goSecure is an easy to use and portable Virtual Private Network (VPN) built with Linux and a Raspberry Pi 3.
The system consists of a single server and one or many clients. strongSwan is used to establish a Suite B IPsec tunnel with pre-shared keys between the server and client(s).
Server and Client
The server component is a multi-homed [laptop/server/cloud instance/Raspberry Pi] that runs strongSwan using the NSA Commercial Solutions for Classified (CSfC) guidelines for protecting classified data. It is built upon a minimal and hardened Linux instance per DISA Security Technical Implementation Guides (STIGs).
The client component is a Raspberry Pi that runs strongSwan using the NSA CSFC guidelines for protecting classified data and it utilizes its hardware Random Number Generator (RNG). It is built upon a minimal and hardened Linux instance per DISA STIGs.
The client currently supports 3 modes of operation:
- Ethernet (eth0) LAN – Wifi (wlan0) WAN
- Ethernet (eth1) LAN – Ethernet (eth0) WAN
- Wifi LAN (wlan0) – Ethernet (eth0) WAN
StrongSwan is the OpenSource IPsec-based VPN Solution and runs on Linux 2.6, 3.x and 4.x kernels, Android, FreeBSD, OS X, iOS and Windows.
- implements both the IKEv1 and IKEv2 (RFC 7296) key exchange protocols
- Fully tested support of IPv6 IPsec tunnel and transport connections
- Dynamical IP address and interface update with IKEv2 MOBIKE (RFC 4555)
- Automatic insertion and deletion of IPsec-policy-based firewall rules
- NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
- Support of IKEv2 message fragmentation (RFC 7383) to avoid issues with IP fragmentation
- Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
- Static virtual IPs and IKEv1 ModeConfig pull and push modes
- XAUTH server and client functionality on top of IKEv1 Main Mode authentication
- and much more…