| Port details |
- strongswan Open Source IKEv2 IPsec-based VPN solution
- 6.0.7 security
=10 6.0.7Version of this port present on the latest quarterly branch. - Maintainer: strongswan@nanoteq.com
 - Port Added: 2010-08-26 13:40:32
- Last Update: 2026-06-08 15:12:24
- Commit Hash: ab71842
- People watching this port, also watch:: openvpn, dovecot, postfix, openssl, tmux
- Also Listed In: net-vpn
- License: GPLv2
- WWW:
- https://www.strongswan.org
- Description:
- Strongswan is an open source IPsec-based VPN solution.
Strongswan for FreeBSD implements both the IKEv1 and IKEv2 (RFC 5996) key
exchange protocols.
¦ ¦ ¦ ¦ 
- Manual pages:
-
- pkg-plist: as obtained via:
make generate-plist - USE_RC_SUBR (Service Scripts)
-
- Dependency lines:
-
- strongswan>0:security/strongswan
- To install the port:
- cd /usr/ports/security/strongswan/ && make install clean
- To add the package, run one of these commands:
- pkg install security/strongswan
- pkg install strongswan
NOTE: If this package has multiple flavors (see below), then use one of them instead of the name specified above.- PKGNAME: strongswan
- Flavors: there is no flavor information for this port.
- distinfo:
- TIMESTAMP = 1780929769
SHA256 (strongswan-6.0.7.tar.bz2) = e518e34e159514f4c6ba80d1f926cb151e0dd4e3a1d94213171234b8b9ae6f55
SIZE (strongswan-6.0.7.tar.bz2) = 4939164
Packages (timestamps in pop-ups are UTC):
- Dependencies
- NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
- Build dependencies:
-
- pkgconf>=1.3.0_1 : devel/pkgconf
- Library dependencies:
-
- libcurl.so : ftp/curl
- There are no ports dependent upon this port
Configuration Options:
- ===> The following configuration options are available for strongswan-6.0.7:
CTR=off: Enable CTR cipher mode wrapper plugin
CURL=on: Enable CURL to fetch CRL/OCSP
DHCP=off: Enable DHCP based attribute provider plugin
EAPAKA3GPP2=off: Enable EAP AKA with 3gpp2 backend
EAPDYNAMIC=off: Enable EAP dynamic proxy module
EAPRADIUS=off: Enable EAP Radius proxy authentication
EAPSIMFILE=off: Enable EAP SIM with file backend
FARP=off: Enable farp plugin
FIPS_PRF=off: Enable FIPS PRF software implementation plugin
GCM=on: Enable GCM AEAD wrapper crypto plugin
IKEV1=on: Enable IKEv1 support
IPSECKEY=off: Enable authentication with IPSECKEY resource records with DNSSEC
KDF=on: Enable KDF (prf+) implementation plugin
KERNELLIBIPSEC=off: Enable IPSec userland backend
LDAP=off: LDAP protocol support
LOADTESTER=off: Enable load testing plugin
MEDIATION=off: Enable IKEv2 Mediation Extension
ML=on: Enable Module-Lattice-based crypto plugin
MYSQL=off: MySQL database support
PKCS11=off: Enable PKCS11 token support
PKI=on: Enable PKI tools
PYTHON=off: Python VICI protocol plugin
SMP=off: Enable XML-based management protocol (DEPRECATED)
SQLITE=off: SQLite database support
STROKE=off: Enable stroke management protcol (DEPRECATED)
SWANCTL=on: Install swanctl (requires VICI)
TESTVECTOR=off: Enable crypto test vectors
TPM=off: Enable TPM plugin
TSS2=off: Enable TPM 2.0 TSS2 library
UNBOUND=off: Enable DNSSEC-enabled resolver
UNITY=off: Enable Cisco Unity extension plugin
VICI=on: Enable VICI management protocol
XAUTH=off: Enable XAuth password verification
====> Options available for the single PRINTF_HOOKS: you have to select exactly one of them
BUILTIN=on: Use builtin printf hooks
LIBC=off: Use libc printf hooks
VSTR=off: Use devel/vstr printf hooks
===> Use 'make config' to modify these settings
- Options name:
- security_strongswan
- USES:
- cpe libtool:keepla pkgconfig ssl tar:bzip2
- pkg-message:
- For install:
- The default strongSwan configuration interface have been updated to vici since version 5.9.2_1.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
- If upgrading from > 5.9.2_1:
- The default strongSwan configuration interface have been updated to vici.
