Archives of the project mailing list
The two archives use completely different search engines. You might want to try both.
More information on this and other mailing lists.
Moat: A Virtual Private Network Appliances and Services Platform is a paper
about large-scale (a few 100 links) use of FreeS/WAN in a production application at
AT&T research. It is available in Postscript or PDF from co-author Steve Bellovin's
papers list page.
Related Linux code
Add-ons and patches for FreeS/WAN
- Neil Dunbar's patches for
using code from Open SSL.
At time of writing (June 2000), these patches are out of date and do not support the
current FreeS/WAN version, but there has been talk on the mailing list of
forthcoming updates. Older versions of FreeS/WAN are also likely available on
some of the distribution sites.
OpenBSD's isakmpd(8) daemon ported to Linux, working with the FreeS/WAN KLIPS code. At
time or writing (early May 1999), this is a snapshot of development work, not yet
a full release:
- a patch
to make IPSEC, PPTP and SSH VPNs work through a Linux firewall with
Note that this is not required if the same machine does IPSEC and masquerading,
only if you want a masquerade client to be the IPSEC gateway.
- patches to add
and CAST-128 to FreeS/WAN
Distributions including FreeS/WAN
SuSE 6.3 is the first major commercial Linux
distribution to ship with FreeS/WAN included. It has FreeS/WAN 1.1.
FreeS/WAN for the Linux Router Project,
a minimal Linux distribution designed to run on limited machines recylcled as routers.
At one point, the LRP code could boot from floppy and run on an 8 meg 386. We are not
certain if that is still true, but it certainly still runs on low-end machines.
Things FreeS/WAN uses or could use
- /dev/random support page, discussion of
and code for the Linux random number driver. Out-of-date
when we last checked (January 2000), but still useful.
- other programs related to random numbers:
- a Linux L2TP Daemon which might be useful for communicating with
Windows 2000 which builds L2TP tunnels over its IPSEC connections
- packet spy, a packet sniffer
whose author said in a Dec 1999 message "It's very unfinished, especially the filter,
but it can give you an ascii and hex dump at the same time. I started it specifically
for snooping a FreeS/WAN installation."
Other approaches to VPNs for Linux
- other Linux IPSEC implementations
- ENskip, a free implementation of Sun's
- vpnd, a non-IPSEC VPN daemon for Linux
which creates tunnels using Blowfish encryption
- Zebedee, a simple GPLd tunnel-building
program with Linux and Win32 versions. The name is from Zlib compression,
Blowfish encryption and Diffie-Hellman key exchange.
- LinuxCare's VPS (Virtual Private Server)
which builds tunnels using SSH
- Moreton Bay's PoPToP, PPTP for Linux
- CIPE project, using their
own lightweight protocol to encrypt between routers
- vtun "virtual tunnels", using Blowfish
Click below to go to: