1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
|
Source: strongswan
Section: net
Priority: optional
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Uploaders: Rene Mayrhofer <rmayr@debian.org>,
Yves-Alexis Perez <corsac@debian.org>,
Romain Francoise <rfrancoise@debian.org>
Standards-Version: 3.9.6
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-swan/strongswan.git;a=summary
Vcs-Git: git://anonscm.debian.org/pkg-swan/strongswan.git
Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.2), libtool, libgmp3-dev,
libssl-dev (>= 0.9.8), libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev,
libldap2-dev, libpam0g-dev, libkrb5-dev, bison, flex, bzip2, po-debconf,
libfcgi-dev, clearsilver-dev, libgcrypt20-dev | libgcrypt11-dev,
libxml2-dev, libsqlite3-dev, network-manager-dev (>= 0.7) [linux-any],
libnm-glib-vpn-dev (>= 0.7) [linux-any], libnm-util-dev (>= 0.7) [linux-any],
gperf, libcap-dev [linux-any], dh-autoreconf, pkg-config,
systemd [linux-any], dh-systemd (>= 1.5), iptables-dev
Homepage: http://www.strongswan.org
Package: strongswan
Architecture: all
Depends: ${misc:Depends}, strongswan-charon, strongswan-starter
Description: IPsec VPN solution metapackage
The strongSwan VPN suite uses the native IPsec stack in the standard Linux
kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This metapackage installs the packages required to maintain IKEv1 and IKEv2
connections via ipsec.conf or ipsec.secrets.
Package: libstrongswan
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Conflicts: strongswan (<< 4.2.12-1)
Breaks: strongswan-ikev2 (<< 4.6.4)
Replaces: strongswan-ikev2 (<< 4.6.4)
Recommends: libstrongswan-standard-plugins
Suggests: libstrongswan-extra-plugins
Description: strongSwan utility and crypto library
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides the underlying libraries of charon and other strongSwan
components. It is built in a modular way and is extendable through various
plugins.
.
Some default (as specified by the strongSwan projet) plugins are included.
For libstrongswan (cryptographic backends, URI fetchers and database layers):
- aes (AES-128/192/256 cipher software implementation)
- constraints (X.509 certificate advanced constraint checking)
- dnskey (Parse RFC 4034 public keys)
- fips-prf (PRF specified by FIPS, used by EAP-SIM/AKA algorithms)
- gmp (RSA/DH crypto backend based on libgmp)
- hmac (HMAC wrapper using various hashers)
- md5 (MD5 hasher software implementation)
- nonce (Default nonce generation plugin)
- pem (PEM encoding/decoding routines)
- pgp (PGP encoding/decoding routines)
- pkcs1 (PKCS#1 encoding/decoding routines)
- pkcs8 (PKCS#8 decoding routines)
- pkcs12 (PKCS#12 decoding routines)
- pubkey (Wrapper to handle raw public keys as trusted certificates)
- random (RNG reading from /dev/[u]random)
- rc2 (RC2 cipher software implementation)
- revocation (X.509 CRL/OCSP revocation checking)
- sha1 (SHA1 hasher software implementation)
- sha2 (SHA256/SHA384/SHA512 hasher software implementation)
- sshkey (SSH key decoding routines)
- x509 (Advanced X.509 plugin for parsing/generating X.509 certificates/CRLs
and OCSP messages)
- xcbc (XCBC wrapper using various ciphers)
For libhydra (IKE daemon plugins):
- attr (Provides IKE attributes configured in strongswan.conf)
- kernel-netlink [linux] (IPsec/Networking kernel interface using Linux
Netlink)
- kernel-pfkey [kfreebsd] (IPsec kernel interface using PF_KEY)
- kernel-pfroute [kfreebsd] (Networking kernel interface using PF_ROUTE)
- resolve (Writes name servers received via IKE to a resolv.conf file or
installs them via resolvconf(8))
Package: libstrongswan-standard-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan utility and crypto library (standard plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides some common plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- agent (RSA/ECDSA private key backend connecting to SSH-Agent)
- gcm (GCM cipher mode wrapper)
- openssl (Crypto backend based on OpenSSL, provides
RSA/ECDSA/DH/ECDH/ciphers/hashers/HMAC/X.509/CRL/RNG)
Package: libstrongswan-extra-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan utility and crypto library (extra plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the strongSwan utility and
cryptograhic library.
.
