Wednesday Thursday Friday Saturday All Events All Speakers 

Details

strongSwan - the new IKEv2 VPN Solution

von Andreas Steffen (Institute for Internet Technologies and Applications, Hochschule für Technik Rapperswil)

Freitag, 01.06.2007, Saal 4: Kaiserslautern , 12:00-13:00 Uhr

strongSwan is a complete IPsec-based VPN solution supporting both the traditional IKEv1 as well as the new IKEv2 key exchange protocols. Using practical examples we will present the novel features made possible by IKEv2, among them mixed-mode authentication with the VPN gateway presenting an X.509 certificate and the clients using either preshared secrets or one of the various EAP authentication methods (e.g. EAP-OTP employing One-Time Passwords or the SIM-card based EAP-SIM or EAP-AKA methods popular in mobile environments). Other goodies include fast VPN connection setup, built-in NAT traversal and dead peer detection, automatic subnet narrowing, as well as the convenient new IKE configuration payload that can be used to transfer a whole set of network attributes like virtual IP addresses and internal DNS information). We will also give an outlook on our forthcoming "Peer-to-Peer NAT-Traversal for IPsec" Internet draft which proposes an innovative IKEv2 protocol extension to establish IPsec tunnels in double-NAT situations by using firewall hole punching tightly controlled by an IKEv2 mediation server.

Über den Autor Andreas Steffen:

Andreas Steffen is currently professor for Security in Communications at the Rapperswil University of Applied Sciences in Switzerland where he is heading the Institute of Internet Technologies and Applications.

From 1998 to 2004 he was a professor at the Zurich University of Applied Sciences in Winterthur where he developed the popular X.509 patch for Linux FreeS/WAN in collaboration with his students. After the demise of the FreeS/WAN project in March 2004 he forked off the Linux strongSwan project which he is still actively maintaining.

Andreas Steffen received both his Master's degree in Electrical Engineering in 1982 and his Ph.D. in 1991 from the Swiss Federal Institute of Technology in Zurich (ETHZ). From 1982 until 1998 he was an R&D engineer with Siemens Switzerland where he worked in such diverse areas as RF circuit design for RADAR and medical Magnetic Resonance Imaging systems as well as Integrated Circuit design for broadband multiplexers. In his last position with Siemes he was head of the R&D department "Wireless Systems" where he was responsible for one of the first Wireless LAN products.

Andreas Steffen has a long-standing interest in computing and cryptology. He teaches and does active research and development in the area of network security. He was a speaker at the IPsec Global Summit 2002 in Paris and the DFN Arbeitstagungen für Kommunikationsnetze in 2003, 2004, and 2005 in Düsseldorf. At the LinuxTag 2005 he presented the advanced features of the strongSwan VPN software. He was an invited speaker at several VPN seminars organized by NetworkWorld, LANline and the German Telekom. Lately he's been giving talks on VoIP security. He has also published several articles in the popular c't computer magazine.

<< back to overview

Der LinuxTag bedankt sich bei seinen Sponsoren!GUUGLinux VerbandIBMNovellSunLPI e.V.Linux MagazinC & L VerlagIT Administratorcom!VoIPphones.deLinux New MediaHakin9Pro-LinuxLinux UserT3N MagazinISIS Report Spezial