[strongSwan] Recommendation for IKEv2 Capable Client on Win XP

Holger Rauch Holger.Rauch at empic.de
Mon Nov 8 15:25:04 CET 2010

Hi Andreas,

thanks a lot for your quick reply. But strongSWAN 4.5.0 doesn't seem to be usable as of yet on FreeBSD, according to a recent post by Riaan Kruger to this mailing list. He is also the maintainer of the FreeBSD port.

So, if I understand correctly, the solution for supporting Win XP clients is either:

- run strongSWAN on Linux where pluto (required for IKEv1) is supported so that one can use free IPSEC clients on the Win XP boxen (as there seem to be no free IKEv2 capable IPSEC clients for Win XP available) or

- run strongSWAN on FreeBSD where (at least at present) only charon (required for IKEv2) is supported and buy the corresponding number of licenses for SafeNet's HAremote client which seems to support IKEv2 flawlessly.

Did I get this right or am I missing anything?

Thanks for clarification & kind regards,


From: Andreas Steffen [andreas.steffen at strongswan.org]
Sent: Monday, November 08, 2010 13:09
To: Holger Rauch
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Recommendation for IKEv2 Capable Client on Win XP

Hello Holger,

Tobias Brunner just hasn't ported pluto to FreeBSD. Most probably the
source code won't even compile, although the situation has improved
with strongSwan 4.5.0 where pluto now uses the kernel_netlink
and kernel_pfkey plugins to communicate with the kernel.



On 08.11.2010 12:43, Holger Rauch wrote:
> Ok, so that means I need pluto in addition to charon in order to be
> able to more easily support Win XP clients (SafeNet wants $149 for
> their HAremote product, which is not really cheap considering that
> we'll probably replace Win XP by Win7 in the foreseeable future). I
> would like to use strongSwan on FreeBSD 8.1 stable and noticed that
> "--disable-pluto" is passed to configure (by the security/strongswan
> port which builds strongSwan 4.4.0). The port maintainer obviously
> decided to follow the recommendations given here:
> http://wiki.strongswan.org/wiki/1/FreeBSD
> Could you please tell me why pluto is supposed to be disabled on
> FreeBSD?
> Thanks in advance & kind regards,
> Holger
>> [...]
> THE standard software for Aviation Authorities

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

THE standard software for Aviation Authorities

This communication contains information which is confidential and may also be privileged. It is for the 
exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note that any 
distribution, copying or use of this communication or the information in it is strictly prohibited. If you have 
received this communication in error please notify us immediately by email or by telephone and then delete 
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen enthalten. Wenn Sie nicht 
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den 
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser 
Mail sind nicht gestattet.

More information about the Users mailing list