strongswan 5.3.5-1ubuntu1 source package in Ubuntu
Changelog
strongswan (5.3.5-1ubuntu1) xenial; urgency=medium
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable bliss plugin
* debian/{rules,control,libstrongswan-extra-plugins.install}
Enable chapoly plugin
* debian/patches/dont-load-kernel-libipsec-plugin-by-default.patch
Upstream suggests to not load this plugin by default as it has
some limitations.
https://wiki.strongswan.org/projects/strongswan/wiki/Kernel-libipsec
* debian/patches/increase-bliss-test-timeout.patch
Under QEMU/KVM for autopkgtest bliss test takes a bit longer then default
* Update Apparmor profiles
- usr.lib.ipsec.charon
- add capability audit_write for xauth-pam (LP: #1470277)
- add capability dac_override (needed by agent plugin)
- allow priv dropping (LP: #1333655)
- allow caching CRLs (LP: #1505222)
- allow rw access to /dev/net/tun for kernel-libipsec (LP: #1309594)
- usr.lib.ipsec.stroke
- allow priv dropping (LP: #1333655)
- add local include
- usr.lib.ipsec.lookip
- add local include
* Merge from Debian, which includes fixes for all previous CVEs
Fixes (LP: #1330504, #1451091, #1448870, #1470277)
Remaining changes:
* debian/control
- Lower dpkg-dev to 1.16.1 from 1.16.2 to enable backporting to Precise
- Update Maintainer for Ubuntu
- Add build-deps
- dh-apparmor
- iptables-dev
- libjson0-dev
- libldns-dev
- libmysqlclient-dev
- libpcsclite-dev
- libsoup2.4-dev
- libtspi-dev
- libunbound-dev
- Drop build-deps
- libfcgi-dev
- clearsilver-dev
- Create virtual packages for all strongswan-plugin-* for dist-upgrade
- Set XS-Testsuite: autopkgtest
* debian/rules:
- Enforcing DEB_BUILD_OPTIONS=nostrip for library integrity checking.
- Set TESTS_REDUCED_KEYLENGTHS to one generate smallest key-lengths in
tests.
- Change init/systemd program name to strongswan
- Install AppArmor profiles
- Removed pieces on 'patching ipsec.conf' on build.
- Enablement of features per Ubuntu current config suggested from
upstream recommendation
- Unpack and sort enabled features to one-per-line
- Disable duplicheck as per
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718291#10
- Disable libfast (--disable-fast):
Requires dropping medsrv, medcli plugins which depend on libfast
- Add configure options
--with-tss=trousers
- Remove configure options:
--enable-ha (requires special kernel)
--enable-unit-test (unit tests run by default)
- Drop logcheck install
* debian/tests/*
- Add DEP8 test for strongswan service and plugins
* debian/strongswan-starter.strongswan.service
- Add new systemd file instead of patching upstream
* debian/strongswan-starter.links
- removed, use Ubuntu systemd file instead of linking to upstream
* debian/usr.lib.ipsec.{charon, lookip, stroke}
- added AppArmor profiles for charon, lookip and stroke
* debian/libcharon-extra-plugins.install
- Add plugins
- kernel-libipsec.{so, lib, conf, apparmor}
- Remove plugins
- libstrongswan-ha.so
- Relocate plugins
- libstrongswan-tnc-tnccs.so (strongswan-tnc-base.install)
* debian/libstrongswan-extra-plugins.install
- Add plugins (so, lib, conf)
- acert
- attr-sql
- coupling
- dnscert
- fips-prf
- gmp
- ipseckey
- load-tester
- mysql
- ntru
- radattr
- soup
- sqlite
- sql
- systime-fix
- unbound
- whitelist
- Relocate plugins (so, lib, conf)
- ccm (libstrongswan.install)
- test-vectors (libstrongswan.install)
* debian/libstrongswan.install
- Sort sections
- Add plugins (so, lib, conf)
- libchecksum
- ccm
- eap-identity
- md4
- test-vectors
* debian/strongswan-charon.install
- Add AppArmor profile for charon
* debian/strongswan-starter.install
- Add tools, manpages, conf
- openac
- pool
- _updown_espmark
- Add AppArmor profile for stroke
* debian/strongswan-tnc-base.install
- Add new subpackage for TNC
- remove non-existent (dropped in 5.2.1) libpts library files
* debian/strongswan-tnc-client.install
- Add new subpackage for TNC
* debian/strongswan-tnc-ifmap.install
- Add new subpackage for TNC
* debian/strongswan-tnc-pdp.install
- Add new subpackage for TNC
* debian/strongswan-tnc-server.install
- Add new subpackage for TNC
* debian/strongswan-starter.postinit:
- Removed section about runlevel changes, it's almost 2014.
- Adapted service restart section for Upstart.
- Remove old symlinks to init.d files is necessary.
* debian/strongswan-starter.dirs: Don't touch /etc/init.d.
* debian/strongswan-starter.postrm: Removed 'update-rc.d ipsec remove' call.
* debian/strongswan-starter.prerm: Stop strongswan service on package
removal (as opposed to using the old init.d script).
