FreeS/WAN is software for the Linux Operating System that has the primary objective of making IPSEC encryption and tunneling widespread by providing source code to the world. The name stands for the "free secure wide area network".

FreeS/WAN allows you to build an encrypted tunnel through an insecure network, such as the internet. The packets of data that are passed between the two endpoints of the tunnel are encrypted, so that if the data is sniffed on the untrusted network, the contents are unreadable. Each tunnel endpoint is responsible for encrypting and decrypting the packets that are sent back and forth.

The result, as you may have guessed, is a Virtual Private Network or VPN.

The FreeS/WAN project was started in 1996 with the rather ambitious goal of securing 5% of the internet from wiretapping. So far the author (gnu@toad.com) has not achieved this goal, and realizes that this goal was a bit too ambitious, but is continuing to develop the software. As FreeS/WAN is not developed within the United States, none of the stupid US encryption export controls apply, so there is no restriction on strong encryption.

Three protocols are used:

The three main parts of FreeS/WAN are:

Another functionality that FreeS/WAN provides is the ability to handle road warriors, or VPN endpoints that are not at a fixed IP address. These could be users with a fixed location or DSL or Cable Modem users who are not given a static IP address by their provider.

Probably the most exciting part of FreeS/Wan is it's ability (coming RSN) to provide opportunistic encryption. This method of encryption is for any two systems configured to use opportunistic encryption to be able to create a VPN between them, even if the administrators have not configured the systems for it. Normally the two endpoints of a VPN have to be configured to "know" certain details about the other endpoint. With opportunistic encryption an endpoint can be a promiscuous little encryption whore, and establish a VPN with any other system that it finds that is also configured to use opportunistic encryption.

Freeswan is used in many projects and by many companies that need to use or sell secure communication. My company uses it in our embedded firewall device and are very happy with the results.


References:
FreeS/WAN's website is www.freeswan.org
A bit of history about FreeS/WAN is at http://www.toad.com/swan.html
Freeswan 1.9 documentation at http://freeswan.org/freeswan_trees/freeswan-1.9/doc/intro.html