FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

Port details
strongswan Open Source IKEv2 IPsec-based VPN solution
5.5.0 security on this many watch lists=2 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port
Maintainer: strongswan@nanoteq.com search for ports maintained by this maintainer
Port Added: 26 Aug 2010 13:40:32
License: GPLv2
Strongswan is an open source IPsec-based VPN solution.
Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
exchange protocols.

WWW: http://www.strongswan.org
SVNWeb : Homepage : PortsMon

To install the port: cd /usr/ports/security/strongswan/ && make install clean
To add the package: pkg install strongswan

PKGNAME: strongswan

distinfo:

TIMESTAMP = 1468442394
SHA256 (strongswan-5.5.0.tar.bz2) = 58463998ac6725eac3687e8a20c1f69803c3772657076d06c43386a24b4c8454
SIZE (strongswan-5.5.0.tar.bz2) = 4542458


NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:
  1. pkgconf>=0.9.10 : devel/pkgconf
There are no ports dependent upon this port

Configuration Options
===> The following configuration options are available for strongswan-5.5.0:
     CURL=off: Enable CURL to fetch CRL/OCSP
     EAPAKA3GPP2=off: Enable EAP AKA with 3gpp2 backend
     EAPDYNAMIC=off: Enable EAP dynamic proxy module
     EAPRADIUS=off: Enable EAP Radius proxy authentication
     EAPSIMFILE=off: Enable EAP SIM with file backend
     GCM=off: Enable GCM AEAD wrapper crypto plugin
     IKEv1=on: Enable IKEv1 support
     IPSECKEY=off: Enable authentication with IPSECKEY resource records with DNSSEC
     KERNELLIBIPSEC=off: Enable IPSec userland backend
     LDAP=off: LDAP protocol support
     LOADTESTER=off: Enable load testing plugin
     MYSQL=off: MySQL database support
     PKI=on: Enable PKI tools
     SCEP=off: Enable Simple Certificate Enrollment Protocol
     SMP=off: Enable XML-based management protocol (DEPRECATED)
     SQLITE=off: SQLite database support
     SWANCTL=on: Install swanctl (requires VICI)
     TESTVECTOR=off: Enable crypto test vectors
     UNBOUND=off: Enable DNSSEC-enabled resolver
     UNITY=off: Enable Cisco Unity extension plugin
     VICI=on: Enable VICI management protocol
     XAUTH=off: Enable XAuth password verification
====> Options available for the single PRINTF_HOOKS: you have to select exactly one of them
     BUILTIN=on: Use builtin printf hooks
     VSTR=off: Use devel/vstr printf hooks
     LIBC=off: Use libc printf hooks
===> Use 'make config' to modify these settings

USES:
cpe execinfo libtool:keepla pkgconfig tar:bzip2 ssl

Master Sites:
  1. http://download.strongswan.org/
  2. http://download2.strongswan.org/

Number of commits found: 45

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
19 Jul 2016 16:38:12
Original commit files touched by this commit  5.5.0
Revision:418809
garga search for other commits by this committer
Update security/strongswan to 5.5.0

PR:		211095
Submitted by:	strongswan@Nanoteq.com (maintainer)
03 Apr 2016 14:59:51
Original commit files touched by this commit  5.4.0
Revision:412481
junovitch search for other commits by this committer
security/strongswan: unbreak FreeBSD 9 builds

- Add patch to include sys/endian.h header

PR:		208446
Submitted by:	strongswan@Nanoteq.com (maintainer)
MFH:		2016Q2 (build fix blanket)
01 Apr 2016 14:25:18
Original commit files touched by this commit  5.4.0
Revision:412349
mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
23 Mar 2016 16:21:15
Original commit files touched by this commit  5.4.0
Revision:411720
garga search for other commits by this committer
Update security/strongswan to 5.4.0