* debian/libstrongswan.strongswan.logcheck combined into debian/strongswan.logcheck
- logcheck patterns updated to be helpful
* debian/strongswan-starter.postinst: Removed further out-dated code and
entire section on opportunistic encryption - this was never in strongSwan.
* debian/ipsec.secrets.proto: Removed ipsec.secrets.inc reference.
Drop changes:
* debian/control
- Per-plugin package breakup: Reducing packaging delta from Debian
- Don't build dhcp, farp subpackages: Reduce packging delta from Debian
* debian/watch: Already exists in Debian merge
* debian/upstream/signing-key.asc: Upstream has newer version.
strongswan (5.3.5-1) unstable; urgency=medium
* New upstream bugfix release.
strongswan (5.3.4-1) unstable; urgency=medium
* New upstream release.
* debian/patches:
- 03_systemd-service refreshed for new upstream release.
- 0001-socket-default-Refactor-setting-source-address-when-,
0001-socket-dynamic-Refactor-setting-source-address-when- and
CVE-2015-8023_eap_mschapv2_state dropped, included upstream.
strongswan (5.3.3-3) unstable; urgency=high
* Set urgency=high for security fix.
* debian/patches:
- CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
using EAP MSCHAPv2.
strongswan (5.3.3-2) unstable; urgency=medium
* debian/rules:
- make the dh_install override arch-dependent only since it only acts on
arch:any packages, fix FTBFS on arch:all.
strongswan (5.3.3-1) unstable; urgency=medium
* debian/rules:
- enable the connmark plugin.
* debian/control:
- add build-dep on iptables-dev.
* debian/libstrongswan-standard-plugins:
- add connmark plugin to the standard-plugins package.
* New upstream release. closes: #803772
* debian/strongswan-starter.install:
- install new pki --dn manpage to ipsec-starter package.
* debian/patches:
- 0001-socket-default-Refactor-setting-source-address-when- and
0001-socket-dynamic-Refactor-setting-source-address-when- added (taken
from c761db and 9e8b4a in the 1171-socket-default-scope branch), fix
source address selection with IPv6 (upstream #1171)
strongswan (5.3.2-1) unstable; urgency=medium
* New upstream release.
* debian/patches:
- 05_ivgen-allow-reusing-same-message-id-twice dropped, included upstream.
- CVE-2015-4171_enforce_remote_auth dropped as well.
strongswan (5.3.1-1) unstable; urgency=high
* New upstream release.
* debian/patches:
- strongswan-5.2.2-5.3.0_unknown_payload dropped, included upstream.
- 05_ivgen-allow-reusing-same-message-id-twice added, allow reusing the
same message ID twice in sequential IV gen. strongSwan issue #980.
- CVE-2015-4171_enforce_remote_auth added, fix potential leak of
authentication credential to rogue server when using PSK or EAP. This is
CVE-2015-4171.
strongswan (5.3.0-2) unstable; urgency=medium
* debian/patches:
- strongswan-5.2.2-5.3.0_unknown_payload added, fixes a DoS and potential
remote code execution vulnerability (CVE-2015-3991).
* debian/strongswan-starter.lintian-overrides: add override for
command-with-path-in-maintainer-script since it's there to check for file
existence.
* Upload to unstable.
strongswan (5.3.0-1) experimental; urgency=medium
* New upstream release.
* debian/patches:
- 01_fix-manpages refreshed for new upstream release.
- 02_chunk-endianness dropped, included upstream.
- CVE-2014-9221_modp_custom dropped, included upstream.
* debian/strongswan-starter.install
- don't install the _updown and _updown_espmark manpages anymore, they're
gone.
- also remove the _updown_espmark script, gone too.
* debian/copyright updated.
strongswan (5.2.1-6) unstable; urgency=medium
* Ship /lib/systemd/system/ipsec.service as a symlink to
strongswan.service in strongswan-starter instead of using Alias= in
the service file. This makes the ipsec name available to invoke-rc.d
before the service gets actually enabled, which avoids some confusion
(closes: #781209).
strongswan (5.2.1-5) unstable; urgency=high
* debian/patches:
- debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated
denial of service in IKEv2 when using custom MODP value.
strongswan (5.2.1-4) unstable; urgency=medium
* Give up on trying to run the test suite on !amd64, it now times out on
both i386 and s390x, our chosen "fast" archs.
strongswan (5.2.1-3) unstable; urgency=medium
* Disable libtls tests again, they are still too intensive for the buildd
network...
strongswan (5.2.1-2) unstable; urgency=medium
* Cherry-pick commits 701d6ed and 1c70c6e from upstream to fix checksum
computation and FTBFS on big-endian hosts.
* Run the test suite only on amd64, i386, and s390x. It requires lots of
entropy and CPU time, which are typically hard to come by on slower
archs.
* Re-enable normal keylengths in test suite.
* Re-enable libtls tests.
* Update Dutch translation, thanks to Frans Spiesschaert (closes: #763798).
* Bump Standards-Version to 3.9.6.
strongswan (5.2.1-1) unstable; urgency=medium
* New upstream release.
* Stop shipping /etc/strongswan.conf.d in libstrongswan.
strongswan (5.2.0-2) unstable; urgency=medium
* Add systemd integration:
+ Install upstream systemd service file in strongswan-starter.
+ Alias strongswan.service to ipsec.service to match the sysv init script.
