net-vpn / strongswan

IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE

Official package sites : https://www.strongswan.org/ ·

StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools.

v5.7.2 :: 0 :: gentoo

Modified
License
GPL-2 RSA DES
Keywords
amd64 arm ppc x86 ~ppc64
USE flags
caps constraints curl debug dhcp eap farp gcrypt gmp ldap mysql networkmanager non-root openssl pam pkcs11 selinux sqlite systemd

General

caps
Use Linux capabilities library to control privilege
constraints
Enable advanced X.509 constraint checking plugin
curl
Add support for client-side URL transfer library
debug
Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
dhcp
Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only)
eap
Enable support for the different EAP modules that are supported
farp
Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only)
gcrypt
Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator.
gmp
Add support for dev-libs/gmp (GNU MP library)
ldap
Add LDAP support (Lightweight Directory Access Protocol)
mysql
Add mySQL Database support
networkmanager
Enable net-misc/networkmanager support
non-root
Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges.
openssl
Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".
pam
Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
pkcs11
Enable pkcs11 support
selinux
!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
sqlite
Add support for sqlite - embedded sql database
strongswan_plugins_aesni
Enable support for Intel AES-NI crypto plugin
strongswan_plugins_blowfish
Enable support for the blowfish plugin
strongswan_plugins_ccm
Enable support for the ccm plugin
strongswan_plugins_chapoly
Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin
strongswan_plugins_ctr
Enable support for the ctr plugin
strongswan_plugins_forecast
Enable multicast and broadcast forwarding plugin
strongswan_plugins_gcm
Enable support for the gcm plugin
strongswan_plugins_ha
Enable support for the ha plugin
strongswan_plugins_ipseckey
Enable support for the ipseckey plugin
strongswan_plugins_led
Enable support for the led plugin
strongswan_plugins_lookip
Enable support for the lookip plugin
strongswan_plugins_newhope
Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm
strongswan_plugins_ntru
Enable support for the ntru plugin
strongswan_plugins_padlock
Enable support for the padlock plugin
strongswan_plugins_rdrand
Enable support for the rdrand plugin
strongswan_plugins_save-keys
Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging)
strongswan_plugins_systime-fix
Enable support for the systime-fix plugin
strongswan_plugins_unbound
Enable support for the unbound plugin
strongswan_plugins_unity
Enable support for the unity plugin
strongswan_plugins_vici
Enable support for the vici plugin
strongswan_plugins_whitelist
Enable support for the whitelist plugin
systemd
Enable use of systemd-specific libraries and features like socket activation or session tracking

kernel

linux
KERNEL setting for system using the Linux kernel

dev-db / mysql-connector-c : C client library for MariaDB/MySQL

dev-db / sqlite : SQL database engine

dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers

dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG

dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)

net-dns / unbound : A validating, recursive and caching DNS resolver

net-libs / ldns : a library with the aim to simplify DNS programming in C

net-misc / curl : A Client that groks URLs

net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward

net-nds / openldap : LDAP suite of application and development tools

sys-apps / systemd : System and service manager for Linux

sys-kernel / linux-headers : Linux system headers

sys-libs / libcap : POSIX 1003.1e capabilities

sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)

virtual / linux-sources : Virtual for Linux kernel sources

dev-db / mysql-connector-c : C client library for MariaDB/MySQL

dev-db / sqlite : SQL database engine

dev-libs / gmp : Library for arbitrary-precision arithmetic on different type of numbers

dev-libs / libgcrypt : General purpose crypto library based on the code used in GnuPG

dev-libs / openssl : full-strength general purpose cryptography library (including SSL and TLS)

net-dns / unbound : A validating, recursive and caching DNS resolver

net-libs / ldns : a library with the aim to simplify DNS programming in C

net-misc / curl : A Client that groks URLs

net-misc / networkmanager : A set of co-operative tools that make networking simple and straightforward

net-nds / openldap : LDAP suite of application and development tools

net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan

sec-policy / selinux-ipsec : SELinux policy for ipsec

sys-apps / iproute2 : kernel routing and traffic control utilities

sys-apps / systemd : System and service manager for Linux

sys-libs / libcap : POSIX 1003.1e capabilities

sys-libs / pam : Linux-PAM (Pluggable Authentication Modules)

