strongswan

USE flags

• caps - Use Linux capabilities library to control privilege
• constraints - Enable advanced X.509 constraint checking plugin
• curl - Add support for client-side URL transfer library
• debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
• dhcp - Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only)
• eap - Enable support for the different EAP modules that are supported
• farp - Enable faking of ARP responses for virtual IP addresses assigned to clients (IKEv2 only)
• gcrypt - Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator.
• gmp - Add support for dev-libs/gmp (GNU MP library)
• ldap - Add LDAP support (Lightweight Directory Access Protocol)
• mysql - Add mySQL Database support
• networkmanager - Enable net-misc/networkmanager support
• non-root - Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges.
• openssl - Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".
• pam - Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
• pkcs11 - Enable pkcs11 support
• selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
• sqlite - Add support for sqlite - embedded sql database
• strongswan_plugins_addrblock - Enable support for the addrblock crypto plugin
• strongswan_plugins_aesni - Enable support for Intel AES-NI crypto plugin
• strongswan_plugins_blowfish - Enable support for the blowfish plugin
• strongswan_plugins_bypass-lan - Enable support for the bypass-lan plugin
• strongswan_plugins_ccm - Enable support for the ccm plugin
• strongswan_plugins_chapoly - Enable ChaCha20/Poly1305 AEAD implementation and ChaCha20 XOF plugin
• strongswan_plugins_ctr - Enable support for the ctr plugin
• strongswan_plugins_error-notify - Enable support for the error-notify plugin
• strongswan_plugins_forecast - Enable multicast and broadcast forwarding plugin
• strongswan_plugins_gcm - Enable support for the gcm plugin
• strongswan_plugins_ha - Enable support for the ha plugin
• strongswan_plugins_ipseckey - Enable support for the ipseckey plugin
• strongswan_plugins_kdf - Enable support for the kdf plugin
• strongswan_plugins_led - Enable support for the led plugin
• strongswan_plugins_lookip - Enable support for the lookip plugin
• strongswan_plugins_newhope - Enable plugin that allows key exchange based on post-quantum computer New Hope algorithm
• strongswan_plugins_ntru - Enable support for the ntru plugin
• strongswan_plugins_padlock - Enable support for the padlock plugin
• strongswan_plugins_rdrand - Enable support for the rdrand plugin
• strongswan_plugins_save-keys - Enable plugin that saves IKE and/or ESP keys to files compatible with Wireshark (for debugging)
• strongswan_plugins_systime-fix - Enable support for the systime-fix plugin
• strongswan_plugins_unbound - Enable support for the unbound plugin
• strongswan_plugins_unity - Enable support for the unity plugin
• strongswan_plugins_vici - Enable support for the vici plugin
• strongswan_plugins_whitelist - Enable support for the whitelist plugin
• strongswan_plugins_xauth-noauth - Enable support for the xauth-noauth plugin
• systemd - Enable use of systemd-specific libraries and features like socket activation or session tracking

Security Advisory