Source: strongswan Section: net Priority: optional Maintainer: strongSwan Maintainers Uploaders: Rene Mayrhofer , Yves-Alexis Perez , Romain Francoise Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev, libssl-dev (>= 0.9.8), libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev, libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf, libfcgi-dev, clearsilver-dev, libgcrypt20-dev | libgcrypt11-dev, libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7) [linux-any], libnm-glib-vpn-dev (>= 0.7) [linux-any], libnm-util-dev (>= 0.7) [linux-any], gperf, libcap-dev [linux-any], dh-autoreconf, pkg-config, systemd [linux-any], dh-systemd (>= 1.5) Homepage: http://www.strongswan.org Package: strongswan Architecture: all Depends: ${misc:Depends}, strongswan-charon, strongswan-starter Description: IPsec VPN solution metapackage The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This metapackage installs the packages required to maintain IKEv1 and IKEv2 connections via ipsec.conf or ipsec.secrets. Package: libstrongswan Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: strongswan (<< 4.2.12-1) Breaks: strongswan-ikev2 (<< 4.6.4) Replaces: strongswan-ikev2 (<< 4.6.4) Recommends: libstrongswan-standard-plugins Suggests: libstrongswan-extra-plugins Description: strongSwan utility and crypto library The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the underlying libraries of charon and other strongSwan components. It is built in a modular way and is extendable through various plugins. . Some default (as specified by the strongSwan projet) plugins are included. For libstrongswan (cryptographic backends, URI fetchers and database layers): - aes (AES-128/192/256 cipher software implementation) - constraints (X.509 certificate advanced constraint checking) - dnskey (Parse RFC 4034 public keys) - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms) - gmp (RSA/DH crypto backend based on libgmp) - hmac (HMAC wrapper using various hashers) - md5 (MD5 hasher software implementation) - nonce (Default nonce generation plugin) - pem (PEM encoding/decoding routines) - pgp (PGP encoding/decoding routines) - pkcs1 (PKCS#1 encoding/decoding routines) - pkcs8 (PKCS#8 decoding routines) - pkcs12 (PKCS#12 decoding routines) - pubkey (Wrapper to handle raw public keys as trusted certificates) - random (RNG reading from /dev/[u]random) - rc2 (RC2 cipher software implementation) - revocation (X.509 CRL/OCSP revocation checking) - sha1 (SHA1 hasher software implementation) - sha2 (SHA256/SHA384/SHA512 hasher software implementation) - sshkey (SSH key decoding routines) - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs and OCSP messages) - xcbc (XCBC wrapper using various ciphers) For libhydra (IKE daemon plugins): - attr (Provides IKE attributes configured in strongswan.conf) - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux Netlink) - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY) - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE) - resolve (Writes name servers received via IKE to a resolv.conf file or installs them via resolvconf(8)) Package: libstrongswan-standard-plugins Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1) Description: strongSwan utility and crypto library (standard plugins) The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides some common plugins for the strongSwan utility and cryptograhic library. . Included plugins are: - agent (RSA/ECDSA private key backend connecting to SSH-Agent) - gcm (GCM cipher mode wrapper) - openssl (Crypto backend based on OpenSSL, provides RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG) Package: libstrongswan-extra-plugins Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1) Description: strongSwan utility and crypto library (extra plugins) The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides extra plugins for the strongSwan utility and cryptograhic library. . Included plugins are: - af-alg [linux] (AF_ALG Linux crypto API interface, provides ciphers/hashers/hmac/xcbc) - ccm (CCM cipher mode wrapper) - cmac (CMAC cipher mode wrapper) - ctr (CTR cipher mode wrapper) - curl (libcurl based HTTP/FTP fetcher) - gcrypt (Crypto backend based on libgcrypt, provides RSA/DH/ciphers/hashers/rng) - ldap (LDAP fetching plugin based on libldap) - padlock (VIA padlock crypto backend, provides AES128/SHA1) - pkcs11 (PKCS#11 smartcard backend) - rdrand (High quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors) - test-vectors (Set of test vectors for various algorithms) Package: libcharon-extra-plugins Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1) Description: strongSwan charon library (extra plugins) The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides extra plugins for the charon library: - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509 certificates) - certexpire (Export expiration dates of used certificates) - eap-aka (Generic EAP-AKA protocol handler using different backends) - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends) - eap-identity (EAP-Identity identity exchange algorithm, to use with other EAP protocols) - eap-md5 (EAP-MD5 protocol handler using passwords) - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes) - eap-radius (EAP server proxy plugin forwarding EAP conversations to a RADIUS server) - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in EAP) - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel) - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely) - error-notify (Notification about errors via UNIX socket) - ha (High-Availability clustering) - led (Let Linux LED subsystem LEDs blink on IKE activity) - lookip (Virtual IP lookup facility using a UNIX socket) - medcli (Web interface based mediation client interface) - medsrv (Web interface based mediation server interface) - tnc (Trusted Network Connect) - unity (Cisco Unity extensions for IKEv1) - xauth-eap (XAuth backend that uses EAP methods to verify passwords) - xauth-generic (Generic XAuth backend that provides passwords from ipsec.secrets and other credential sets) - xauth-pam (XAuth backend that uses PAM modules to verify passwords) Package: strongswan-dbg Architecture: any Section: debug Priority: extra Depends: ${misc:Depends}, strongswan, libstrongswan (= ${binary:Version}) Description: strongSwan library and binaries - debugging symbols The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package provides the symbols needed for debugging of strongSwan. Package: strongswan-starter Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), adduser Recommends: strongswan-charon Conflicts: strongswan (<< 4.2.12-1), openswan Description: strongSwan daemon starter and configuration file parser The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . The starter and the associated "ipsec" script control the charon daemon from the command line. It parses ipsec.conf and loads the configurations to the daemon. Package: strongswan-libcharon Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Suggests: libcharon-extra-plugins Breaks: libstrongswan (<= 5.1.1-1) Replaces: strongswan-ike, libstrongswan (<= 5.1.1-1) Description: strongSwan charon library The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package contains the charon library, used by IKE client like strongswan-charon, strongswan-charon-cmd or strongswan-nm Package: strongswan-charon Architecture: any Pre-Depends: debconf | debconf-2.0 Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}), strongswan-starter, iproute2 [linux-any] | iproute [linux-any] Provides: ike-server Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) Replaces: strongswan-ikev1, strongswan-ikev2, libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1) Description: strongSwan Internet Key Exchange daemon The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . charon is an IPsec IKEv2 daemon which can act as an initiator or a responder. It is written from scratch using a fully multi-threaded design and a modular architecture. Various plugins can provide additional functionality. Package: strongswan-ike Architecture: all Section: oldlibs Priority: extra Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-charon Description: strongSwan Internet Key Exchange daemon (transitional package) The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package used to install version 5 of the charon daemon and has been replaced by the strongswan-charon package. This package can be safely removed once it's installed. Package: strongswan-nm Architecture: linux-any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: network-manager-strongswan Description: strongSwan plugin to interact with NetworkManager The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This plugin provides an interface which allows NetworkManager to configure and control the IKEv2 daemon directly through D-Bus. It is designed to work in conjunction with the network-manager-strongswan package, providing a simple graphical frontend to configure IPsec based VPNs. Package: strongswan-ikev1 Architecture: all Depends: ${misc:Depends}, strongswan-ike Section: oldlibs Priority: extra Description: strongSwan IKEv1 daemon, transitional package The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package used to install the pluto daemon, implementing the IKEv1 protocol. It has been replaced by charon in the strongswan-ike package, so this package can be safely removed once it's installed. Package: strongswan-ikev2 Architecture: all Depends: ${misc:Depends}, strongswan-ike Section: oldlibs Priority: extra Description: strongSwan IKEv2 daemon, transitional package The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package used to install the charon daemon, implementing the IKEv2 protocol. It has been replaced the strongswan-ike package, so it can be safely removed. Package: charon-cmd Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version}) Breaks: strongswan-ike (<= 5.1.1-1) Replaces: strongswan-ike (<= 5.1.1-1) Description: standalone IPsec client The strongSwan VPN suite uses the native IPsec stack in the standard Linux kernel. It supports both the IKEv1 and IKEv2 protocols. . This package contains the charon-cmd command, which can be used as a client to connect to a remote IKE daemon.