net-vpn / strongswan

Summary

StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools.

Versions

v5.7.2 :: 0 :: gentoo

Modified

Tuesday 13 August 03:35

License

GPL-2 RSA DES

Keywords

amd64 arm ppc x86 ~ppc64

USE flags

caps constraints curl debug dhcp eap farp gcrypt gmp ldap mysql networkmanager non-root openssl pam pkcs11 selinux sqlite systemd

USE flags

General

caps

Use Linux capabilities library to control privilege

constraints

Enable advanced X.509 constraint checking plugin

curl

Add support for client-side URL transfer library

debug

Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces

dhcp

Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only)

eap

Enable support for the different EAP modules that are supported

farp

Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only)

gcrypt

Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator.

gmp

Add support for dev-libs/gmp (GNU MP library)

ldap

Add LDAP support (Lightweight Directory Access Protocol)

mysql

Add mySQL Database support

networkmanager

Enable net-misc/networkmanager support

non-root

Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges.

openssl

Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".

pam

Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

pkcs11

Enable pkcs11 support

selinux

!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur

sqlite

Add support for sqlite - embedded sql database

strongswan_plugins_aesni

Enable support for Intel AES-NI crypto plugin

strongswan_plugins_blowfish

Enable support for the blowfish plugin

strongswan_plugins_ccm

Enable support for the ccm plugin

strongswan_plugins_chapoly

Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin

strongswan_plugins_ctr

Enable support for the ctr plugin

strongswan_plugins_forecast

Enable multicast and broadcast forwarding plugin

strongswan_plugins_gcm

Enable support for the gcm plugin

strongswan_plugins_ha

Enable support for the ha plugin

strongswan_plugins_ipseckey

Enable support for the ipseckey plugin

strongswan_plugins_led

Enable support for the led plugin

strongswan_plugins_lookip

Enable support for the lookip plugin

strongswan_plugins_newhope

Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm

strongswan_plugins_ntru

Enable support for the ntru plugin

strongswan_plugins_padlock

Enable support for the padlock plugin

strongswan_plugins_rdrand

Enable support for the rdrand plugin

strongswan_plugins_save-keys

Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging)

strongswan_plugins_systime-fix

Enable support for the systime-fix plugin

strongswan_plugins_unbound

Enable support for the unbound plugin

strongswan_plugins_unity

Enable support for the unity plugin

strongswan_plugins_vici

Enable support for the vici plugin

strongswan_plugins_whitelist

Enable support for the whitelist plugin

systemd

Enable use of systemd-specific libraries and features like socket activation or session tracking

kernel

linux

KERNEL setting for system using the Linux kernel

Dependencies

dev-db / mysql-connector-c : C client library for MariaDB/MySQL

dev-db / sqlite : SQL database engine

dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers

dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG

dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)

net-dns / unbound : A validating, recursive and caching DNS resolver

net-libs / ldns : a library with the aim to simplify DNS programming in C

net-misc / curl : A Client that groks URLs

net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward

net-nds / openldap : LDAP suite of application and development tools

sys-apps / systemd : System and service manager for Linux

sys-kernel / linux-headers : Linux system headers

sys-libs / libcap : POSIX 1003.1e capabilities

sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)

virtual / linux-sources : Virtual for Linux kernel sources

Runtime Dependencies

dev-db / mysql-connector-c : C client library for MariaDB/MySQL

dev-db / sqlite : SQL database engine

dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers

dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG

dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)

net-dns / unbound : A validating, recursive and caching DNS resolver

net-libs / ldns : a library with the aim to simplify DNS programming in C

net-misc / curl : A Client that groks URLs

net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward

net-nds / openldap : LDAP suite of application and development tools

net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan

sec-policy / selinux-ipsec : SELinux policy for ipsec

sys-apps / iproute2 : kernel routing and traffic control utilities

sys-apps / systemd : System and service manager for Linux

sys-libs / libcap : POSIX 1003.1e capabilities

sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)

virtual / logger : Virtual for system loggers

Depending packages

net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan

net-vpn / networkmanager-strongswan : NetworkManager StrongSwan plugin

Bugs

366143

net-vpn/strongswan ebuild issues/improvements

Change logs

Tuesday 30 April

Repository mirror & CI · gentoo
Merge updates from master

Tuesday 30 April

Thomas Deutschmann · gentoo
net-vpn/strongswan: drop old
Package-Manager: Portage-2.3.65, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