PR:		208219
Approved by:	swan@nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
15 Mar 2016 06:21:32
Original commit files touched by this commit  5.3.5_4
Revision:411143
ohauer search for other commits by this committer
- bump PORTREVISION on ports depending on unbound

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)
17 Feb 2016 02:34:06
Original commit files touched by this commit  5.3.5_3
Revision:409026
junovitch search for other commits by this committer
security/strongswan: enable options to increase usefulness of default pkg

- Enable PKI, SWANCTL, and VICI options (no external dependencies)
- Document IMPLIES dependency on VICI for SWANCTL; mention in SWANCTL_DESC
- Bump PORTREVISION

PR:		205438
Reported by:	Nick B <nicblais@clkroot.net>
Submitted by:	strongswan@Nanoteq.com (maintainer)
04 Feb 2016 15:58:30
Original commit files touched by this commit  5.3.5_2
Revision:408047
erwin search for other commits by this committer
- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
(Only the first 15 lines of the commit message are shown above View all of this commit message)
03 Dec 2015 16:34:55
Original commit files touched by this commit  5.3.5_1
Revision:402881
garga search for other commits by this committer
Bump PORTREVISION to help users with custom OPTIONS to get the fix
committed in r402880, as suggested by AMDmi3
03 Dec 2015 16:27:07
Original commit files touched by this commit  5.3.5
Revision:402880
garga search for other commits by this committer
Add @sample to gcm.conf missed when I introduced it. No bump on PORTREVISION
since GCM is disabled by default

Submitted by:	Jose Luis Duran
Obtained from:	https://github.com/pfsense/FreeBSD-ports/pull/2
02 Dec 2015 10:58:16
Original commit files touched by this commit  5.3.5
Revision:402817
garga search for other commits by this committer
Update security/strongswan to 5.3.5

PR:		204959
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
16 Nov 2015 14:08:25
Original commit files touched by this commit  5.3.4
Revision:401762
garga search for other commits by this committer
Update security/strongswan to 5.3.4

PR:		204597
Submitted by:	strongswan@nanoteq.com (maintainer)
MFH:		2015Q4
Security:	CVE 2015-8023
Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
Sponsored by:	Rubicon Communications (Netgate)
09 Nov 2015 16:56:08
Original commit files touched by this commit  5.3.3_2
Revision:401115 This port version is marked as vulnerable.
garga search for other commits by this committer
Backport a couple of commits from master, that will be present in 5.3.4:

- dff2d05bb9 [1]: kernel-pfKey: Enable AES-CTR
- 04f22cdabc [2]: VICI: add NAT information

Bump PORTREVISION

[1]
https://github.com/strongswan/strongswan/commit/dff2d05bb9bec684b3b2efdafc9a47219550bbe1
[2]
https://github.com/strongswan/strongswan/commit/04f22cdabc1c97d38692f95392429839f0fa90d1

PR:		204398
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
29 Oct 2015 12:42:30
Original commit files touched by this commit  5.3.3_1
Revision:400455 This port version is marked as vulnerable.
garga search for other commits by this committer
- Add a new option, SWANCTL, to install swanctll utility
- When VICI option is selected, install libvici.h to include directory,
  it's useful when you need to build a custom code linked to libvici
- Pass path to USE_LDCONFIG otherwise libraries will not be visible

PR:		204098
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
28 Oct 2015 14:27:28
Original commit files touched by this commit  5.3.3_1
Revision:400393 This port version is marked as vulnerable.
garga search for other commits by this committer
- Add a new option (VICI) to build VICI management protocol
- Change SMP option description to show users it's deprecated

PR:		204090
Approved by:	maintainer
27 Oct 2015 13:27:17
Original commit files touched by this commit  5.3.3_1
Revision:400233 This port version is marked as vulnerable.
garga search for other commits by this committer
strongSwan can be beuit using 3 different printf hooks: builtin, glibc
(compatible with FreeBSD's libc) and vstr (devel/vstr). Since it's not
selected any of them on CONFIGURE_ARGS, it uses auto, and end up using
glibc.

pfSense users reported memory leaks on strongSwan [2] [3] and a it was
reported to upstream [1].