+ Drop After=syslog.target (as syslog is socket-activated nowadays), but
add After=network.target to ensure that charon gets the chance to send
deletes on exit.
+ Add ExecReload for reload action, since the starter script has one.
+ On linux-any, add build-dep on systemd to ensure that the pkg-config
metadata file can be found.
+ Add build-dep on dh-systemd, and use systemd dh addon.
* Remove debian/patches/03_include-stdint.patch.
strongswan (5.2.0-1) unstable; urgency=medium
* New upstream release.
[ Romain Francoise ]
* Amend build-dep on libgcrypt to 'libgcrypt20-dev | libgcrypt11-dev'.
* Drop hardening-wrapper from build-depends (unused since 5.0.4-1).
[ Yves-Alexis Perez ]
* debian/po:
- pt_BR.po updated, thanks Adriano Rafael Gomes. closes: #752721
* debian/patches:
03_pfkey-Always-include-stdint.h dropped, included upstream.
* debian/strongswan-starter.install:
- replace tools.conf by pki.conf and scepclient.conf.
strongswan (5.1.3-4) unstable; urgency=medium
* debian/control:
- add build-dep on pkg-config.
* debian/patches:
- 03_pfkey-Always-include-stdint.h added, cherry-picked from upstream git:
always include of stdint.h. Fix FTBFS on kFreeBSD.
strongswan (5.1.3-3) unstable; urgency=medium
* debian/watch:
- add pgpsigurlmangle to get PGP signature
* debian/upstream/signing-key.asc:
- bootstrap keyring by adding Andreas Steffen key (0xDF42C170B34DBA77)
* debian/control:
- add build-dep on libgcrypt20-dev, fix FTBFS. closes: #747796
strongswan (5.1.3-2) unstable; urgency=low
* Disable the new libtls test suite for now--it appears to be a
little too intensive for slower archs.
strongswan (5.1.3-1) unstable; urgency=low
* New upstream release.
* debian/control: make strongswan-charon depend on iproute2 | iproute,
thanks to Ryo IGARASHI <email address hidden> (closes: #744832).
strongswan (5.1.2-4) unstable; urgency=high
* debian/patches/04_cve-2014-2338.patch: added to fix CVE-2014-2338
(authentication bypass vulnerability in IKEv2 code).
* debian/control: add myself to Uploaders.
strongswan (5.1.2-3) unstable; urgency=medium
* debian/patches/
- 02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b added, fix
testsuite failing on 64 bit big-endian platforms (s390x).
- 03_unit-tests-Fix-chunk-clear-armel added, fix testsuite failing on
armel.
strongswan (5.1.2-2) unstable; urgency=medium
* debian/rules:
- use reduced keylengths in testsuite on various arches, hopefully fixing
FTBFS when the genrsa test runs.
strongswan (5.1.2-1) unstable; urgency=medium
* New upstream release.
* debian/control:
- add conflicts against openSwan. closes: #740808
* debian/strongswan-starter,postrm:
- remove /var/lib/strongswan on purge.
* debian/ipsec.secrets.proto:
- stop lying about ipsec showhostkey command. closes: #600382
* debian/patches:
- 01_fix-manpages refreshed for new upstream.
- 02_include-strongswan.conf.d removed, strongswan.d is now supported
upstream.
* debian/rules, debian/*.install:
- install default configuration files for all plugins.
* debian/NEWS:
- fix spurious entry.
- add a NEWS entry to advertise about the new strongswan.d configuration
mechanism.
-- Ryan Harper <email address hidden> Fri, 12 Feb 2016 11:24:53 -0600
Upload details
- Uploaded by:
- Ryan Harper
- Sponsored by:
- Serge Hallyn
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| strongswan_5.3.5.orig.tar.bz2 | 4.2 MiB | 2c84b663da652b1ff180a1a73c24a3d7b9fc4b9b8ba6bd07f94a1e33092e6350 |
| strongswan_5.3.5-1ubuntu1.debian.tar.xz | 128.4 KiB | acb6bd0db213526c3ceea5a394455a8b531a1859a0dea3c7a317e465ede41069 |
| strongswan_5.3.5-1ubuntu1.dsc | 8.3 KiB | 2cd1fb1c31252055c1a63743681e695bdc236941db8a71f38aabe2a98fb58ed6 |
Available diffs
Binary packages built by this source
- charon-cmd: standalone IPsec client
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon-cmd command, which can be used as a client to
connect to a remote IKE daemon.
- charon-cmd-dbgsym: debug symbols for package charon-cmd
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon-cmd command, which can be used as a client to
connect to a remote IKE daemon.
