Summary
StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools.
Versions
v5.8.1 :: 0 :: gentoo
- Modified
- License
- GPL-2 RSA DES
- Keywords
- ~amd64 ~arm ~ppc ~ppc64 ~x86
- USE flags
- caps constraints curl debug dhcp eap farp gcrypt gmp ldap mysql networkmanager non-root openssl pam pkcs11 selinux sqlite systemd
v5.7.2 :: 0 :: gentoo
- Modified
- License
- GPL-2 RSA DES
- Keywords
- amd64 arm ppc x86 ~ppc64
- USE flags
- caps constraints curl debug dhcp eap farp gcrypt gmp ldap mysql networkmanager non-root openssl pam pkcs11 selinux sqlite systemd
USE flags
General
- caps
- Use Linux capabilities library to control privilege
- constraints
- Enable advanced X.509 constraint checking plugin
- curl
- Add support for client-side URL transfer library
- debug
- Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
- dhcp
- Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only)
- eap
- Enable support for the different EAP modules that are supported
- farp
- Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only)
- gcrypt
- Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator.
- gmp
- Add support for dev-libs/gmp (GNU MP library)
- ldap
- Add LDAP support (Lightweight Directory Access Protocol)
- mysql
- Add mySQL Database support
- networkmanager
- Enable net-misc/networkmanager support
- non-root
- Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges.
- openssl
- Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".
- pam
- Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
- pkcs11
- Enable pkcs11 support
- selinux
- !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
- sqlite
- Add support for sqlite - embedded sql database
- strongswan_plugins_aesni
- Enable support for Intel AES-NI crypto plugin
- strongswan_plugins_blowfish
- Enable support for the blowfish plugin
- strongswan_plugins_ccm
- Enable support for the ccm plugin
- strongswan_plugins_chapoly
- Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin
- strongswan_plugins_ctr
- Enable support for the ctr plugin
- strongswan_plugins_forecast
- Enable multicast and broadcast forwarding plugin
- strongswan_plugins_gcm
- Enable support for the gcm plugin
- strongswan_plugins_ha
- Enable support for the ha plugin
- strongswan_plugins_ipseckey
- Enable support for the ipseckey plugin
- strongswan_plugins_led
- Enable support for the led plugin
- strongswan_plugins_lookip
- Enable support for the lookip plugin
- strongswan_plugins_newhope
- Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm
- strongswan_plugins_ntru
- Enable support for the ntru plugin
- strongswan_plugins_padlock
- Enable support for the padlock plugin
- strongswan_plugins_rdrand
- Enable support for the rdrand plugin
- strongswan_plugins_save-keys
- Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging)
- strongswan_plugins_systime-fix
- Enable support for the systime-fix plugin
- strongswan_plugins_unbound
- Enable support for the unbound plugin
- strongswan_plugins_unity
- Enable support for the unity plugin
- strongswan_plugins_vici
- Enable support for the vici plugin
- strongswan_plugins_whitelist
- Enable support for the whitelist plugin
- systemd
- Enable use of systemd-specific libraries and features like socket activation or session tracking
kernel
- linux
- KERNEL setting for system using the Linux kernel
Dependencies
dev-db / mysql-connector-c : C client library for MariaDB/MySQL
dev-db / sqlite : SQL database engine
dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers
dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG
dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)
net-dns / unbound : A validating, recursive and caching DNS resolver
net-libs / ldns : a library with the aim to simplify DNS programming in C
net-misc / curl : A Client that groks URLs
net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward
net-nds / openldap : LDAP suite of application and development tools
sys-apps / systemd : System and service manager for Linux
sys-kernel / linux-headers : Linux system headers
sys-libs / libcap : POSIX 1003.1e capabilities
sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)
virtual / linux-sources : Virtual for Linux kernel sources
Runtime Dependencies
dev-db / mysql-connector-c : C client library for MariaDB/MySQL
dev-db / sqlite : SQL database engine
dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers
dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG
dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)
net-dns / unbound : A validating, recursive and caching DNS resolver
net-libs / ldns : a library with the aim to simplify DNS programming in C
net-misc / curl : A Client that groks URLs
net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward
net-nds / openldap : LDAP suite of application and development tools
net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan
sec-policy / selinux-ipsec : SELinux policy for ipsec
sys-apps / iproute2 : kernel routing and traffic control utilities
sys-apps / systemd : System and service manager for Linux
sys-libs / libcap : POSIX 1003.1e capabilities
sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)
Depending packages
net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan
net-vpn / networkmanager-strongswan : NetworkManager StrongSwan plugin
Bugs
Change logs
- Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.8.1
Closes: https://bugs.gentoo.org/697898 Package-Manager: Portage-2.3.77, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: drop old
Package-Manager: Portage-2.3.65, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Mikle Kolyada · gentoo
net-vpn/strongswan: arm stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="arm" - Repository mirror & CI · gentoo
Merge updates from master - Mikle Kolyada · gentoo
net-vpn/strongswan: amd64 stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="amd64" - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #679176)
Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.2 for ppc, bug #679176
Package-Manager: Portage-2.3.62, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.2
- Use /run instead of /var/run for PID dir Closes: https://bugs.gentoo.org/538102 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup
Bug: https://bugs.gentoo.org/668862 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.1 for ppc, bug #668862
Package-Manager: Portage-2.3.51, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #668862
Signed-off-by: Markus Meier <maekke@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 RepoMan-Options: --include-arches="arm" - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #668862)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #668862
Signed-off-by: Agostino Sarubbo <ago@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.10 RepoMan-Options: --include-arches="amd64" - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup (bug #628606)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.1
Closes: https://bugs.gentoo.org/667696 Closes: https://bugs.gentoo.org/666014 Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: add sub slot operator on net-dns/unbound atom
Package-Manager: Portage-2.3.49, Repoman-2.3.10 - Repository mirror & CI · gentoo
Merge updates from master - Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.6.3
- EAPI bumped to EAPI=7. - Enable "eap-ttls" when USE=eap is set. [Bug 548212] - USE=strongswan_plugins_forecast added. [Bug 582444] - USE=systemd added to allow building of charon-systemd. [Bug 631748] - USE=strongswan_plugins_chapoly and USE=strongswan_plugins_newhope added. [Bug 643978] Closes: https://bugs.gentoo.org/548212 Closes: https://bugs.gentoo.org/582444 Closes: https://bugs.gentoo.org/631748 Closes: https://bugs.gentoo.org/643978 Package-Manager: Portage-2.3.48, Repoman-2.3.10 - Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.6.0-r1 for ppc, bug #628606
Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="ppc" - Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.24, Repoman-2.3.6 - Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #628606
Package-Manager: Portage-2.3.19, Repoman-2.3.6 RepoMan-Options: --include-arches="arm" - Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #628606)
Package-Manager: Portage-2.3.20, Repoman-2.3.6 - Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #628606
Package-Manager: Portage-2.3.13, Repoman-2.3.3 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org> - Patrick Lauer · gentoo
net-vpn/strongswan: Add eap-dynamic feature #631944
Package-Manager: Portage-2.3.10, Repoman-2.3.3 - Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.10, Repoman-2.3.3 - Aaron Bauman · gentoo
net-vpn/strongswan: drop vulnerable wrt sec bug #620256 - Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="arm" - Agostino Sarubbo · gentoo
net-vpn/strongswan: ppc stable wrt bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="ppc" Signed-off-by: Agostino Sarubbo <ago@gentoo.org> - Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org> - Agostino Sarubbo · gentoo
net-vpn/strongswan: x86 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org> - Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.3
Package-Manager: Portage-2.3.6, Repoman-2.3.2 - Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.2, fixing security bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.2 - Jason A. Donenfeld · gentoo
Move VPN packages into net-vpn/