Add a single option and let user choose which printf hook to use, and
change default to use builtin. Bump PORTREVISION due to default change

[1] https://wiki.strongswan.org/issues/1106
[2] https://forum.pfsense.org/index.php?topic=96767.0
[3] https://redmine.pfsense.org/issues/5149

PR:		204051
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2015Q4
Sponsored by:	Rubicon Communications (Netgate)
21 Sep 2015 11:28:46
Original commit files touched by this commit  5.3.3
Revision:397487 This port version is marked as vulnerable.
garga search for other commits by this committer
Fix pkg-descr, Strongswan supports IKEv1 since version 5.0.0

Spotted by:	Jim Thompson <jim@netgate.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)
21 Sep 2015 11:02:22
Original commit files touched by this commit  5.3.3
Revision:397485 This port version is marked as vulnerable.
garga search for other commits by this committer
Update security/strongswan to 5.3.3

PR:		203178
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)
09 Jun 2015 09:51:07
Original commit files touched by this commit  5.3.2
Revision:388905 This port version is marked as vulnerable.
garga search for other commits by this committer
Update to 5.3.2

PR:		200721
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2015Q2
Security:	CVE-2015-3991
Sponsored by:	Netgate
24 Apr 2015 10:57:02
Original commit files touched by this commit  5.3.0_1
Revision:384631 This port version is marked as vulnerable.
garga search for other commits by this committer
Fix PLIST when EAPAKA3GPP2 is unset and EAPDYNAMIC is set

PR:		199652
Approved by:	stronswan@Nanoteq.com (maintainer)
Sponsored by:	Netgate
22 Apr 2015 22:53:43
Original commit files touched by this commit  5.3.0_1
Revision:384528 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add CPE info

Approved by:	portmgr blanket
16 Apr 2015 12:55:39
Original commit files touched by this commit  5.3.0_1
Revision:384108 This port version is marked as vulnerable.
feld search for other commits by this committer
Add patches to fix Strongswan Management Protocol

SMP is an XML control interface for Strongswan used by pfSense and
Opnsense. SMP has been deprecated by upstream since 5.2.0 in favor of a
newer IPC mechanism called VICI. As a result upstream is not motivated
to take patches for SMP, and this uses non-portable strlcpy anyway.

The code has not been deleted from the project and if we can bludgeon it
into a working state I see no harm.

PR:		199442
01 Apr 2015 10:28:10
Original commit files touched by this commit  5.3.0
Revision:382902 This port version is marked as vulnerable.
garga search for other commits by this committer
- Update to 5.3.0
- Add a new option UNITY, to enable Cisco unity extension plugin

PR:		199064
Approved by:	maintainer
Sponsored by:	Netgate
25 Feb 2015 10:03:53
Original commit files touched by this commit  5.2.2_1
Revision:379892 This port version is marked as vulnerable.
garga search for other commits by this committer
- Add GCM and SMP options
- Add pkgconfig to the list of dependencies
- Enable IKEv1 OPTION by default
- Bump PORTREVISION

PR:		197824
Submitted by:	Franco Fichtner <franco@lastsummer.de> (based on)
Reworked by:	strongswan@Nanoteq.com (maintainer)
Approved by:	strongswan@Nanoteq.com (maintainer)
09 Jan 2015 17:15:42
Original commit files touched by this commit  5.2.2
Revision:376625 This port version is marked as vulnerable.
garga search for other commits by this committer
- Update to 5.2.2
- Add LICENSE

PR:		196615
Approved by:	strongswan@Nanoteq.com (maintainer)
Security:	CVE-2014-9221
14 Dec 2014 21:43:04
Original commit files touched by this commit  5.2.1
Revision:374724 This port version is marked as vulnerable.
pawel search for other commits by this committer
- Update to version 5.2.1 [1]
- Convert to USES=execinfo
- Fix LDAP, MYSQL options