- libcharon-extra-plugins: strongSwan charon library (extra plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the charon library:
- addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
certificates)
- dhcp (Forwarding of DHCP requests for virtual IPs to DHCP server)
- certexpire (Export expiration dates of used certificates)
- eap-aka (Generic EAP-AKA protocol handler using different backends)
- eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
- eap-identity (EAP-Identity identity exchange algorithm, to use with other
EAP protocols)
- eap-md5 (EAP-MD5 protocol handler using passwords)
- eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
- eap-radius (EAP server proxy plugin forwarding EAP conversations to a
RADIUS server)
- eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
EAP)
- eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
- eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
- error-notify (Notification about errors via UNIX socket)
- farp (fake ARP responses for requests to virtual IP address)
- kernel-libipsec (Userspace IPsec Backend with TUN devices)
- led (Let Linux LED subsystem LEDs blink on IKE activity)
- lookip (Virtual IP lookup facility using a UNIX socket)
- tnc (Trusted Network Connect)
- unity (Cisco Unity extensions for IKEv1)
- xauth-eap (XAuth backend that uses EAP methods to verify passwords)
- xauth-generic (Generic XAuth backend that provides passwords from
ipsec.secrets and other credential sets)
- xauth-pam (XAuth backend that uses PAM modules to verify passwords)
- strongswan-plugin- eap-aka- 3gpp2 (EAP-AKA backend implementing standard 3GPP2 algorithm in software)
- strongswan-plugin- eap-dynamic (EAP proxy plugin that dynamically selects an EAP method requested/supported by the client (since 5.0.1))
- strongswan-plugin- eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely)
- strongswan-plugin- eap-sim (Generic EAP-SIM protocol handler using different backends)
- strongswan-plugin- eap-sim- file (EAP-SIM backend reading triplets from a file)
- strongswan-plugin- eap-sim- pcsc (EAP-SIM backend based on a PC/SC smartcard reader)
- strongswan-plugin- eap-simaka- pseudonym (EAP-SIM/AKA in-memory pseudonym identity database)
- strongswan-plugin- eap-simaka- reauth (EAP-SIM/AKA in-memory reauthentication identity database)
- strongswan-plugin- eap-simaka- sql (EAP-SIM/AKA backend reading triplets/ quintuplets from a SQL database)
- strongswan-plugin- xauth-noauth (XAuth backend that does not do any authentication (since 5.0.3))
- libcharon-extra-plugins-dbgsym: debug symbols for package libcharon-extra-plugins
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the charon library:
- addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
certificates)
- dhcp (Forwarding of DHCP requests for virtual IPs to DHCP server)
- certexpire (Export expiration dates of used certificates)
- eap-aka (Generic EAP-AKA protocol handler using different backends)
- eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
- eap-identity (EAP-Identity identity exchange algorithm, to use with other
EAP protocols)
- eap-md5 (EAP-MD5 protocol handler using passwords)
- eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
- eap-radius (EAP server proxy plugin forwarding EAP conversations to a
RADIUS server)
- eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
EAP)
- eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
- eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
- error-notify (Notification about errors via UNIX socket)
- farp (fake ARP responses for requests to virtual IP address)
- kernel-libipsec (Userspace IPsec Backend with TUN devices)
- led (Let Linux LED subsystem LEDs blink on IKE activity)
- lookip (Virtual IP lookup facility using a UNIX socket)
- tnc (Trusted Network Connect)
- unity (Cisco Unity extensions for IKEv1)
- xauth-eap (XAuth backend that uses EAP methods to verify passwords)
- xauth-generic (Generic XAuth backend that provides passwords from
ipsec.secrets and other credential sets)
- xauth-pam (XAuth backend that uses PAM modules to verify passwords)
- strongswan-plugin- eap-aka- 3gpp2 (EAP-AKA backend implementing standard 3GPP2 algorithm in software)
- strongswan-plugin- eap-dynamic (EAP proxy plugin that dynamically selects an EAP method requested/supported by the client (since 5.0.1))
- strongswan-plugin- eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely)
- strongswan-plugin- eap-sim (Generic EAP-SIM protocol handler using different backends)
- strongswan-plugin- eap-sim- file (EAP-SIM backend reading triplets from a file)
- strongswan-plugin- eap-sim- pcsc (EAP-SIM backend based on a PC/SC smartcard reader)
- strongswan-plugin- eap-simaka- pseudonym (EAP-SIM/AKA in-memory pseudonym identity database)
- strongswan-plugin- eap-simaka- reauth (EAP-SIM/AKA in-memory reauthentication identity database)
- strongswan-plugin- eap-simaka- sql (EAP-SIM/AKA backend reading triplets/ quintuplets from a SQL database)
- strongswan-plugin- xauth-noauth (XAuth backend that does not do any authentication (since 5.0.3))
- libstrongswan: strongSwan utility and crypto library
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the underlying libraries of charon and other strongSwan
components. It is built in a modular way and is extendable through various
plugins.
.
Some default (as specified by the strongSwan projet) plugins are included.