Included plugins are:
- af-alg [linux] (AF_ALG Linux crypto API interface, provides
ciphers/hashers/hmac/xcbc)
- ccm (CCM cipher mode wrapper)
- cmac (CMAC cipher mode wrapper)
- ctr (CTR cipher mode wrapper)
- curl (libcurl based HTTP/FTP fetcher)
- gcrypt (Crypto backend based on libgcrypt, provides
RSA/DH/ciphers/hashers/rng)
- ldap (LDAP fetching plugin based on libldap)
- padlock (VIA padlock crypto backend, provides AES128/SHA1)
- pkcs11 (PKCS#11 smartcard backend)
- rdrand (High quality / high performance random source using the Intel
rdrand instruction found on Ivy Bridge processors)
- test-vectors (Set of test vectors for various algorithms)
Package: libcharon-extra-plugins
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: libstrongswan (<= 5.1.1-1),strongswan-ike (<= 5.1.1-1)
Description: strongSwan charon library (extra plugins)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package provides extra plugins for the charon library:
- addrblock (Narrow traffic selectors to RFC 3779 address blocks in X.509
certificates)
- certexpire (Export expiration dates of used certificates)
- eap-aka (Generic EAP-AKA protocol handler using different backends)
- eap-gtc (EAP-GTC protocol handler authenticating with XAuth backends)
- eap-identity (EAP-Identity identity exchange algorithm, to use with other
EAP protocols)
- eap-md5 (EAP-MD5 protocol handler using passwords)
- eap-mschapv2 (EAP-MSCHAPv2 protocol handler using passwords/NT hashes)
- eap-radius (EAP server proxy plugin forwarding EAP conversations to a
RADIUS server)
- eap-tls (EAP-TLS protocol handler, to authenticate with certificates in
EAP)
- eap-tnc (EAP-TNC protocol handler, Trusted Network Connect in a TLS tunnel)
- eap-ttls (EAP-TTLS protocol handler, wraps other EAP methods securely)
- error-notify (Notification about errors via UNIX socket)
- ha (High-Availability clustering)
- led (Let Linux LED subsystem LEDs blink on IKE activity)
- lookip (Virtual IP lookup facility using a UNIX socket)
- medcli (Web interface based mediation client interface)
- medsrv (Web interface based mediation server interface)
- tnc (Trusted Network Connect)
- unity (Cisco Unity extensions for IKEv1)
- xauth-eap (XAuth backend that uses EAP methods to verify passwords)
- xauth-generic (Generic XAuth backend that provides passwords from
ipsec.secrets and other credential sets)
- xauth-pam (XAuth backend that uses PAM modules to verify passwords)
Package: strongswan-starter
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (=
${binary:Version}), adduser
Recommends: strongswan-charon
Conflicts: strongswan (<< 4.2.12-1), openswan
Description: strongSwan daemon starter and configuration file parser
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
The starter and the associated "ipsec" script control the charon daemon from
the command line. It parses ipsec.conf and loads the configurations to the
daemon.
Package: strongswan-libcharon
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Suggests: libcharon-extra-plugins
Breaks: libstrongswan (<= 5.1.1-1)
Replaces: strongswan-ike, libstrongswan (<= 5.1.1-1)
Description: strongSwan charon library
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon library, used by IKE client like
strongswan-charon, strongswan-charon-cmd or strongswan-nm
Package: strongswan-charon
Architecture: any
Pre-Depends: debconf | debconf-2.0
Depends: ${shlibs:Depends}, ${misc:Depends},
libstrongswan (= ${binary:Version}), strongswan-starter,
iproute2 [linux-any] | iproute [linux-any]
Provides: ike-server
Breaks: libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Replaces: strongswan-ikev1, strongswan-ikev2, libstrongswan (<= 5.1.1-1), strongswan-ike (<= 5.1.1-1)
Description: strongSwan Internet Key Exchange daemon
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
charon is an IPsec IKEv2 daemon which can act as an initiator or a responder.
It is written from scratch using a fully multi-threaded design and a modular
architecture. Various plugins can provide additional functionality.
Package: strongswan-ike
Architecture: all
Section: oldlibs
Priority: extra
Depends: ${shlibs:Depends}, ${misc:Depends}, strongswan-charon
Description: strongSwan Internet Key Exchange daemon (transitional package)
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install version 5 of the charon daemon and has been
replaced by the strongswan-charon package. This package can be safely removed
once it's installed.
Package: strongswan-nm
Architecture: linux-any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: network-manager-strongswan
Description: strongSwan plugin to interact with NetworkManager
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This plugin provides an interface which allows NetworkManager to configure
and control the IKEv2 daemon directly through D-Bus. It is designed to work
in conjunction with the network-manager-strongswan package, providing
a simple graphical frontend to configure IPsec based VPNs.
Package: strongswan-ikev1
Architecture: all
Depends: ${misc:Depends}, strongswan-ike
Section: oldlibs
Priority: extra
Description: strongSwan IKEv1 daemon, transitional package
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install the pluto daemon, implementing the IKEv1
protocol. It has been replaced by charon in the strongswan-ike package, so
this package can be safely removed once it's installed.
Package: strongswan-ikev2
Architecture: all
Depends: ${misc:Depends}, strongswan-ike
Section: oldlibs
Priority: extra
Description: strongSwan IKEv2 daemon, transitional package
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package used to install the charon daemon, implementing the IKEv2
protocol. It has been replaced the strongswan-ike package, so it can be safely
removed.
Package: charon-cmd
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}, libstrongswan (= ${binary:Version})
Breaks: strongswan-ike (<= 5.1.1-1)
Replaces: strongswan-ike (<= 5.1.1-1)
Description: standalone IPsec client
The strongSwan VPN suite uses the native IPsec stack in the standard
Linux kernel. It supports both the IKEv1 and IKEv2 protocols.
.
This package contains the charon-cmd command, which can be used as a client to
connect to a remote IKE daemon.
|