Overview

Openswan is an open source, kernel-level IPsec implementation available in Red Hat Enterprise Linux. It employs key establishment protocols IKE (Internet Key Exchange) v1 and v2, implemented as user-level daemons. Manual key establishment is also possible via ip xfrm commands, however this is not recommended.

Cryptographic Support

Openswan has an in-built cryptographic library, however it also supports a NSS (Network Security Services) library, which is fully supported, and required for FIPS security compliance. More information on the FIPS (Federal Information Processing Standard) can be found in Section 7.2, “Federal Information Processing Standard (FIPS)”.

Installation

Run the yum install openswan command to install Openswan.