For libstrongswan (cryptographic backends, URI fetchers and database layers):
- aes (AES-128/192/256 cipher software implementation)
- constraints (X.509 certificate advanced constraint checking)
- dnskey (Parse RFC 4034 public keys)
- fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
- gmp (RSA/DH crypto backend based on libgmp)
- hmac (HMAC wrapper using various hashers)
- md5 (MD5 hasher software implementation)
- nonce (Default nonce generation plugin)
- pem (PEM encoding/decoding routines)
- pgp (PGP encoding/decoding routines)
- pkcs1 (PKCS#1 encoding/decoding routines)
- pkcs8 (PKCS#8 decoding routines)
- pkcs12 (PKCS#12 decoding routines)
- pubkey (Wrapper to handle raw public keys as trusted certificates)
- random (RNG reading from /dev/[u]random)
- rc2 (RC2 cipher software implementation)
- revocation (X.509 CRL/OCSP revocation checking)
- sha1 (SHA1 hasher software implementation)
- sha2 (SHA256/SHA384/ SHA512 hasher software implementation)
- sshkey (SSH key decoding routines)
- x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
and OCSP messages)
- xcbc (XCBC wrapper using various ciphers)
For libhydra (IKE daemon plugins):
- attr (Provides IKE attributes configured in strongswan.conf)
- kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
Netlink)
- kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
- kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
- resolve (Writes name servers received via IKE to a resolv.conf file or
installs them via resolvconf(8))
- libstrongswan-dbgsym: debug symbols for package libstrongswan
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the underlying libraries of charon and other strongSwan
components. It is built in a modular way and is extendable through various
plugins.
.
Some default (as specified by the strongSwan projet) plugins are included.
For libstrongswan (cryptographic backends, URI fetchers and database layers):
- aes (AES-128/192/256 cipher software implementation)
- constraints (X.509 certificate advanced constraint checking)
- dnskey (Parse RFC 4034 public keys)
- fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
- gmp (RSA/DH crypto backend based on libgmp)
- hmac (HMAC wrapper using various hashers)
- md5 (MD5 hasher software implementation)
- nonce (Default nonce generation plugin)
- pem (PEM encoding/decoding routines)
- pgp (PGP encoding/decoding routines)
- pkcs1 (PKCS#1 encoding/decoding routines)
- pkcs8 (PKCS#8 decoding routines)
- pkcs12 (PKCS#12 decoding routines)
- pubkey (Wrapper to handle raw public keys as trusted certificates)
- random (RNG reading from /dev/[u]random)
- rc2 (RC2 cipher software implementation)
- revocation (X.509 CRL/OCSP revocation checking)
- sha1 (SHA1 hasher software implementation)
- sha2 (SHA256/SHA384/ SHA512 hasher software implementation)
- sshkey (SSH key decoding routines)
- x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
and OCSP messages)
- xcbc (XCBC wrapper using various ciphers)
For libhydra (IKE daemon plugins):
- attr (Provides IKE attributes configured in strongswan.conf)
- kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
Netlink)
- kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
- kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
- resolve (Writes name servers received via IKE to a resolv.conf file or
installs them via resolvconf(8))
- libstrongswan-extra-plugins: strongSwan utility and crypto library (extra plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- acert (Support of X.509 attribute certificates (since 5.1.3))
- af-alg [linux] (AF_ALG Linux crypto API interface, provides
ciphers/hashers/ hmac/xcbc)
- attr-sql (provide IKE attributes read from a database to peers)
- bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
signature scheme)
- ccm (CCM cipher mode wrapper)
- chapoly (ChaCha20/Poly1305 AEAD implementation)
- cmac (CMAC cipher mode wrapper)
- ctr (CTR cipher mode wrapper)
- coupling (Permanent peer certificate coupling)
- curl (libcurl based HTTP/FTP fetcher)
- dnscert (authentication via CERT RRs protected by DNSSEC)
- gcrypt (Crypto backend based on libgcrypt, provides
RSA/DH/ciphers/ hashers/ rng)
- ipseckey (authentication via IPSECKEY RRs protected by DNSSEC)
- ldap (LDAP fetching plugin based on libldap)
- load-tester (perform IKE load tests against self or gateway)
- mysql (database backend)
- ntru (key exchanged based on post-quantum computer NTRU)
- padlock (VIA padlock crypto backend, provides AES128/SHA1)
- pkcs11 (PKCS#11 smartcard backend)
- radattr (inject and process custom RADIUS attributes as IKEv2 client)
- sql (SQL configuration and creds engine)
- sqlite (SQLite database backend)
- soup (libsoup based HTTP fetcher)
- rdrand (High quality / high performance random source using the Intel
rdrand instruction found on Ivy Bridge processors)
- test-vectors (Set of test vectors for various algorithms)
- unbound (DNSSEC enabled resolver using libunbound)
- whitelist (peer verification against a whitelist)
- libstrongswan-extra-plugins-dbgsym: debug symbols for package libstrongswan-extra-plugins
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- acert (Support of X.509 attribute certificates (since 5.1.3))
- af-alg [linux] (AF_ALG Linux crypto API interface, provides
ciphers/hashers/ hmac/xcbc)
- attr-sql (provide IKE attributes read from a database to peers)
- bliss (Bimodal Lattice Signature Scheme (BLISS) post-quantum computer
signature scheme)
- ccm (CCM cipher mode wrapper)
- chapoly (ChaCha20/Poly1305 AEAD implementation)
- cmac (CMAC cipher mode wrapper)
- ctr (CTR cipher mode wrapper)
- coupling (Permanent peer certificate coupling)
- curl (libcurl based HTTP/FTP fetcher)
- dnscert (authentication via CERT RRs protected by DNSSEC)
- gcrypt (Crypto backend based on libgcrypt, provides
RSA/DH/ciphers/ hashers/ rng)
- ipseckey (authentication via IPSECKEY RRs protected by DNSSEC)
- ldap (LDAP fetching plugin based on libldap)
- load-tester (perform IKE load tests against self or gateway)
- mysql (database backend)
- ntru (key exchanged based on post-quantum computer NTRU)
- padlock (VIA padlock crypto backend, provides AES128/SHA1)
- pkcs11 (PKCS#11 smartcard backend)
- radattr (inject and process custom RADIUS attributes as IKEv2 client)
- sql (SQL configuration and creds engine)
- sqlite (SQLite database backend)
- soup (libsoup based HTTP fetcher)
- rdrand (High quality / high performance random source using the Intel
