Does FreeS/WAN support X.509 or other PKI certificates?
FreeS/WAN, as distributed, does not currently support use of X.509 or other PKI certificates for authentication of gateways. We are concentrating on moving toward authentication via Secure DNS and opportunistic encryption; X.509 support is not (or at least definitely not yet) on the priority list. On the other hand, it is a priority for some users and user-contributed patches are available to add X.509 certificate support to FreeS/WAN now. See the patches section of our web references document for details. Does FreeS/WAN run on my version of Linux? We build and test on Redhat distributions, but FreeS/WAN runs just fine on several other distributions, sometimes with minor fiddles to adapt to the local environment. Details are in our compatibility document. FreeS/WAN is intended to run on all CPUs Linux supports. As of June 2000, we know of it being used in production on x86, ARM, Alpha and MIPS.
Vanilla FreeS/WAN does not support X.509, but Andreas Steffen and others have provided a popular, well-supported X.509 patch. • patch • Super FreeS/WAN incorporates this and other user-contributed patches. • Kai Martius’ X.509 Installation and Configuration Guide Linux FreeS/WAN features Opportunistic Encryption, an alternative Public Key Infrastructure based on Secure DNS.
