State Of IPSec VPN On CentOS 7: Openswan, StrongSwan, RPM Packages

Home » CentOS » State Of IPSec VPN On CentOS 7: Openswan, StrongSwan, RPM Packages
CentOS 6 Comments

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps –
Openswan, strongSwan, etc. I’m pretty sure CentOS 6 had Openswan packages.

What is the current consensus w.r.t. building an IPSec VPN “server”
(concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at the other end? Is any of the *swan apps still considered the best option for that?

Any guidelines w.r.t. IPSec VPN in general on this platform?

Thanks.

6 thoughts on - State Of IPSec VPN On CentOS 7: Openswan, StrongSwan, RPM Packages

  • 2015-04-14 21:07 GMT+03:00 Florin Andrei :

    I think epel-7 repo provides strongwan ipsec package that is required to connect to cisco asa.

  • 2015-04-14 21:40 GMT+03:00 Florin Andrei :

    Well, both packages can do ipsec to cisco asa without any problems.

  • I have this one case where the other end of the connection wants to use some specific encryption parameters (specific versions of AES and SHA). I need to make sure that whatever software I use, is capable of providing that. Better documentation will certainly help.

    And of course, a more actively supported project, with a good security track record, is very important.

    All these are factors in choosing between Openswan / Libreswan /
    strongSwan.

  • 2015-04-14 22:05 GMT+03:00 Florin Andrei :

    Well, you can use any of these software for such basic tasks. I also think that they are almost compatible with configuration files, so you can later change package, if any problems occurs.

    I think best choice is software that comes with CentOS.

    I currently use openswan (epel?) CentOS and Amazon Linux to connect with checkpoint and cisco asa ipsec hardware devices.