Contents Previous Next

Interoperating with FreeS/WAN

* PLEASE NOTE * This document is in process. If a section you are looking for is not yet complete, you can use our old interop document.

Interop at a Glance

 FreeS/WAN VPNRoad Warrior OE
 PSKRSA SecretX.509
(requires patch)
Manual
Keying
  
More Compatible
isakmpd (OpenBSD) Yes YesYes  No    
Kame (FreeBSD, NetBSD) Yes YesYes No
McAfee VPN
was PGPNet
Yes Yes Yes YesNo
Microsoft
Windows 2000/XP
Yes  Yes  with FreeS/WAN
as Warrior
No
Safenet SoftPK
/SoftRemote
Yes  Yes  YesNo
SSH Sentinel Yes Yes  YesNo
Other
AshleyLaurent
VPCom
Yes     No
Borderware Yes    NoNo
Checkpoint FW-1 Yes     No
Checkpoint VPN1 Yes/Partial     No
Cisco with 3DES YesMaybe    No
F-Secure Yes     No
Gauntlet GVPN Yes     No
IBM AS/400 Yes     No
LucentYes      No
Netscreen 5xp Yes     No
Nortel Conitivity Partial     No
RadGuard Yes     No
Raptor (NT) Yes  Yes  No
Raptor (Solaris) Yes     No
Redcreek Ravlin Yes/Partial     No
Shiva
LANRover
Yes     No
Sun Solaris    Yes  No
SonicWall Yes     No
Timestep Yes     No
Watchguard
Firebox
Yes   Yes  No
Xedia Access Point
/QVPN
Yes     No
 PSKRSA SecretX.509
(requires patch)
Manual
Keying
  
 FreeS/WAN VPNRoad Warrior OE

Our information comes primarily from mailing list reports and tutorials.

The FreeS/WAN project needs you! We rely on the user community to keep up to date. Mail users@lists.freeswan.org with your interop success stories.

Key

YesPeople report that this works for them.
[Blank]We don't know.
NoWe have reason to believe it was, at some point, not possible to get this to work.
PartialPartial success. For example, a connection can be created from one end only.
Yes/Partial Mixed reports.
MaybeWe think the answer is "yes", but need confirmation.

Basic Interop Rules

You want to choose X, Y, Z.

Longer Stories

For More Compatible Implementations

isakmpd (OpenBSD)

OpenBSD FAQ: Using IPsec
Hans-Joerg Hoexer's interop Linux-OpenBSD (PSK)
Skyper's configuration (PSK)

Kame for FreeBSD, NetBSD

Kame homepage, with FAQ
NetBSD's IPSec FAQ

Itojun's Kame-FreeS/WAN interop tips (PSK)
Ghislaine Labouret's French page with links to matching FreeS/WAN and Kame configs (RSA)
     Ghislaine's post explaining some peculiarities
Frodo's Kame-FreeS/WAN interop (X.509)
Using Kame as a WAVEsec client

PGPNet/McAfee

Hans-Joerg Hoexer's Guide for Linux-PGPNet (PSK)
Kai Martius' instructions using RSA Key-Extractor Tool (RSA)
    Christian Zeng's page (RSA) based on Kai's work. English or German.
Oscar Delgado's PDF (X.509, no configs)
Ryan's HOWTO for FreeS/WAN-PGPNet (X.509). Through a Linksys Router with IPsec Passthru enabled.
Jean-Francois Nadeau's Practical Configuration (Road Warrior with PSK)
Wouter Prins' HOWTO (Road Warrior with X.509)

Rekeying problem with FreeS/WAN and older PGPNets

DHCP over IPSEC HOWTO for FreeS/WAN (requires X.509 and dhcprelay patches)

Microsoft Windows 2000/XP

Jean-Francois Nadeau's Net-net Configuration (PSK)
Telenor's Node-node Config (Transport-mode PSK)
Marcus Mueller's HOWTO using his VPN config tool (X.509). Tool also works with PSK.
Nate Carlson's HOWTO using same tool (Road Warrior with X.509). Unusually, FreeS/WAN is the Road Warrior here.
Oscar Delgado's PDF (X.509, no configs)

Microsoft's Win2k IPsec debugging tips
MS VPN may fall back to 1DES

Safenet SoftPK/SoftRemote

Whit Blauvelt's SoftRemote tips

Jean-Francois Nadeau's Practical Configuration (Road Warrior with PSK)
Terradon Communications' PDF (Road Warrior with PSK)
Red Baron Consulting's PDF (Road Warrior with X.509)

SSH Sentinel

SSH's Sentinel-FreeSWAN interop PDF (X.509)
Potential problem unless using Legacy Proposal option

For Other Implementations

AshleyLaurent VPCom

Successful interop report, no details

Borderware

Philip Reetz' configs (PSK)
Borderware server does not support FreeS/WAN road warriors
Older Borderware may not support Diffie Hellman groups 2, 5

Checkpoint VPN-1 or FW-1

Text goes here.

Cisco

Text goes here.

F-Secure

Text goes here.

Gauntlet GVPN

Text goes here.

IBM AS/400

Richard Welty's tips and tricks

Lucent

Text goes here.

Netscreen

Errol Neal's settings

Nortel Conitivity

Text goes here.

Radguard

Text goes here.

Raptor (NT)

Text goes here.

Raptor (Solaris)

Text goes here.

Redcreek Ravlin

Text goes here.

Shiva LANRover

Text goes here.

Sun Solaris

Text goes here.

SonicWall

Text goes here.

Timestep

Text goes here.

Watchguard Firebox

  • WatchGuard's HOWTO (PSK)
    Ronald C. Riviera's Settings (PSK)

    Old known issue with auto keying
    Tips on key generation and format (Manual)

    Xedia Access Point/QVPN

    Hybrid IPsec/L2TP connection settings (X.509)
    Xedia's LAN-LAN links don't use multiple tunnels
         That explanation, continued


    Contents Previous Next