[Swan-dev] Commercial usage

Paul Wouters paul at nohats.ca
Mon Jul 26 17:43:49 UTC 2021

On Mon, 26 Jul 2021, yarra vivek wrote:

> I would like to use ipsec into a proprietary block chain protocol that we are developing. typically for consensus algorithm
> handshakes. and we cannot open source our block chain code in full or even in parts. I need some guidance on how I can achieve
> this. linking to the libraries might not be feasible because we want to strip unwanted implementations in the libraries and
> make it lean and integrate into our code base. any commercial license solution is also fine. 
> libreswan, openswan, strongswan,  

Only speaking for libreswan (and knowing for openswan). The code is
GPLv2. So you cannot link/compile it in proprietary software if you plan
to distribute that binary to others.

You can use it as-is and have your code can call libreswan using the
"ipsec" command for configuration and control of tunnels.

You can also have your consensus algorithm handshake be an EAP method
that the IKE daemon calls upon for authentication (eg via a pam module)
and you could then keep that separate code proprietary. See RFC 7296
on how to specify an EAP method.

A stripped down version of libreswan is fine to ship as binaries, as
long as you make the source code of that stripped version available.

In general, the trustworthiness and security of software and cryptography
does not depend on secret protocols or secret source code, but on
available specifications and verifiable implementations. In other words,
why should anyone trust your binary only stuff?


More information about the Swan-dev mailing list