Source: strongswan
Section: net
Priority: optional
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Uploaders: Rene Mayrhofer <rmayr@debian.org>,
  Yves-Alexis Perez <corsac@debian.org>
Standards-Version: 3.9.5
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary
Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev, 
  libssl-dev (>= 0.9.8), libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev,
  libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf,
  hardening-wrapper, libfcgi-dev, clearsilver-dev,
  libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7) [linux-any], 
  libnm-glib-vpn-dev (>= 0.7) [linux-any], libnm-util-dev (>= 0.7) [linux-any], 
  gperf, libcap-dev [linux-any], dh-autoreconf
Homepage: http://www.strongswan.org

Package: strongswan
Architecture: all
Depends: ${misc:Depends}, strongswan-charon, strongswan-starter
Description: IPsec VPN solution metapackage
 The strongSwan VPN suite uses the native IPsec stack in the standard Linux
 kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This metapackage installs the packages required to maintain IKEv1 and IKEv2
 connections via ipsec.conf or ipsec.secrets.

Package: libstrongswan
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Conflicts: strongswan (<< 4.2.12-1)
Breaks: strongswan-ikev2 (<< 4.6.4)
Replaces: strongswan-ikev2 (<< 4.6.4)
Recommends: libstrongswan-standard-plugins
Suggests: libstrongswan-extra-plugins
Description: strongSwan utility and crypto library
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the underlying libraries of charon and other strongSwan
 components. It is built in a modular way and is extendable through various
 plugins.
 .
 Some default (as specified by the strongSwan projet) plugins are included.
 For libstrongswan (cryptographic backends, URI fetchers and database layers):
  - aes (AES-128/192/256 cipher software implementation)
  - constraints (X.509 certificate advanced constraint checking)
  - dnskey (Parse RFC 4034 public keys)
  - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
  - gmp (RSA/DH crypto backend based on libgmp)
  - hmac (HMAC wrapper using various hashers)
  - md5 (MD5 hasher software implementation)
  - nonce (Default nonce generation plugin)
  - pem (PEM encoding/decoding routines)
  - pgp (PGP encoding/decoding routines)
  - pkcs1 (PKCS#1 encoding/decoding routines)
  - pkcs8 (PKCS#8 decoding routines)
  - pkcs12 (PKCS#12 decoding routines)
  - pubkey (Wrapper to handle raw public keys as trusted certificates)
  - random (RNG reading from /dev/[u]random)
  - rc2 (RC2 cipher software implementation)
  - revocation (X.509 CRL/OCSP revocation checking)
  - sha1 (SHA1 hasher software implementation)
  - sha2 (SHA256/SHA384/SHA512 hasher software implementation)
  - sshkey (SSH key decoding routines)
  - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
    and OCSP messages)
  - xcbc (XCBC wrapper using various ciphers)
 For libhydra (IKE daemon plugins):
  - attr (Provides IKE attributes configured in strongswan.conf)
  - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
    Netlink)
  - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
  - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
  - resolve (Writes name servers received via IKE to a resolv.conf file or
    installs them via resolvconf(8))

Package: libstrongswan-standard-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan utility and crypto library (standard plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides some common plugins for the strongSwan utility and
 cryptograhic library.
 .
 Included plugins are:
  - agent (RSA/ECDSA private key backend connecting to SSH-Agent)
  - gcm (GCM cipher mode wrapper)
  - openssl (Crypto backend based on OpenSSL, provides
    RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG)

Package: libstrongswan-extra-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan utility and crypto library (extra plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the strongSwan utility and
 cryptograhic library.
 .
 Included plugins are:
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - ccm (CCM cipher mode wrapper)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - curl (libcurl based HTTP/FTP fetcher)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ldap (LDAP fetching plugin based on libldap)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)

