Description:IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
5.9.4-r1 diff - ~ ~ - - - - ~ ~ - - - ~
5.9.2-r2 - + + - - - - + ~ - - - +

USE flags

  • caps - Use Linux capabilities library to control privilege
  • constraints - Enable advanced X.509 constraint checking plugin
  • curl - Add support for client-side URL transfer library
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see
  • dhcp - Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only)
  • eap - Enable support for the different EAP modules that are supported
  • farp - Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only)
  • gcrypt - Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator.
  • gmp - Add support for dev-libs/gmp (GNU MP library)
  • kernel_linux - KERNEL setting for system using the Linux kernel
  • ldap - Add LDAP support (Lightweight Directory Access Protocol)
  • mysql - Add mySQL Database support
  • networkmanager - Enable net-misc/networkmanager support
  • non-root - Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges.
  • openssl - Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".
  • pam - Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
  • pkcs11 - Enable pkcs11 support
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • sqlite - Add support for sqlite - embedded sql database
  • strongswan_plugins_aesni - Enable support for Intel AES-NI crypto plugin
  • strongswan_plugins_blowfish - Enable support for the blowfish plugin
  • strongswan_plugins_bypass-lan - Enable support for the bypass-lan plugin
  • strongswan_plugins_ccm - Enable support for the ccm plugin
  • strongswan_plugins_chapoly - Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin
  • strongswan_plugins_ctr - Enable support for the ctr plugin
  • strongswan_plugins_forecast - Enable multicast and broadcast forwarding plugin
  • strongswan_plugins_gcm - Enable support for the gcm plugin
  • strongswan_plugins_ha - Enable support for the ha plugin
  • strongswan_plugins_ipseckey - Enable support for the ipseckey plugin
  • strongswan_plugins_led - Enable support for the led plugin
  • strongswan_plugins_lookip - Enable support for the lookip plugin
  • strongswan_plugins_newhope - Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm
  • strongswan_plugins_ntru - Enable support for the ntru plugin
  • strongswan_plugins_padlock - Enable support for the padlock plugin
  • strongswan_plugins_rdrand - Enable support for the rdrand plugin
  • strongswan_plugins_save-keys - Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging)
  • strongswan_plugins_systime-fix - Enable support for the systime-fix plugin
  • strongswan_plugins_unbound - Enable support for the unbound plugin
  • strongswan_plugins_unity - Enable support for the unity plugin
  • strongswan_plugins_vici - Enable support for the vici plugin
  • strongswan_plugins_whitelist - Enable support for the whitelist plugin
  • strongswan_plugins_xauth-noauth - Enable support for the xauth-noauth plugin
  • systemd - Enable use of systemd-specific libraries and features like socket activation or session tracking

Security Advisory

Date Severity Title
about 3 years normal strongSwan: Multiple vulnerabilities

Also available in: Atom

Thank you!