rdrand instruction found on Ivy Bridge processors)
- test-vectors (Set of test vectors for various algorithms)
- unbound (DNSSEC enabled resolver using libunbound)
- whitelist (peer verification against a whitelist)
- libstrongswan-standard-plugins: strongSwan utility and crypto library (standard plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides some common plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- agent (RSA/ECDSA private key backend connecting to SSH-Agent)
- gcm (GCM cipher mode wrapper)
- openssl (Crypto backend based on OpenSSL, provides
RSA/ECDSA/DH/ ECDH/ciphers/ hashers/ HMAC/X. 509/CRL/ RNG)
- libstrongswan-standard-plugins-dbgsym: debug symbols for package libstrongswan-standard-plugins
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides some common plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- agent (RSA/ECDSA private key backend connecting to SSH-Agent)
- gcm (GCM cipher mode wrapper)
- openssl (Crypto backend based on OpenSSL, provides
RSA/ECDSA/DH/ ECDH/ciphers/ hashers/ HMAC/X. 509/CRL/ RNG)
- strongswan: IPsec VPN solution metapackage
The strongSwan VPN suite uses the native IPsec stack in the standard Linux
kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This metapackage installs the packages required to maintain IKEv1 and IKEv2
connections via ipsec.conf or ipsec.secrets.
- strongswan-charon: strongSwan Internet Key Exchange daemon
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
It is written from scratch using a fully multi-threaded design and a modular
architecture. Various plugins can provide additional functionality.
- strongswan-charon-dbgsym: debug symbols for package strongswan-charon
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
It is written from scratch using a fully multi-threaded design and a modular
architecture. Various plugins can provide additional functionality.
- strongswan-dbg: strongSwan library and binaries - debugging symbols
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the symbols needed for debugging of strongSwan.
- strongswan-ike: strongSwan Internet Key Exchange daemon (transitional package)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install version 5 of the charon daemon and has been
replaced by the strongswan-charon package. This package can be safely removed
once it's installed.
- strongswan-ikev1: strongSwan IKEv1 daemon, transitional package
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install the pluto daemon, implementing the IKEv1
protocol. It has been replaced by charon in the strongswan-ike package, so
this package can be safely removed once it's installed.
- strongswan-ikev2: strongSwan IKEv2 daemon, transitional package
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install the charon daemon, implementing the IKEv2
protocol. It has been replaced the strongswan-ike package, so it can be safely
removed.
- strongswan-libcharon: strongSwan charon library
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon library, used by IKE client like
strongswan-charon, strongswan-charon- cmd or strongswan-nm
- strongswan-libcharon-dbgsym: debug symbols for package strongswan-libcharon
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon library, used by IKE client like
strongswan-charon, strongswan-charon- cmd or strongswan-nm
- strongswan-nm: strongSwan plugin to interact with NetworkManager
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This plugin provides an interface which allows NetworkManager to configure
and control the IKEv2 daemon directly through D-Bus. It is designed to work
in conjunction with the network-manager- strongswan package, providing
a simple graphical frontend to configure IPsec based VPNs.
- strongswan-nm-dbgsym: debug symbols for package strongswan-nm
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This plugin provides an interface which allows NetworkManager to configure
and control the IKEv2 daemon directly through D-Bus. It is designed to work
in conjunction with the network-manager- strongswan package, providing
a simple graphical frontend to configure IPsec based VPNs.
- strongswan-plugin-af-alg: strongSwan plugin for AF_ALG Linux crypto API interface
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the AF_ALG Linux crypto API interface plugin for
strongSwan. It provides ciphers/hashers/ hmac/xcbc.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-agent: strongSwan plugin for accessing private keys via ssh-agent
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for accessing to private keys via
ssh-agent.
.
This plugin is now included in libstrongswan-standard- plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-attr-sql: strongSwan plugin for providing IKE attributes from databases
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for providing IKE attributes read
from a database to peers.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-certexpire: strongSwan plugin for exporting expiration dates of certificates
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the plugin for exporting expiration dates of used
certificates for strongSwan.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-coupling: strongSwan plugin for permanent peer certificate coupling
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the permanent peer certificate coupling plugin for
strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-curl: strongSwan plugin for the libcurl based HTTP/FTP fetcher
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the libcurl based HTTP/FTP fetcher plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-dhcp: strongSwan plugin for forwarding DHCP request to a server
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for allowing the forwarding of DHCP
requests for virtual IP addresses to a DHCP server.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-dnscert: strongSwan plugin for authentication via CERT RRs
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for authentication via CERT RRs
protected by DNSSEC.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-dnskey: strongSwan plugin for parsing RFC 4034 public keys
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the plugin for parsing RFC 4034 public keys for
strongSwan.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-duplicheck: strongSwan plugin for duplicheck functionality
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the duplicheck functionality.