Package: libcharon-extra-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan charon library (extra plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the charon library:
  - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
    certificates)
  - certexpire (Export expiration dates of used certificates)
  - eap-aka (Generic EAP-AKA protocol handler using different backends)
  - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
  - eap-identity (EAP-Identity identity exchange algorithm, to use with other
    EAP protocols)
  - eap-md5 (EAP-MD5 protocol handler using passwords)
  - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
  - eap-radius (EAP server proxy plugin forwarding EAP conversations to a
    RADIUS server)
  - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
    EAP)
  - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
  - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
  - error-notify (Notification about errors via UNIX socket)
  - ha (High-Availability clustering)
  - led (Let Linux LED subsystem LEDs blink on IKE activity)
  - lookip (Virtual IP lookup facility using a UNIX socket)
  - medcli (Web interface based mediation client interface)
  - medsrv (Web interface based mediation server interface)
  - tnc (Trusted Network Connect)
  - unity (Cisco Unity extensions for IKEv1)
  - xauth-eap (XAuth backend that uses EAP methods to verify passwords)
  - xauth-generic (Generic XAuth backend that provides passwords from
    ipsec.secrets and other credential sets)
  - xauth-pam (XAuth backend that uses PAM modules to verify passwords)

Package: strongswan-dbg
Architecture: any
Section: debug
Priority: extra
Depends: ${misc:Depends}, strongswan, libstrongswan (= ${binary:Version})
Description: strongSwan library and binaries - debugging symbols
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the symbols needed for debugging of strongSwan.

Package: strongswan-starter
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (=
 ${binary:Version}), adduser
Recommends: strongswan-charon
Conflicts: strongswan (<< 4.2.12-1), openswan
Description: strongSwan daemon starter and configuration file parser
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 The starter and the associated "ipsec" script control the charon daemon from
 the command line. It parses ipsec.conf and loads the configurations to the
 daemon.

Package: strongswan-libcharon
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Suggests: libcharon-extra-plugins
Breaks: libstrongswan (<= 5.1.1-1)
Replaces: strongswan-ike, libstrongswan (<= 5.1.1-1)
Description: strongSwan charon library
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon library, used by IKE client like
 strongswan-charon, strongswan-charon-cmd or strongswan-nm

Package: strongswan-charon
Architecture: any
Pre-Depends: debconf | debconf-2.0
Depends: ${shlibs:Depends}, ${misc:Depends},
 libstrongswan (= ${binary:Version}), strongswan-starter, iproute [linux-any]
Provides: ike-server
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: strongswan-ikev1, strongswan-ikev2, libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Description: strongSwan Internet Key Exchange daemon
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
 It is written from scratch using a fully multi-threaded design and a modular
 architecture. Various plugins can provide additional functionality.

Package: strongswan-ike
Architecture: all
Section: oldlibs
Priority: extra
Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-charon
Description: strongSwan Internet Key Exchange daemon (transitional package)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install version 5 of the charon daemon and has been
 replaced by the strongswan-charon package. This package can be safely removed
 once it's installed.

Package: strongswan-nm
Architecture: linux-any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: network-manager-strongswan
Description: strongSwan plugin to interact with NetworkManager
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This plugin provides an interface which allows NetworkManager to configure
 and control the IKEv2 daemon directly through D-Bus. It is designed to work
 in conjunction with the network-manager-strongswan package, providing
 a simple graphical frontend to configure IPsec based VPNs.

Package: strongswan-ikev1
Architecture: all
Depends: ${misc:Depends}, strongswan-ike
Section: oldlibs
Priority: extra
Description: strongSwan IKEv1 daemon, transitional package
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install the pluto daemon, implementing the IKEv1
 protocol. It has been replaced by charon in the strongswan-ike package, so
 this package can be safely removed once it's installed.

Package: strongswan-ikev2
Architecture: all
Depends: ${misc:Depends}, strongswan-ike
Section: oldlibs
Priority: extra
Description: strongSwan IKEv2 daemon, transitional package
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install the charon daemon, implementing the IKEv2
 protocol. It has been replaced the strongswan-ike package, so it can be safely
 removed.

Package: charon-cmd
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: strongswan-ike (<= 5.1.1-1)
Replaces: strongswan-ike (<= 5.1.1-1)
Description: standalone IPsec client
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon-cmd command, which can be used as a client to
 connect to a remote IKE daemon.