debian/control


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

Source: strongswan
Section: net
Priority: optional
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Uploaders: Rene Mayrhofer <rmayr@debian.org>,
           Yves-Alexis Perez <corsac@debian.org>,
           Romain Francoise <rfrancoise@debian.org>
Standards-Version: 4.0.0
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary
Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
Build-Depends: bison,
               bzip2,
               debhelper (>= 9.20151219),
               dh-apparmor,
               dh-autoreconf,
               dh-systemd (>= 1.5),
               dpkg-dev (>= 1.16.2),
               flex,
               gperf,
               iptables-dev [linux-any],
               libcap-dev [linux-any],
               libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev,
               libgcrypt20-dev | libgcrypt11-dev,
               libgmp3-dev,
               libkrb5-dev,
               libldap2-dev,
               libnm-glib-vpn-dev (>= 0.7) [linux-any],
               libnm-util-dev (>= 0.7) [linux-any],
               libpam0g-dev,
               libsqlite3-dev,
               libssl-dev (>= 0.9.8),
               libsystemd-dev [linux-any],
               libtool,
               libxml2-dev,
               network-manager-dev (>= 0.7) [linux-any],
               pkg-config,
               po-debconf,
               systemd [linux-any],
               tzdata
Homepage: http://www.strongswan.org
XS-Testsuite: autopkgtest

Package: strongswan
Architecture: all
Depends: strongswan-charon, strongswan-starter, ${misc:Depends}
Description: IPsec VPN solution metapackage
 The strongSwan VPN suite uses the native IPsec stack in the standard Linux
 kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This metapackage installs the packages required to maintain IKEv1 and IKEv2
 connections via ipsec.conf or ipsec.secrets.

Package: libstrongswan
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}
Breaks: strongswan-starter (<< 5.3.5-2)
Replaces: strongswan-starter (<< 5.3.5-2)
Recommends: libstrongswan-standard-plugins
Suggests: libstrongswan-extra-plugins
Description: strongSwan utility and crypto library
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides the underlying libraries of charon and other strongSwan
 components. It is built in a modular way and is extendable through various
 plugins.
 .
 Some default (as specified by the strongSwan projet) plugins are included.
 For libstrongswan (cryptographic backends, URI fetchers and database layers):
  - aes (AES-128/192/256 cipher software implementation)
  - constraints (X.509 certificate advanced constraint checking)
  - dnskey (Parse RFC 4034 public keys)
  - fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
  - gmp (RSA/DH crypto backend based on libgmp)
  - hmac (HMAC wrapper using various hashers)
  - md5 (MD5 hasher software implementation)
  - nonce (Default nonce generation plugin)
  - pem (PEM encoding/decoding routines)
  - pgp (PGP encoding/decoding routines)
  - pkcs1 (PKCS#1 encoding/decoding routines)
  - pkcs8 (PKCS#8 decoding routines)
  - pkcs12 (PKCS#12 decoding routines)
  - pubkey (Wrapper to handle raw public keys as trusted certificates)
  - random (RNG reading from /dev/[u]random)
  - rc2 (RC2 cipher software implementation)
  - revocation (X.509 CRL/OCSP revocation checking)
  - sha1 (SHA1 hasher software implementation)
  - sha2 (SHA256/SHA384/SHA512 hasher software implementation)
  - sshkey (SSH key decoding routines)
  - x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
    and OCSP messages)
  - xcbc (XCBC wrapper using various ciphers)
  - attr (Provides IKE attributes configured in strongswan.conf)
  - kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
    Netlink)
  - kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
  - kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
  - resolve (Writes name servers received via IKE to a resolv.conf file or
    installs them via resolvconf(8))
  .
  Also included is the libtpmtss library adding support for TPM plugin
  (https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin)

Package: libstrongswan-standard-plugins
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Description: strongSwan utility and crypto library (standard plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides some common plugins for the strongSwan utility and
 cryptograhic library.
 .
 Included plugins are:
  - agent (RSA/ECDSA private key backend connecting to SSH-Agent)
  - gcm (GCM cipher mode wrapper)
  - openssl (Crypto backend based on OpenSSL, provides
    RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG)

Package: libstrongswan-extra-plugins
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1)
Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1), libcharon-extra-plugins (<= 5.5.3-1)
Description: strongSwan utility and crypto library (extra plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the strongSwan utility and
 cryptographic library.
 .
 Included plugins are:
  - af-alg [linux] (AF_ALG Linux crypto API interface, provides
    ciphers/hashers/hmac/xcbc)
  - ccm (CCM cipher mode wrapper)
  - cmac (CMAC cipher mode wrapper)
  - ctr (CTR cipher mode wrapper)
  - curl (libcurl based HTTP/FTP fetcher)
  - curve25519 (support for Diffie-Hellman group 31 using Curve25519 and
    support for the Ed25519 digital signature algorithm for IKEv2)
  - gcrypt (Crypto backend based on libgcrypt, provides
    RSA/DH/ciphers/hashers/rng)
  - ldap (LDAP fetching plugin based on libldap)
  - padlock (VIA padlock crypto backend, provides AES128/SHA1)
  - pkcs11 (PKCS#11 smartcard backend)
  - rdrand (High quality / high performance random source using the Intel
    rdrand instruction found on Ivy Bridge processors)
  - test-vectors (Set of test vectors for various algorithms)

