The powerful market-leading IPSec Toolkit™ and IKE implementations is proven technology, helping your organization to get a quick start.

"When Backbone Security set out to develop a VPN client, we looked for an IPSec Toolkit™ to quickly develop our software with a robust feature-set at a low cost. F/X provided a framework to shorten our development time; Instead of spending months on research and testing, we had a basic client ready in just a few days." Read more>>

IPSec Toolkit - Feature Summary

The IPSec Toolkit™ includes all the latest features and a comprehensive palette of business-ready protocols:

• High-grade encryption standards, including U.S. government adopted AES (Advanced Encryption Standard), 3DES, Blowfish, DES and NULL encryption.

• Hardware Acceleration of all time-critical cryptography protocols, using NetOctave adapters.

• Powerful Authentication through Pre-Shared Keys (PSK), Extended Authentication (X-Auth), RSA signatures, Group authentication and X.509 Digital Certificates. Password prompting supported to avoid storing of passwords on the harddisk.

• External Authentication allows storing passwords and other sensitive information externally in any type of storage: LDAP, SQL databases, PAM-based authentication, etc. Sample plugin for keeping authentication information in MySQL database is provided.

• NAT Traversal facilitates easy IPSec deployment over NAT connections.

• IP Compression delivers maximum bandwidth through LZS or DEFLATE compression. LZS requires an additional third-party license from Hifn.

• Dynamic IP (Road Warrior) Support allows you to accept IPSec connections from hosts whose IP addresses you do not know in advance.

• Split tunneling allows a host to maintain tunneled VPN communications with other hosts in the VPN while at the same time communicating with public Internet hosts directly, outside the tunnel. This reduces both processing and traffic overhead on the private network.

• Virtual IP allows the VPN administrator to assign an internal (virtual) IP address to any IPSec client to unify the internal IP address range.

• Fail-over and Fall-back allows the IPSec product to "fail-over" to another VPN Server when the primary one fails, and then "fall-back" to the primary VPN Server when it starts working again.

• IPv6 (Internet Protocol Version 6) is the "next generation" protocol designed by the IETF to replace the current version Internet Protocol, IP Version 4 ("IPv4"). IPv6 increases the address space from 32 bits to 128 bits, providing a virtually unlimited number of networks and systems.

• Wide protocol support, including manual and automatic key exchange, tunnel and transport mode, main-mode and aggressive mode.

• PATH MTU Discovery allows IPSec to be deployed transparently in environments where the IP packet growth might otherwise introduce complicated problems with MTU limits.

• Perfect Forward Secrecy (PFS) ensures that the compromise of a single key does not help a hacker to predict the generation of additional keys.

Deployment Friendly

• APIs for configuration and management. Well documented and with sample applications to demonstrate the use.

• Full SA Database Control allows integrators to store IPSec Security Associations in their own database and inject them into IPSec on demand — even from multiple applications at once. It's also possible to make use of the default plain-text SA database.

• GUI configuration components separately available, allowing integrators to license, brand and rapidly integrate pre-made VPN wizard configuration dialogs.

• Real-time status reporting, statistics and logging provide integrators full insight into IPSec operation and allow third-party user applications to maintain customized reporting.

• Integrated Network Address Translation (NAT) functionality enables the user application to support IP address modification of e.g. dynamic IP addresses, in order to unify IP address space and offer support for Virtual (inner) IP addresses.

• X-Authentication User Database built in, offering simple IPSec VPN Client user account authentication out of the box.

• MySQL User Database, offering easy integration with large user-databases, which can be located remotely from the VPN server.

• IPSec Client and Gateway support in one application eases the configuration on both ends.

• External utility programs, on-the-fly configuration updates and the possibility of plain text configuration enables easy administration and maintenance.

• Ready-for-business sample configurations included, making it easy to configure IPSec to specific requirements.

Documentation and Sample Applications

The IPSec Toolkit™ is supplied with rich, comprehensive documentation, covering typical implementation questions, Toolkit operation and API functions.

Furthermore, the Toolkit ships with 4 fully-functional sample applications, demonstrating key Toolkit functionality. Test programs are platform independent and demonstrate the following:

• Simple packet interception, without IPSec.

• Simple packet interception, with fully functional IPSec VPN client/server support.

• Run-time control of the SA database: SAs are injected and deleted.

• Complete example, with asynchronous packet handling and hardware acceleration.

• Integration with Windows dial-up.

• IPSec over IPv6.

In addition, FX offers template applications to demonstrate integration with the multi-platform wxWidget GUI library to easily create attractive looking VPN clients.