Rockhopper VPN is IPsec/IKEv2-based VPN software based on
modern design and considerations for Linux. All components of this VPN software
are implemented in user space only, including the ESP protocol stack.
This software is released under the LESSER GPL version 2.1.
DMVPN: SSO (Single Sign-On) for spoke-to-spoke (shortcut) authentication (*1)
Role-based VPN management
AJAX-based management console on Web browser
Simple VPN Client GUI implemented in GTK2-perl
Interoperability with Windows 7, Windows 8 and Windows 10 VPN clients (EAP-MSCHAPv2 by Local Authentication, X.509 certificate/RSA-Sig or EAP
by RADIUS Authentication)
Interoperability with Android VPN clients (IKEv1 [Pre-Sharedkey or Rsa-Sig] - XAUTH or Hybrid Authentication by Local Authentication [PAP])
Interoperability with Cisco IOS
RADIUS Authentication (EAP) and Accounting [IKEv2]
Legacy IKEv1 is also supported for an interoperability purpose.
IPv4 and IPv6
IPv6 address Auto-configuration over IPsec (Remote Access VPN) (*1)
Built-in packet capture tool (ESP and IKEv1/v2 in both plaintext and ciphertext) [PCAP]
No kernel modules.
(*1): Rockhopper's private extension
News
2017-Jan-15 - Version 0.2.b1-022-unstable-01 is available.
I got a few requests for an installable package of the next version (0.2.b1-022).
[CAUTION] This version is still unstable. Please don't install it in your actual environment.
- New features:
RADIUS Authentication (IKEv2/EAP) and Accounting support.
Started to support Dynamic Mesh VPN (i.e. Dynamic Multipoint VPN (DMVPN): Shortcut Switching Enhancements for NHRP)
based on the internet-draft (draft-detienne-dmvpn-01) by Cisco.
Started to support legacy IKEv1 for an interoperability purpose.
A packet capture tool is supported. A capture file including decrypted (plaintext) and encrypted (ciphertext) packets of ESP and
IKEv1/v2 handled by Rockhopper can be saved in PCAP format and viewed by network protocol analyzer like Wireshark.
- The NULL Authentication Method in IKEv2 [RFC7619]
- Easy user interface to configure a VPN client (Rockhopper Web Console).
- IPv6 address Auto-configuration over IPsec (Remote Access VPN).
- Additional settings for a remote configuration server (IKEv2).
- Tested on Ubuntu 15.10, Debian 8.2, LinuxMint 17.2 and Fedora 23.
- [Fixed] Web Console: A connection error frequently occurs on
Firefox 43.0.
[Remote Access VPN] IPv6 address Auto-configuration over IPsec
Easy user interface to configure a VPN client (Rockhopper Web Console)
VPN examples (Easy user interface, IKEv2 Null Auth and IPv6 Auto-conf)
2015-Dec-17 - Version 0.2.b1-018-3 is available.
- [Fixed] Web Console: A connection error frequently occurs on
Firefox 43.0.
2015-Aug-30 - Version 0.2.b1-020 is available.
- IKEv2 Session Resumption [RFC5723]
- Interoperability with Windows 10.
- Tested on Debian 8.1 and LinuxMint 17.2.
- Please see Changelog for more details.
VPN examples related to Windows clients. (Windows 10)
Connecting a Windows 10 VPN client with Rockhopper
2015-May-31 - Version 0.2.b1-019 is available.
- IPv6 support.
- IKEv2 Message Fragmentation [RFC7383]
- Systemd configuration is tested on Cent OS 7, Fedora 21, Ubuntu 15.04 and Debian 8.0.
- Please see Changelog for more details.
Connecting a Windows 7/8 VPN Client with Rockhopper.
Installation on the non-GUI environment.
IPv6 configuration
Usage examples for rockhopper command (Management tool).
Usage examples for rockhopper_log command (Event-log tool).
Many changes were done for this release.
If you are not interested in IPv6, systemd's tools or new other features,
it may be also a good decision to install a previous 0.2.b1-018-2 package.
2013-Dec-21 - Version 0.2.b1-018 is available.
- Please see Changelog for more details.
- Documents related to static and dynamic routing
(quagga) over VPN tunnels
in Site-to-Site VPN scenarios.
- Version 0.2.b1-017 was cancelled. (2013-Dec-20)
2013-Sep-28 - Beta version 0.2.b1-016 is available.
- Mobility and Multihoming Protocol (MOBIKE) [RFC4555]
- Quick Crash Detection (QCD) [RFC6290]
- EAP-MSCHAPv2 peer (client)
- Hash and URL encoding (X.509 Certificate)
- Many improvements and several bugfixes (including a few critical ones related to DNS proxy).
- Evaluated on Debian 7.1 (i386 and amd64).
- Please see Changelog for more details.
- Documents updated.
2013-Feb-06 - Beta version 0.2.b1-015 is available.
- Several bugfixes.
- Simple VPN Client GUI implemented in GTK2-perl.
- Desktop launchers for VPN Client GUI and Web Console (Firefox).
- Several improvements.
- Automatically selecting a default-route interface to connect VPN.
- An inter-op problem with StrongSwan was improved.
Sending a CertReq payload including hash values of all realms' CA certificates in IKE_SA_INIT
exchange by default. (Responder)
etc.
- Documents updated.
2012-Dec-15 - Beta version 0.2.b1-014 is available.
- Several bug fixes (including a few critical fixes like memory leaks) and improvements.
- Documents updated, etc.
2012-Nov-25 - Beta version 0.2.b1-013 is available.
- Evaluated on Cent OS 6.3(i386 and x86_64).
- Evaluated on Linux Mint 14(32bits and 64bits).
2012-Nov-15 - Beta version 0.2.b1-012 is available.
- Several bug fixes and improvements.
- Inter-Op with Win8 clients(EAP-MSCHAPv2 and RSA-Sig).
- Evaluated on Ubuntu 12.10(32bits and 64bits).
- Documents updated, etc.
2012-Jul-08 - Alpha version 0.2.a1-010 is available.
- A lot of bug fixes.
- Many improvements of Web Console (GUI).
- Supporting PKCS#12 and CRL.
- Supporting a configuration's backup (including all settings, keys and certificates).
- Inter-Op with Win7 clients(EAP-MSCHAPv2 and RSA-Sig).
- Evaluated on Ubuntu 12.04 LTS(32bits and 64bits) and CentOS 6.2(i386).
- Supporting a one-armed deployment.
- Documents updated, etc.
Demo
Support
User mailing list:
Please visit this page
to subscribe the list or read archives.