To use the stroke interface by default either compile the port without the vici option or
set 'strongswan_interface="stroke"' in your rc.conf file.
- Master Sites:
|
| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
5.1.3_1 27 Jun 2014 17:21:07
  |
miwi  |
- Chase database/sqlite3 slib bump
Approved by: portmgr (myself) |
5.1.3 15 May 2014 12:47:20
  |
pi  |
security/strongswan: update 5.1.1 -> 5.1.3 with security update
- Update strongSwan port to 5.1.3 to resolve CVE 2014-2338
- Fixed rcvar issue with FreeBSD 10 (ports/186865)
- Added building of additional tools included in strongswan (ports/186867)
- libtool fix
- pkg-plist updated
PR: ports/189132, ports/186865, ports/186867
Submitted by: Robert Sevat, Dewayne Geraghty, Francois ten Krooden
(maintainer)
Approved by: jadawin (mentor) |
5.1.1_1 14 Feb 2014 14:37:36
  |
decke  |
- Use OPTIONS_SUB=yes
- Prefer ${INSTALL_DATA} over ${MV}
- Whitespace fix
Thanks to: garga@ |
5.1.1_1 09 Feb 2014 18:15:13
  |
antoine  |
- Remove MANx, man pages are already moved to plist
- Use new LIB_DEPENDS syntax |
5.1.1_1 07 Feb 2014 14:55:11
  |
decke  |
- Add missing manpages
PR: ports/186264
Submitted by: HASHI Hiroaki <hashiz@meridiani.jp>
Approved by: strongswan <strongswan@Nanoteq.com> (maintainer) |
5.1.1 27 Jan 2014 13:35:41
  |
decke  |
- Update to 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Added kernel libipsec plugin
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
- Convert to new options format
PR: ports/185535
Submitted by: Francois ten Krooden <strongswan@nanoteq.com> (maintainer)
Security: CVE-2013-5018
Security: CVE-2013-6075
Security: CVE-2013-6076 |
5.0.4_1 20 Sep 2013 22:55:26
  |
bapt  |
Add NO_STAGE all over the place in preparation for the staging support (cat:
security) |
5.0.4_1 11 Jul 2013 16:26:27
  |
sunpoet  |
- Update to 7.31.0
- Bump PORTREVISION for ftp/curl shlib change
- Add TEST_DEPENDS
- Convert to new options framework
- Adjust options:
- Add COOKIES
- Add CYASSL, NSS, POLARSSL, THREADED_RESOLVER, TLS_SRP [1]
- Add GSSAPI and SPNEGO [2]
- Remove KERBEROS4
- Rename LIBIDN to IDN
- Remove TRACKMEMORY [1]
- Sort option handler
- Add SLAVEDIRS: ftp/curl-hiphop
- Cosmetic change
- Cleanup Makefile header
- While I'm here, fix typo (PORTREVSION) in x11-wm/ede/Makefile
Changes: http://curl.haxx.se/changes.html
PR: ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by: miwi |
5.0.4 03 May 2013 18:16:36
  |
ohauer  |
- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry
while I'm here remove .sh from rc script
PR: ports/178266
Submitted by: David Shane Holden <dpejesh@yahoo.com>
Approved by: strongswan@nanoteq.com (maintainer) |
5.0.1 07 Jan 2013 12:11:15
  |
tota  |
- Update to 5.0.1
- Change maintainer address
- Trim Makefile header
- Convert to new options framework
- Cleanup
PR: ports/173860 (based on)
Submitted by: Riaan Kruger (maintainer) |
4.5.3 14 Jan 2012 08:57:23
 |
dougb  |
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().
In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other. |
4.5.3 22 Sep 2011 21:37:55
 |
flo  |
update to 4.5.3
PR: ports/160401
Submitted by: Riaan Kruger <riaank@gmail.com> maintainer |
4.5.1 29 Apr 2011 12:24:55
 |
culot  |
- Update to 4.5.1 [1]
- Pet portlint(1) (change spaces into tabs and reformat IGNORE message)
PR: ports/156711 [1]
Submitted by: Riaan Kruger <riaank@gmail.com> (maintainer) |
4.4.0 04 Dec 2010 07:34:27
 |
ade  |
Sync to new bsd.autotools.mk |
4.4.0 26 Aug 2010 13:40:11
 |
pav  |
Strongswan is an open source IPsec-based VPN solution.
Strongswan for FreeBSD supports IKEv2 but NOT IKEv1.
WWW: http://www.strongswan.org
PR: ports/147431
Submitted by: Riaan Kruger <riaank@gmail.com> |