オープンソースなIPSecベースVPN - strongSwan

The OpenSource IPsec-based VPN Solution for Linux:

* runs both on Linux 2.4 (KLIPS) and Linux 2.6 (native IPsec) kernels
* Fast connection startup and periodic update using ipsec starter
* strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
* NAT-Traversal (RFC 3947) and support of virtual IPs and IKE Mode Config
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF 2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates ( RFC 3281)
* Optional storage of RSA private keys and certificates on a smartcard
* Smartcard access via standardized PKCS #11 interface
* PKCS #11 proxy function offering RSA decryption services via whack

うーん。結構ヨサゲです。