finally, there are some patches to other code that may be useful with FreeS/WAN: Note that this is not required if the same machine does IPSEC and masquerading, only if you want a to locate your IPSEC gateway on a masqueraded network. See our firewalls document for discussion of why this is problematic.

At last report, this patch could not co-exist with FreeS/WAN on the same machine.

Distributions including FreeS/WAN

The introductory section of our document set lists several Linux distributions which include FreeS/WAN.

Things FreeS/WAN uses or could use

Other approaches to VPNs for Linux

There is a list of Linux VPN software in the Linux Security Knowledge Base.

The IPSEC Protocols

General IPSEC or VPN information

IPSEC overview documents or slide sets

IPSEC information in languages other than English

RFCs and other reference documents

Analysis and critiques of IPSEC protocols

Background information on IP

IPSEC Implementations

Linux products

Vendors using FreeS/WAN in turnkey firewall or VPN products are listed in our introduction.

Other vendors have Linux IPSEC products which, as far as we know, do not use FreeS/WAN

IPSEC in router products

All the major router vendors support IPSEC, at least in some models.

IPSEC in firewall products

Many firewall vendors offer IPSEC, either as a standard part of their product, or an optional extra. A few we know about are:

Vendors using FreeS/WAN in turnkey firewall products are listed in our introduction.

Operating systems with IPSEC support

All the major open source operating systems support IPSEC. See below for details on BSD-derived Unix variants.

Among commercial OS vendors, IPSEC players include:

Open source IPSEC implementations

Other Linux IPSEC implementations

We like to think of FreeS/WAN as the Linux IPSEC implementation, but it is not the only one. Others we know of are:

IPSEC for BSD Unix

IPSEC for other systems


The IPSEC protocols are designed so that different implementations should be able to work together. As they say "the devil is in the details". IPSEC has a lot of details, but considerable success has been achieved.

Interoperability results

Linux FreeS/WAN has been tested for interoperability with many other IPSEC implementations. Results to date are in our interoperability section.

Various other sites have information on interoperability between various IPSEC implementations:

Interoperability test sites

Linux links

Basic and tutorial Linux information

General Linux sites


Advanced routing

The Linux IP stack is getting some new features in 2.4 kernels. Most are already available as experimental code in 2.3 kernels. Some HowTos have been written:

Security for Linux

Linux firewalls

Miscellaneous Linux information

Crypto and security links

Crypto and security resources

The standard link collections

Two enormous collections of links, each the standard reference in its area:

Gene Spafford's COAST hotlist
Computer and network security.
Peter Gutmann's Encryption and Security-related Resources

Frequently Asked Question (FAQ) documents


See also the interesting papers section below.

Crypto and security standards

Cryptography law and policy

Surveys of crypto law

Organisations opposing crypto restrictions

Other information on crypto policy

See also our documentation section on the history and politics of cryptography.

Cryptography technical information

Collections of crypto links

Lists of online cryptography papers

Particularly interesting papers

These papers emphasize important issues around the use of cryptography, and the design and management of secure systems.

Computer and network security

Security links

Firewall links

VPN links

Security tools

Links to home pages

David Wagner at Berkeley provides a set of links to home pages of cryptographers, cypherpunks and computer security people.

Contents Previous Next