FreeS/WAN

Last updated
FreeS/WAN
Original author(s) John Gilmore (Founder)
Final release
2.06 / 22 April 2004
Operating system Linux
Successor strongSwan, Openswan, Libreswan
Type IPsec & IKE
License Mostly GNU GPL, see LICENSE file
Website freeswan.org

FreeS/WAN, for Free Secure Wide-Area Networking, was a free software project which implemented a reference version of the IPsec network security layer for Linux. The project goal of ubiquitous opportunistic encryption of Internet traffic was not realized, although it did contribute to general Internet encryption.

The project was founded by John Gilmore, and administered for most of its duration by Hugh Daniel. John Ioannidis and Angelos Keromytis started the codebase while outside the United States prior to autumn 1997. Technical lead for the project was Henry Spencer, and later Michael Richardson. The IKE keying daemon (pluto) was maintained by D. Hugh Redelmeier while the IPsec kernel module (KLIPS) was maintained by Richard Guy Briggs. Sandy Harris was the main documentation person for most of the project, later Claudia Schmeing.

The final FreeS/WAN version 2.06 was released on 22 April 2004. The earlier version 2.04 was forked to form two projects, Openswan and strongSwan. Openswan has since (2012) been forked to Libreswan.



Related Research Articles

A cypherpunk is one who advocates the widespread use of strong cryptography and privacy-enhancing technologies as a means of effecting social and political change. The cypherpunk movement originated with the establishment of an electronic mailing list, through which informal groups sought to achieve privacy and security through proactive use of cryptography. The cypherpunk movement has been active since about 1990 at the latest.

<span class="mw-page-title-main">John Gilmore (activist)</span> American activist (born 1955)

John Gilmore is an American activist. He is one of the founders of the Electronic Frontier Foundation, the Cypherpunks mailing list, and Cygnus Solutions. He created the alt.* hierarchy in Usenet and is a major contributor to the GNU Project.

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

Virtual private network (VPN) is a network architecture for virtually extending a private network across one or multiple other networks which are either untrusted or need to be isolated.

In computing, Internet Key Exchange is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS ‒ and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained.

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages, and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2, and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

m0n0wall was an embedded firewall distribution of FreeBSD, one of the BSD operating system descendants. It provides a small image which can be put on Compact Flash cards as well as on CD-ROMs and hard disks. It runs on a number of embedded platforms and generic PCs. The PC version can be run with just a Live CD and a floppy disk to store configuration data, or on a single Compact Flash card. This eliminates the need for a hard drive, which reduces noise and heat levels and decreases the risk of system failure through elimination of moving parts found in older hard drives.

<span class="mw-page-title-main">Openswan</span>

In the field of computer security, Openswan provides a complete IPsec implementation for Linux and FreeBSD.

strongSwan is a multiplatform IPsec implementation. The focus of the project is on authentication mechanisms using X.509 public key certificates and optional storage of private keys and certificates on smartcards through a PKCS#11 interface and on TPM 2.0.

Opportunistic encryption (OE) refers to any system that, when connecting to another system, attempts to encrypt communications channels, otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

<span class="mw-page-title-main">Phex</span> Peer to peer file sharing client

Phex is a peer-to-peer file sharing client for the gnutella network, released under the terms of the GNU General Public License, so Phex is free software. Phex is based on Java SE 5.0 or later.

<span class="mw-page-title-main">Hugh Daniel</span>

Hugh Daniel was a noted computer engineer.

<span class="mw-page-title-main">VNS3</span> Virtual appliance

VNS3 is a software-only virtual appliance that allows users to control access and network topology and secure data in motion across public and private clouds. VNS3 is a virtual router, switch, firewall, protocol re-distributor, and SSL/IPSec VPN concentrator. The Network Virtualization Software creates a customer-controlled overlay network over top of the underlying network backbone.

<span class="mw-page-title-main">Libreswan</span>

Libreswan is a fork of the Openswan IPsec VPN implementation.

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

Secure Reliable Transport (SRT) is an open source video transport protocol that utilises the UDP transport protocol. The SRT Protocol specification is available as an Internet Draft from the IETF.

<span class="mw-page-title-main">ARPANET encryption devices</span> Security tools used on ARPANET

The ARPANET pioneered the creation of novel encryption devices for packet networks in the 1970s and 1980s, and as such were ancestors to today's IPsec architecture, and High Assurance Internet Protocol Encryptor (HAIPE) devices more specifically.