The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols.

The systime-fix plugin for strongSwan is designed for embedded systems that don't have a valid system time just after boot. It detects if the system time is incorrect and disables certificate lifetime validation during this period. This allows the device to establish tunnels, even if the system time is out of sync, and for example connect to an NTP server.

Once the system time gets corrected, the plugin can detect it and verify the lifetimes of all certificates used for active tunnels. If any certificate in the trust-chain is not valid for the given system time, the tunnel gets either closed or reestablished.

This plugin is now included in libstrongswan-extra-plugins. This package can be safely removed once it's installed.