PR:		195580 [1]
Submitted by:	maintainer [1]
31 Oct 2014 15:46:34
Original commit files touched by this commit  5.2.0_1
Revision:371863 This port version is marked as vulnerable.
bapt search for other commits by this committer
Remove useless %D

Notified by:	antoine
31 Oct 2014 15:43:47
Original commit files touched by this commit  5.2.0_1
Revision:371861 This port version is marked as vulnerable.
bapt search for other commits by this committer
Simplify plist
22 Aug 2014 09:06:35
Original commit files touched by this commit  5.2.0_1
Revision:365620 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Switch dns/unbound to USES=libtool, drop .la files
- Bump dependent ports as .so version has changed
- While here, add LICENSE_FILE to dns/getdns

Approved by:	portmgr blanket
19 Aug 2014 13:40:31
Original commit files touched by this commit  5.2.0
Revision:365377 This port version is marked as vulnerable.
marino search for other commits by this committer
security/strongswan: Upgrade version 5.1.3 => 5.2.0

While here, including missing library files and use install-strip
target.  Maintainer added a crash fix patch while reviewing.

PR:		192366
Submitted by:	dewayne (heruristicssystems.com.au)
Approved by:	maintainer (strongswan nanoteq.com)
24 Jul 2014 18:34:16
Original commit files touched by this commit  5.1.3_2
Revision:362835 This port version is marked as vulnerable.
tijl search for other commits by this committer
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample
(Only the first 15 lines of the commit message are shown above View all of this commit message)
27 Jun 2014 17:21:07
Original commit files touched by this commit  5.1.3_1
Revision:359586 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)
15 May 2014 12:47:20
Original commit files touched by this commit  5.1.3
Revision:354114 This port version is marked as vulnerable.
pi search for other commits by this committer
security/strongswan: update 5.1.1 -> 5.1.3 with security update

- Update strongSwan port to 5.1.3 to resolve CVE 2014-2338
- Fixed rcvar issue with FreeBSD 10 (ports/186865)
- Added building of additional tools included in strongswan (ports/186867)
- libtool fix
- pkg-plist updated

PR:             ports/189132, ports/186865, ports/186867
Submitted by:   Robert Sevat, Dewayne Geraghty, Francois ten Krooden
(maintainer)
Approved by:    jadawin (mentor)
14 Feb 2014 14:37:36
Original commit files touched by this commit  5.1.1_1
Revision:344214 This port version is marked as vulnerable.
decke search for other commits by this committer
- Use OPTIONS_SUB=yes
- Prefer ${INSTALL_DATA} over ${MV}
- Whitespace fix

Thanks to:	garga@
09 Feb 2014 18:15:13
Original commit files touched by this commit  5.1.1_1
Revision:343534 This port version is marked as vulnerable.
antoine search for other commits by this committer
- Remove MANx, man pages are already moved to plist
- Use new LIB_DEPENDS syntax
07 Feb 2014 14:55:11
Original commit files touched by this commit  5.1.1_1
Revision:343254 This port version is marked as vulnerable.
decke search for other commits by this committer
- Add missing manpages

PR:		ports/186264
Submitted by:	HASHI Hiroaki <hashiz@meridiani.jp>
Approved by:	strongswan <strongswan@Nanoteq.com> (maintainer)
27 Jan 2014 13:35:41
Original commit files touched by this commit  5.1.1
Revision:341405 This port version is marked as vulnerable.
decke search for other commits by this committer
- Update to 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Added kernel libipsec plugin
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
- Convert to new options format