virtual / logger : Virtual for system loggers

net-vpn / libreswan : IPsec implementation for Linux, fork of Openswan

net-vpn / networkmanager-strongswan : NetworkManager StrongSwan plugin

366143
net-vpn/strongswan ebuild issues/improvements
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: drop old
Package-Manager: Portage-2.3.65, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
net-vpn/strongswan: arm stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="arm"
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
net-vpn/strongswan: amd64 stable wrt bug #679176
Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 RepoMan-Options: --include-arches="amd64"
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #679176)
Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.2 for ppc, bug #679176
Package-Manager: Portage-2.3.62, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.2
- Use /run instead of /var/run for PID dir Closes: https://bugs.gentoo.org/538102 Package-Manager: Portage-2.3.53, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup
Bug: https://bugs.gentoo.org/668862 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.7.1 for ppc, bug #668862
Package-Manager: Portage-2.3.51, Repoman-2.3.12 RepoMan-Options: --include-arches="ppc" Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #668862
Signed-off-by: Markus Meier <maekke@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.11 RepoMan-Options: --include-arches="arm"
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #668862)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #668862
Signed-off-by: Agostino Sarubbo <ago@gentoo.org> Package-Manager: Portage-2.3.49, Repoman-2.3.10 RepoMan-Options: --include-arches="amd64"
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: security cleanup (bug #628606)
Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.7.1
Closes: https://bugs.gentoo.org/667696 Closes: https://bugs.gentoo.org/666014 Package-Manager: Portage-2.3.51, Repoman-2.3.11 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: add sub slot operator on net-dns/unbound atom
Package-Manager: Portage-2.3.49, Repoman-2.3.10
Repository mirror & CI · gentoo
Merge updates from master
Thomas Deutschmann · gentoo
net-vpn/strongswan: bump to v5.6.3
- EAPI bumped to EAPI=7. - Enable "eap-ttls" when USE=eap is set. [Bug 548212] - USE=strongswan_plugins_forecast added. [Bug 582444] - USE=systemd added to allow building of charon-systemd. [Bug 631748] - USE=strongswan_plugins_chapoly and USE=strongswan_plugins_newhope added. [Bug 643978] Closes: https://bugs.gentoo.org/548212 Closes: https://bugs.gentoo.org/582444 Closes: https://bugs.gentoo.org/631748 Closes: https://bugs.gentoo.org/643978 Package-Manager: Portage-2.3.48, Repoman-2.3.10
Sergei Trofimovich · gentoo
net-vpn/strongswan: stable 5.6.0-r1 for ppc, bug #628606
Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="ppc"
Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #628606
Package-Manager: Portage-2.3.19, Repoman-2.3.6 RepoMan-Options: --include-arches="arm"
Thomas Deutschmann · gentoo
net-vpn/strongswan: x86 stable (bug #628606)
Package-Manager: Portage-2.3.20, Repoman-2.3.6
Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #628606
Package-Manager: Portage-2.3.13, Repoman-2.3.3 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Patrick Lauer · gentoo
net-vpn/strongswan: Add eap-dynamic feature #631944
Package-Manager: Portage-2.3.10, Repoman-2.3.3
Patrick Lauer · gentoo
net-vpn/strongswan: Bump
Package-Manager: Portage-2.3.10, Repoman-2.3.3
Aaron Bauman · gentoo
net-vpn/strongswan: drop vulnerable wrt sec bug #620256
Markus Meier · gentoo
net-vpn/strongswan: arm stable, bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="arm"
Agostino Sarubbo · gentoo
net-vpn/strongswan: ppc stable wrt bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.1 RepoMan-Options: --include-arches="ppc" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Agostino Sarubbo · gentoo
net-vpn/strongswan: amd64 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Agostino Sarubbo · gentoo
net-vpn/strongswan: x86 stable wrt bug #620256
Package-Manager: Portage-2.3.5, Repoman-2.3.1 RepoMan-Options: --include-arches="x86" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.3
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Bjarke Istrup Pedersen · gentoo
net-vpn/strongswan: Bumping to 5.5.2, fixing security bug #620256
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Jason A. Donenfeld · gentoo
Move VPN packages into net-vpn/