StrongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1  的实现。它也完全支持新的IKEv2协议的Linux 2.6内核。结合IKEv1和IKEv2模式与大多数其他基于IPSec的VPN产品。并且支持Radius.重点项目是strongSwan强认证机 制，使用X.509公开密钥证书和可选的安全储存私钥对智能卡通过一个标准化的PKCS ＃     11接口。一个特点是使用的X.509属性证书实现了先进的访问控制方案的基础上组的成员。

　　StrongSWAN 5.2.0发布。2014-07-09。这是一个Ipsec和IKE的VPN实现,并且支持Radius.这是新的产品系列。它和OpenSWAN是以前已经停止开发的FreeSWAN的后续版本。之前版本是2014-04-15的5.1.3。

　　完全改进：

Version 5.2.0

• strongSwan has been ported to the Windows platform. Using a MinGW toolchain,
  many parts of the strongSwan codebase run natively on Windows 7 / 2008 R2 and
  newer releases.

  charon-svc implements a Windows IKE service based on libcharon, the kernel-iph
  and kernel-wfp plugins act as networking and IPsec backend on the Windows platform.
  socket-win provides a native IKE socket implementation, while winhttp fetches
  CRL and OCSP information using the WinHTTP API.

• The new vici plugin provides a Versatile IKE Configuration Interface for
  charon. Using the stable IPC interface, external applications can configure,
  control and monitor the IKE daemon. Instead of scripting the ipsec tool
  and generating ipsec.conf, third party applications can use the new interface
  for more control and better reliability.

• Built upon the libvici client library, swanctl implements the first user of
  the VICI interface. Together with a swanctl.conf configuration file,
  connections can be defined, loaded and managed. swanctl provides a portable,
  complete IKE configuration and control interface for the command line.
  Examples: http://www.strongswan.org/uml/testresults/swanctl/

• The SWID IMV implements a JSON-based REST API which allows the exchange
  of SWID tags and Software IDs with the strongTNC policy manager.

• The SWID IMC can extract all installed packages from thedpkg(Debian,
  Ubuntu, etc.),rpm(Fedora, RedHat, etc.), orpacman(Arch Linux, Manjaro, etc.)
  package managers, respectively, using the swidGenerator which generates
  SWID tags according to the new ISO/IEC 19770-2:2014 standard.

• All IMVs now share the access requestor ID, device ID and product info
  of an access requestor via a common imv_session object.

• The Attestation IMC/IMV pair supports the IMA-NG measurement format
  introduced with the Linux 3.13 kernel.

• The aikgen tool generates an Attestation Identity Key bound to a TPM.

• Implemented the PT-EAP transport protocol (RFC 7171) for Trusted Network
  Connect.

• The ipsec.conf replay_window option defines connection specific IPsec replay
  windows. Original patch courtesy of Zheng Zhong and Christophe Gouault from 6Wind.

• The custom parser for strongswan.conf has been replaced with one based on flex/bison.
  It adds support for quoted strings (with escape sequences), unlimited includes, more
  relaxed newline handling, better syntax error reporting, and a distinction between
  empty and unset values (key="" vs. key=).

• The parser for ipsec.conf in starter has been rewritten. It allows overriding options
  in all included sections (also=) not only in %default, options defined in included sections
  can also be cleared again. Other improvements, like quoted strings, unlimited includes,
  and better whitespace/comment handling have been implemented as well.

• Support for late IKEv1 connection switching based on the XAuth username has been added.

• Added support to parse SSH public keys from files configured in left|rightsigkey.

• RDNs in Distinguished Names parsed from strings must now either be separated by a comma
  or a slash, not both. If the DN starts with a slash (or whitespace and a slash) slashes
  will be assumed as separator, commas otherwise.

• The algorithm order in the default IKE proposal is again like it was before 5.1.1 (a4844dbc8f15).

• Scalability of half-open IKE_SA and log level checks have been improved (502eeb7f76d2).

• Added a workaround for Sonicwall boxes that send ID/HASH payloads unencrypted during
  IKEv1 Main Mode (c4c9d291d2aa).

• Support for IPComp was added to the kernel-pfkey plugin (FreeBSD, Mac OS X, Linux),
  patch courtesy of Francois ten Krooden (6afa7761a540).

• Passthrough policies are installed with strictly higher priorities than IPsec policies, which
  was not always the case previously, depending on the traffic selectors.

• The kernel-netlink plugin now follows RFC 6724 when selecting IPv6 source addresses (#543).

• stroke and starter now use the <daemon>.plugins.stroke.socket option to determine the socket
  to communicate with the daemon. A--daemonoption has been added to stroke.

• The --disable-tools ./configure option has been replaced with the --disable-pki and --disable-scepclient options.

• Ahandle_vips()hook has been added similar toassign_vips(), but for clients
  handling virtual IPs and other configuration attributes (31f26960761c).

　　下载：http://download.strongswan.org/strongswan-5.2.0.tar.bz2