Package: libcharon-extra-plugins
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Description: strongSwan charon library (extra plugins)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package provides extra plugins for the charon library:
  - addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
    certificates)
  - certexpire (Export expiration dates of used certificates)
  - eap-aka (Generic EAP-AKA protocol handler using different backends)
  - eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
  - eap-identity (EAP-Identity identity exchange algorithm, to use with other
    EAP protocols)
  - eap-md5 (EAP-MD5 protocol handler using passwords)
  - eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
  - eap-radius (EAP server proxy plugin forwarding EAP conversations to a
    RADIUS server)
  - eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
    EAP)
  - eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
  - eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
  - error-notify (Notification about errors via UNIX socket)
  - ha (High-Availability clustering)
  - led (Let Linux LED subsystem LEDs blink on IKE activity)
  - lookip (Virtual IP lookup facility using a UNIX socket)
  - medcli (Web interface based mediation client interface)
  - medsrv (Web interface based mediation server interface)
  - tnc (Trusted Network Connect)
  - unity (Cisco Unity extensions for IKEv1)
  - xauth-eap (XAuth backend that uses EAP methods to verify passwords)
  - xauth-generic (Generic XAuth backend that provides passwords from
    ipsec.secrets and other credential sets)
  - xauth-pam (XAuth backend that uses PAM modules to verify passwords)

Package: strongswan-starter
Architecture: any
Depends: adduser,
         libstrongswan (= ${binary:Version}),
         lsb-base (>= 3.0-6),
         ${misc:Depends},
         ${shlibs:Depends}
Recommends: strongswan-charon
Conflicts: openswan
Description: strongSwan daemon starter and configuration file parser
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 The starter and the associated "ipsec" script control the charon daemon from
 the command line. It parses ipsec.conf and loads the configurations to the
 daemon.

Package: strongswan-libcharon
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Suggests: libcharon-extra-plugins
Description: strongSwan charon library
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon library, used by IKE client like
 strongswan-charon, strongswan-charon-cmd or strongswan-nm

Package: strongswan-charon
Architecture: any
Pre-Depends: debconf | debconf-2.0
Depends: iproute2 [linux-any] | iproute [linux-any],
         libstrongswan (= ${binary:Version}),
         strongswan-starter,
         ${misc:Depends},
         ${shlibs:Depends}
Provides: ike-server
Description: strongSwan Internet Key Exchange daemon
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
 It is written from scratch using a fully multi-threaded design and a modular
 architecture. Various plugins can provide additional functionality.

Package: strongswan-ike
Architecture: all
Section: oldlibs
Priority: extra
Depends: strongswan-charon, ${misc:Depends}, ${shlibs:Depends}
Description: strongSwan Internet Key Exchange daemon (transitional package)
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install version 5 of the charon daemon and has been
 replaced by the strongswan-charon package. This package can be safely removed
 once it's installed.

Package: strongswan-nm
Architecture: linux-any
Depends: ${misc:Depends}, ${shlibs:Depends}
Recommends: network-manager-strongswan
Replaces: network-manager-strongswan (<= 1.4.1-1~)
Description: strongSwan plugin to interact with NetworkManager
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This plugin provides an interface which allows NetworkManager to configure
 and control the IKEv2 daemon directly through D-Bus. It is designed to work
 in conjunction with the network-manager-strongswan package, providing
 a simple graphical frontend to configure IPsec based VPNs.

Package: strongswan-ikev1
Architecture: all
Depends: strongswan-ike, ${misc:Depends}
Section: oldlibs
Priority: extra
Description: strongSwan IKEv1 daemon, transitional package
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install the pluto daemon, implementing the IKEv1
 protocol. It has been replaced by charon in the strongswan-ike package, so
 this package can be safely removed once it's installed.

Package: strongswan-ikev2
Architecture: all
Depends: strongswan-ike, ${misc:Depends}
Section: oldlibs
Priority: extra
Description: strongSwan IKEv2 daemon, transitional package
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package used to install the charon daemon, implementing the IKEv2
 protocol. It has been replaced the strongswan-ike package, so it can be safely
 removed.

Package: charon-cmd
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Description: standalone IPsec client
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon-cmd command, which can be used as a client to
 connect to a remote IKE daemon.

Package: strongswan-pki
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Breaks: strongswan-starter (<< 5.3.5-2)
Replaces: strongswan-starter (<< 5.3.5-2)
Description: strongSwan IPsec client, pki command
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the pki tool which allows on to run a simple public key
 infrastructure.

Package: strongswan-scepclient
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Breaks: strongswan-starter (<< 5.3.5-2)
Replaces: strongswan-starter (<< 5.3.5-2)
Description: strongSwan IPsec client, SCEP client
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the SCEP client, an implementation of the Cisco System's
 Simple Certificate Enrollment Protocol (SCEP).

Package: strongswan-swanctl
Architecture: any
Depends: libstrongswan (= ${binary:Version}),
         ${misc:Depends},
         ${shlibs:Depends}
Description: strongSwan IPsec client, swanctl command
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the swanctl interface, used to configure a running
 charon daemon

Package: charon-systemd
Architecture: linux-any
Depends: libstrongswan (= ${binary:Version}),
         strongswan-swanctl,
         ${misc:Depends},
         ${shlibs:Depends}
Description: strongSwan IPsec client, systemd support
 The strongSwan VPN suite uses the native IPsec stack in the standard
 Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
 .
 This package contains the charon-systemd files.