Sunday 10 March

Repository mirror & CI · gentoo
Merge updates from master

Sunday 10 March

Mikle Kolyada · gentoo
net-vpn/strongswan: arm stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="arm"

Sunday 03 March

Repository mirror & CI · gentoo
Merge updates from master

Sunday 03 March

Mikle Kolyada · gentoo
net-vpn/strongswan: amd64 stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="amd64"

Saturday 02 March

Repository mirror & CI · gentoo
Merge updates from master

Saturday 02 March

Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #679176)
Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

Saturday 02 March

Repository mirror & CI · gentoo
Merge updates from master

Saturday 02 March

Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.2 for ppc, bug #679176
Package-Manager: Portage-2.3.62, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

Sunday 06 January

Repository mirror & CI · gentoo
Merge updates from master

Sunday 06 January

Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.2
- Use /run instead of /var/run for PID dir Closes: https://bugs.gentoo.org/538102 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

15 November 2018

Repository mirror & CI · gentoo
Merge updates from master

15 November 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup
Bug: https://bugs.gentoo.org/668862 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

07 November 2018

Repository mirror & CI · gentoo
Merge updates from master

07 November 2018

Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.1 for ppc, bug #668862
Package-Manager: Portage-2.3.51, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

31 October 2018

Repository mirror & CI · gentoo
Merge updates from master

31 October 2018

Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #668862
Signed-off-by: Markus Meier <maekke@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 RepoMan-Options: --include-arches="arm"

18 October 2018

Repository mirror & CI · gentoo
Merge updates from master

18 October 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #668862)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

17 October 2018

Repository mirror & CI · gentoo
Merge updates from master

17 October 2018

Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #668862
Signed-off-by: Agostino Sarubbo <ago@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.10 RepoMan-Options: --include-arches="amd64"

17 October 2018

Repository mirror & CI · gentoo
Merge updates from master

17 October 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup (bug #628606)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

17 October 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.1
Closes: https://bugs.gentoo.org/667696 Closes: https://bugs.gentoo.org/666014 Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

14 September 2018

Repository mirror & CI · gentoo
Merge updates from master

14 September 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: add sub slot operator on net-dns/unbound atom
Package-Manager: Portage-2.3.49, Repoman-2.3.10

02 September 2018

Repository mirror & CI · gentoo
Merge updates from master

02 September 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.6.3
- EAPI bumped to EAPI=7. - Enable "eap-ttls" when USE=eap is set. [Bug 548212] - USE=strongswan_plugins_forecast added. [Bug 582444] - USE=systemd added to allow building of charon-systemd. [Bug 631748] - USE=strongswan_plugins_chapoly and USE=strongswan_plugins_newhope added. [Bug 643978] Closes: https://bugs.gentoo.org/548212 Closes: https://bugs.gentoo.org/582444 Closes: https://bugs.gentoo.org/631748 Closes: https://bugs.gentoo.org/643978 Package-Manager: Portage-2.3.48, Repoman-2.3.10

03 March 2018

Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.6.0-r1 for ppc, bug #628606
Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="ppc"

24 February 2018

Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.24, Repoman-2.3.6

05 February 2018

Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #628606
Package-Manager: Portage-2.3.19, Repoman-2.3.6 RepoMan-Options: --include-arches="arm"

26 January 2018

Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #628606)
Package-Manager: Portage-2.3.20, Repoman-2.3.6

23 January 2018

Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #628606
Package-Manager: Portage-2.3.13, Repoman-2.3.3 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>

25 September 2017

Patrick Lauer · gentoo
net-vpn/strongswan: Add eap-dynamic feature #631944
Package-Manager: Portage-2.3.10, Repoman-2.3.3

24 September 2017

Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.10, Repoman-2.3.3

16 July 2017

Aaron Bauman · gentoo
net-vpn/strongswan: drop vulnerable wrt sec bug #620256

23 June 2017

Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="arm"

21 June 2017

Agostino Sarubbo · gentoo
net-vpn/strongswan: ppc stable wrt bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="ppc" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>

18 June 2017

Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>

17 June 2017

Agostino Sarubbo · gentoo
net-vpn/strongswan: x86 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>

02 June 2017

Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.3
Package-Manager: Portage-2.3.6, Repoman-2.3.2

02 June 2017

Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.2, fixing security bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.2

17 March 2017

Jason A. Donenfeld · gentoo
Move VPN packages into net-vpn/