PR:		ports/185535
Submitted by:	Francois ten Krooden <strongswan@nanoteq.com> (maintainer)
Security:	CVE-2013-5018
Security:	CVE-2013-6075
Security:	CVE-2013-6076
20 Sep 2013 22:55:26
Original commit files touched by this commit  5.0.4_1
Revision:327769 This port version is marked as vulnerable.
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
11 Jul 2013 16:26:27
Original commit files touched by this commit  5.0.4_1
Revision:322783 This port version is marked as vulnerable.
sunpoet search for other commits by this committer
- Update to 7.31.0
- Bump PORTREVISION for ftp/curl shlib change
- Add TEST_DEPENDS
- Convert to new options framework
- Adjust options:
  - Add COOKIES
  - Add CYASSL, NSS, POLARSSL, THREADED_RESOLVER, TLS_SRP [1]
  - Add GSSAPI and SPNEGO [2]
  - Remove KERBEROS4
  - Rename LIBIDN to IDN
  - Remove TRACKMEMORY [1]
- Sort option handler
- Add SLAVEDIRS: ftp/curl-hiphop
- Cosmetic change
- Cleanup Makefile header
- While I'm here, fix typo (PORTREVSION) in x11-wm/ede/Makefile

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi
03 May 2013 18:16:36
Original commit files touched by this commit  5.0.4
Revision:317229 This port version is marked as vulnerable.
ohauer search for other commits by this committer
- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry

while I'm here remove .sh from rc script

PR:		ports/178266
Submitted by:	David Shane Holden <dpejesh@yahoo.com>
Approved by:	strongswan@nanoteq.com (maintainer)
07 Jan 2013 12:11:15
Original commit files touched by this commit  5.0.1
Revision:310039 This port version is marked as vulnerable.
tota search for other commits by this committer
- Update to 5.0.1
- Change maintainer address
- Trim Makefile header
- Convert to new options framework
- Cleanup

PR:		ports/173860 (based on)
Submitted by:	Riaan Kruger (maintainer)
14 Jan 2012 08:57:23
Original commit files touched by this commit  4.5.3
 This port version is marked as vulnerable.
dougb search for other commits by this committer
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
22 Sep 2011 21:37:55
Original commit files touched by this commit  4.5.3
 This port version is marked as vulnerable.
flo search for other commits by this committer
update to 4.5.3

PR:             ports/160401
Submitted by:   Riaan Kruger <riaank@gmail.com> maintainer
29 Apr 2011 12:24:55
Original commit files touched by this commit  4.5.1
 This port version is marked as vulnerable.
culot search for other commits by this committer
- Update to 4.5.1 [1]
- Pet portlint(1) (change spaces into tabs and reformat IGNORE message)

PR:             ports/156711 [1]
Submitted by:   Riaan Kruger <riaank@gmail.com> (maintainer)
04 Dec 2010 07:34:27
Original commit files touched by this commit  4.4.0
 This port version is marked as vulnerable.
ade search for other commits by this committer
Sync to new bsd.autotools.mk
26 Aug 2010 13:40:11
Original commit files touched by this commit  4.4.0
 This port version is marked as vulnerable.
pav search for other commits by this committer
Strongswan is an open source IPsec-based VPN solution.
Strongswan for FreeBSD supports IKEv2 but NOT IKEv1.

WWW: http://www.strongswan.org

PR:             ports/147431
Submitted by:   Riaan Kruger <riaank@gmail.com>

Number of commits found: 45

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
krb5-113*Jul 26
krb5-114*Jul 26
php55Jul 26
php55-bz2Jul 26
php55-exifJul 26
php55-gdJul 26
php55-odbcJul 26
php55-snmpJul 26
php55-xmlrpcJul 26
php55-zipJul 26
php56Jul 26
php56-bz2Jul 26
php56-exifJul 26
php56-gdJul 26
php56-odbcJul 26

19 vulnerabilities affecting 62 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 26078
Broken 81
Deprecated 122
Ignore 352
Forbidden 0
Restricted 201
No CDROM 83
Vulnerable 69
Expired 10
Set to expire 109
Interactive 0
new 24 hours 7
new 48 hours15
new 7 days31
new fortnight72
new month165

Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.