The document below originates from the FreeSWAN project, written by Claudia Scheming. You are encouraged to update it with more recent experiences.
The Openswan project needs you! We rely on the user community to keep up to date. Mail users@lists.openswan.org with your interop success stories.
Please note: Most of our interop examples feature Linux Openswan 1.x config files. You can convert them to 2.x files fairly easily with the patch in our Upgrading Guide?.
| Openswan VPN | Road Warrior | OE | |||||
| PSK | RSA Secret | X.509 | NAT-Traversal | Manual Keying | |||
| More Compatible | |||||||
| Openswan | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| isakmpd (OpenBSD) | Yes | Yes | Yes | No | |||
| Kame (FreeBSD, NetBSD, MacOSX) aka racoon | Yes | Yes | Yes | Yes | No | ||
| McAfee VPN was PGPNet | Yes | Yes | Yes | Yes | No | ||
| Microsoft Windows 2000/XP | Yes | No | Yes | Yes | Yes | No | |
| SSH Sentinel | Yes | Yes | Yes | Yes | No | ||
| Safenet SoftPK/SoftRemote | Yes | Yes | Yes | No | |||
| NCP | Yes | Yes | Yes | Yes | Yes | No | |
| Other | |||||||
| 6Wind | Yes | No | |||||
| Alcatel Timestep | Yes | No | |||||
| AshleyLaurent VPCom | Yes | No | |||||
| Borderware | Yes | No | No | ||||
| Check Point FW-1/VPN-1 | Yes | Yes | Yes | No | |||
| Cisco with 3DES | Yes | Maybe | Yes | No | |||
| Equinux VPN Tracker (for Mac OS X) | Yes | Yes | Yes | Maybe | No | ||
| F-Secure | Yes | Maybe | Yes | Yes | No | ||
| Gauntlet GVPN | Yes | Yes | No | ||||
| TheGreenBow VPN Client | Yes | Yes | Maybe | Yes | No | ||
| IBM AIX | Yes | Maybe | No | ||||
| IBM AS/400 | Yes | No | |||||
| IBM z/OS | Yes | No | |||||
| Intel Shiva LANRover/Net Structure | Yes | No | |||||
| LanCom (formerly ELSA) | Yes | No | |||||
| Linksys | Maybe | No | Yes | No | |||
| Lucent | Partial | No | |||||
| Mac OS X | Maybe | Yes | Maybe | Maybe | No | ||
| Microsoft Pocket PC 2003 | Partial | Partial | Partial | No | |||
| Netasq | Yes | No | |||||
| netcelo | Yes | No | |||||
| Netgear fvs318 | Yes | No | |||||
| Netscreen 100 or 5xp | Yes | Maybe | No | ||||
| Nortel Contivity | Partial | Yes | Maybe | No | |||
| RadGuard | Yes | No | |||||
| Raptor | Yes | Yes | No | ||||
| Redcreek Ravlin | Yes/Partial | No | |||||
| SonicWall | Yes | Maybe | No | No | |||
| Sun Solaris | Yes | Yes | Yes | No | |||
| Symantec | Yes | No | |||||
| Watchguard Firebox | Yes | Yes | No | ||||
| Xedia Access Point/QVPN | Yes | No | |||||
| Zyxel Zywall/Prestige | Yes | Yes | No | ||||
| PSK | RSA Secret | X.509 | NAT-Traversal | Manual Keying | |||
| Openswan VPN | Road Warrior | OE | |||||
| Yes | People report that this works for them. |
| [Blank] | We don't know. |
| No | We have reason to believe it was, at some point, not possible to get this to work. |
| Partial | Partial success. For example, a connection can be created from one end only. |
| Yes/Partial | Mixed reports. |
| Maybe | We think the answer is "yes", but need confirmation. |
We offer a set of proposals which is not user-adjustable, but covers all combinations that we can offer. Openswan by default proposes Triple DES (3DES) encryption with Perfect Forward Secrecy (PFS). In addition, it proposes Diffie Hellman groups 5 and 2 (in that order), and both MD5 and SHA-1 hashes. It accept the same proposals, in the same order of preference.
Other interop notes:
