Last modified: October 01, 2007, at 09:38 AM
| Feature | strongswan-4.1.7 | openswan-3.0.00 |
|---|
| X.509 support | yes | yes |
|---|
| Raw RSA key support | IKEv1 only | yes |
|---|
| RSA keys from DNS support | IKEv1 only | yes |
|---|
| KLIPS | Linux 2.4 | Linux 2.4 + 2.6 |
|---|
| NETKEY | yes | yes |
|---|
| MAST / Merged stack | no | yes |
|---|
| Fast ipsec starter | fast helper | fully integrated |
|---|
| Smartcard Interface | PKCS #11 | OpenSC |
|---|
| Local CRL Caching | yes | no |
|---|
| CA Management | yes | no |
|---|
| SCEP client | yes | no |
|---|
| Attribute Certificates | yes | no |
|---|
| L2TP multiple clients behind same NAT router | no | yes |
|---|
| L2TP multiple clients on identical internal IP | no | yes |
|---|
| L2TP IPsec SA ref tracking | no | yes |
|---|
| IKEv2 | yes | no |
|---|
| MOBIKE | yes | no |
|---|
| Windows IKE support | no | yes |
|---|
| Full FreeBSD support | no | yes |
|---|
| Full NetBSD support | no | yes |
|---|
| Full OpenBSD support | no | maybe/untested |
|---|
| Full Mac OSX support | no | yes |
|---|
| IPsec verify support | no | yes |
|---|
| IPsec livetest support | no | no |
|---|
| XAUTH via passwd file | yes | yes |
|---|
| XAUTH via PAM | no | yes |
|---|
| Mode Config | yes | yes |
|---|
| Aggressive Mode | no | yes |
|---|
| DNSSEC support | no | yes |
|---|
| Pluto DNS helper processes | no | yes |
|---|
| Pluto crypto helper processes | no | yes |
|---|
| Cryptographic Offload | no | yes (OCF v1 & v2) |
|---|
| Hardware offloading | no | yes (hifn,intel,etc) |
|---|
| Hardware RNG support | no | yes (hifn) |
|---|
| TAProom support | no | yes |
|---|
| NAT-T forcing for ESP filter circumvention | IKEv2 only | yes |
|---|
