[strongSwan] Compatibility

Andreas Steffen andreas.steffen at strongswan.org
Tue Apr 27 12:59:14 CEST 2010

Hello Hans,

in principle strongSwan interoperates with *any* IPsec box adhering
either to the IKEv1 or IKEv2 key exchange protocol standards, the
exception being IKEv1 Aggressive Mode which on purpose is not supported
by strongSwan (otherwise the project would have been called weakSwan).

We have successfully connected to CheckPoint's VPN-1 gateway
using IKEv1 and X.509 certificates and we tested extensively with
the Checkpoint team during the 2007 IKEv2 interoperability workshop
in Orlando, FL.

To my knowledge F5 supports SSL VPNs only. I don't know the
Thales TCE IPsec box but as mentioned above it should be possible
to get it working.

 From my personal experience IKEv1 interoperability always requires
quite a bit of fine-tuning due to the manifold configuration
options. IKEv2 interoperability usually is rather painless and
connections can be achieved much more quickly.

Best regards


J.Witvliet at MINDEF.NL wrote:
> Hi all,
> A quick question, about something missing on the strongswan-webpage.
> But there is fair chance that a couple of people know it from the top of 
> their head ;-)
> In which degree is strongswan compatible (ie, can connect to)
>     * Systems running checkpoint
>     * F5
>     * Thales TCE
> (Or is compatibility  such a silly question not worthwhile mentioning on 
> web-page?)
> Kind regards, Hans

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list