.
The duplicheck plugin provides an advanced but very specialized peer identity
duplicate checking. It works independent from the ipsec.conf uniqueids feature.
.
More information may be found at:
http://wiki.strongswan .org/projects/ strongswan/ wiki/Duplicheck
.
This plugin is now disabled. This package can be safely removed once it's
installed.
- strongswan-plugin-eap-aka: strongSwan plugin for generic EAP-AKA protocol handling
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for generic EAP-AKA protocol
handling using different backends.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-aka-3gpp2: strongSwan plugin for the 3GPP2-based EAP-AKA backend
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-AKA backend
implementing the standard 3GPP2 algorithm in software.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-dynamic: strongSwan plugin for dynamic EAP method selection
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP proxying that dynamically
selects an EAP method requested/supported by the client.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-gtc: strongSwan plugin for EAP-GTC protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-GTC protocol handling while
authenticating with XAuth backends.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-md5: strongSwan plugin for EAP-MD5 protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-MD5 protocol handling using
passwords.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-mschapv2: strongSwan plugin for EAP-MSCHAPv2 protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-MSCHAPv2 protocol handling
using passwords/NT hashes.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-peap: strongSwan plugin for EAP-PEAP protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-PEAP protocol handling,
which wraps other EAP methods securely.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-radius: strongSwan plugin for EAP interface to a RADIUS server
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for forwarding EAP conversations
from an EAP server to a RADIUS server.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-sim: strongSwan plugin for generic EAP-SIM protocol handling
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for generic EAP-SIM protocol
handling using different backends.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-sim-file: strongSwan plugin for EAP-SIM credentials from files
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-SIM backend for reading
triplets from a file.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-sim-pcsc: strongSwan plugin for EAP-SIM credentials on smartcards
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-SIM backend based on a
PC/SC smartcard reader.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-simaka-pseudonym: strongSwan plugin for the EAP-SIM/AKA identity database
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-SIM/AKA in-memory
pseudonym identity database.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-simaka-reauth: strongSwan plugin for the EAP-SIM/AKA reauthentication database
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-SIM/AKA in-memory
reauthentication identity database.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-simaka-sql: strongSwan plugin for SQL-based EAP-SIM/AKA backend reading
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the EAP-SIM/AKA backend reading
triplets/quintuplets from a SQL database.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-tls: strongSwan plugin for the EAP-TLS protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-TLS protocol handling, to
authenticate with certificates in EAP.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-tnc: strongSwan plugin for the EAP-TNC protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-TNC protocol handling,
Trusted Network Connect in a TLS tunnel.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-eap-ttls: strongSwan plugin for the EAP-TTLS protocol handler
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for EAP-TTLS protocol handling,
which wraps other EAP methods securely.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-error-notify: strongSwan plugin for error notifications
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the plugin for error notifications, via UNIX socket, for
strongSwan.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-farp: strongSwan plugin for faking ARP responses
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for faking ARP responses for
requests to a virtual IP address assigned to a peer.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-fips-prf: strongSwan plugin for PRF specified by FIPS
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the special
pseudo-random- function (PRF) specified by FIPS, used by EAP-SIM/AKA algorithms.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-gcrypt: strongSwan plugin for gcrypt
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the crypto backend based on libgcrypt, which provides a
RSA/DH/ciphers/ hashers/ rng plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-gmp: strongSwan plugin for libgmp based crypto
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the crypto backend based on libgmp, which provides a
RSA/DH plugin for strongSwan.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-ipseckey: strongSwan plugin for authentication via IPSECKEY RRs
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for authentication via IPSECKEY RRs
protected by DNSSEC.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-kernel-libipsec: strongSwan plugin for a IPsec backend that entirely in userland
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin which provides an IPsec backend
that works entirely in userland, using TUN devices and strongSwan's own IPsec
implementation libipsec. This is useful for when there is no kernel support for
IPsec.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-ldap: strongSwan plugin for LDAP CRL fetching
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for fetching CRL from ldap:// URLs.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-led: strongSwan plugin for LEDs blinking on IKE activity
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for letting the Linux LED subsystem
blink LEDs on IKE activity.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-load-tester: strongSwan plugin for load testing
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the load testing plugin for strongSwan.
.
WARNING: Never enable the load-testing plugin on production systems. It
provides preconfigured credentials and allows an attacker to authenticate as
any user.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-lookip: strongSwan plugin for lookip interface
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin which provides an interface to
query information about tunnels via the peer's virtual IP address.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-mysql: strongSwan plugin for MySQL
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the MySQL database backend plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-ntru: strongSwan plugin for NTRU crypto
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the key exchange based on post-quantum computer NTRU
encryption plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-openssl: strongSwan plugin for OpenSSL
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the crypto backend based on OpenSSL for strongSwan,
providing RSA/ECDSA/DH/ECDH/ ciphers/ hashers/ HMAC/X. 509/CRL/ RN
.
This plugin is now included in libstrongswan-standard- plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-pgp: strongSwan plugin for PGP encoding/decoding routines
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for PGP encoding/decoding routines.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-pkcs11: strongSwan plugin for PKCS#11 smartcard backend
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the PKCS#11 smartcard backend for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-pubkey: strongSwan plugin for raw public keys
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for handling raw public keys as
trusted certificates.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-radattr: strongSwan plugin for custom RADIUS attribute processing
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin to inject and process custom RADIUS
attributes as IKEv2 client.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-soup: strongSwan plugin for the libsoup based HTTP fetcher
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the libsoup based HTTP fetcher plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-sql: strongSwan plugin for SQL configuration and credentials
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the SQL configuration and credentials engine plugin for
strongSwan. Using either SQLite or MySQL.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-sqlite: strongSwan plugin for SQLite
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the SQLite database backend plugin for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-sshkey: strongSwan plugin for SSH key decoding routines
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for SSH key decoding routines.
.
This plugin is now included in libstrongswan. This package can
be safely removed once it's installed.
- strongswan-plugin-systime-fix: strongSwan plugin for system time fixing
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
The systime-fix plugin for strongSwan is designed for embedded systems that
don't have a valid system time just after boot. It detects if the system time
is incorrect and disables certificate lifetime validation during this period.
This allows the device to establish tunnels, even if the system time is out of
sync, and for example connect to an NTP server.
.
Once the system time gets corrected, the plugin can detect it and verify the
lifetimes of all certificates used for active tunnels. If any certificate in
the trust-chain is not valid for the given system time, the tunnel gets either
closed or reestablished.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-unbound: strongSwan plugin for DNSSEC-enabled resolver using libunbound
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the DNSSEC enabled resolver, using libunbound for
strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-unity: strongSwan plugin for IKEv1 Cisco Unity Extensions
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the Unity plugin for strongSwan. It provides support for
parts of the IKEv1 Cisco Unity Extensions.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-whitelist: strongSwan plugin for peer-verification against a whitelist
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the plugin for checking authenticated identities against
a whitelist for strongSwan.
.
This plugin is now included in libstrongswan-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-xauth-eap: strongSwan plugin for XAuth backend using EAP methods
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the XAuth backend that uses
EAP methods to verify passwords.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-xauth-generic: strongSwan plugin for the generic XAuth backend
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the generic XAuth backend that
provides passwords from ipsec.secrets and other credential sets.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-xauth-noauth: strongSwan plugin for the generic XAuth backend
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the XAuth backend that does no
authentication.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-plugin-xauth-pam: strongSwan plugin for XAuth backend using PAM
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the strongSwan plugin for the XAuth backend that uses
PAM modules to verify passwords.
.
This plugin is now included in libcharon-extra-plugins. This package can
be safely removed once it's installed.
- strongswan-starter: strongSwan daemon starter and configuration file parser
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
The starter and the associated "ipsec" script control the charon daemon from
the command line. It parses ipsec.conf and loads the configurations to the
daemon.
- strongswan-starter-dbgsym: debug symbols for package strongswan-starter
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
The starter and the associated "ipsec" script control the charon daemon from
the command line. It parses ipsec.conf and loads the configurations to the
daemon.
- strongswan-tnc-base: strongSwan Trusted Network Connect's (TNC) - base files
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the base files for strongSwan's Trusted Network
Connect's (TNC) functionality.
.
strongSwan's IMC/IMV dynamic libraries can be used by any third party TNC
client/server implementation possessing a standard IF-IMC/IMV interface.
- strongswan-tnc-base-dbgsym: debug symbols for package strongswan-tnc-base
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the base files for strongSwan's Trusted Network
Connect's (TNC) functionality.
.
strongSwan's IMC/IMV dynamic libraries can be used by any third party TNC
client/server implementation possessing a standard IF-IMC/IMV interface.
- strongswan-tnc-client: strongSwan Trusted Network Connect's (TNC) - client files
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the client functionality for strongSwan's Trusted Network
Connect's (TNC) features.
.
It includes the OS, scanner, test, SWID, and attestation IMCs.
- strongswan-tnc-client-dbgsym: debug symbols for package strongswan-tnc-client
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the client functionality for strongSwan's Trusted Network
Connect's (TNC) features.
.
It includes the OS, scanner, test, SWID, and attestation IMCs.
- strongswan-tnc-ifmap: strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP client
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides Trusted Network Connect's (TNC) IF-MAP 2.0 client.
- strongswan-tnc-ifmap-dbgsym: debug symbols for package strongswan-tnc-ifmap
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides Trusted Network Connect's (TNC) IF-MAP 2.0 client.
- strongswan-tnc-pdp: strongSwan plugin for Trusted Network Connect's (TNC) PDP
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides Trusted Network Connect's (TNC) Policy Decision Point
(PDP) with RADIUS server interface.
- strongswan-tnc-pdp-dbgsym: debug symbols for package strongswan-tnc-pdp
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides Trusted Network Connect's (TNC) Policy Decision Point
(PDP) with RADIUS server interface.
- strongswan-tnc-server: strongSwan Trusted Network Connect's (TNC) - server files
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the server functionality for strongSwan's Trusted Network
Connect's (TNC) features.
- strongswan-tnc-server-dbgsym: debug symbols for package strongswan-tnc-server
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the server functionality for strongSwan's Trusted Network
Connect's (TNC) features.
