© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
strongSwan IPsec VPN-solution Main Inclusion Request.
1. Availability:
- In universe and Debian for some time.
2. Rationale:
- We need a supported and functional IPsec VPN solution in Ubuntu.
- At the current time, this is racoon, which hasn't updated in quite a while:
- https:/
3. Security:
- No current CVEs.
- CVE reports in the past: fixed by upstream as seen in:
- https:/
- But as package is in universe, no oversight from security team.
- Ships a daemon that handles connections to IPsec clients (AppArmor'ed by profile).
- Open privileged ports on 500 and 4500 (charon daemon above).
4. Quality assurance:
- Current version doesn't install any working configuration, however this can be done with debconf.
- It's simpler to do things by hand, as with openvpn.
- Upstream is active:
- Next release planned within a month: https:/
- Respond proactively to support queries on their ticketing system: https:/
- Release presentations from time to time: https:/
- Build process runs test suite.
5. UI standards:
- Not applicable
6. Dependencies:
- libgmp3-dev
- libssl-dev
- libldns-dev (universe)
- libunbound-dev (universe)
- libcurl4-
- libsoup2.4-dev
- libpcsclite-dev
- libldap2-dev
- libpam0g-dev
- libkrb5-dev
- libfcgi-dev
- clearsilver-dev (universe)
- libtspi-dev
- libxml2-dev
- libsqlite3-dev
- libmysqlclient-dev
Note that the packages in universe are not part of the core strongSwan functionality and rather are linked to binary packages that are plugins (strongswan-
The building of these plugins could be disabled, but I'd rather offer our users a wide range of plugins by default - rather than have them rebuild strongSwan for functionality they may need.
7. Standards compliance:
- Shipped by Debian
- Lintian clean
- uses dh, source format 3.0 (quilt)
8. Maintenance:
- Currently maintained by a team of volunteers on Debian and Ubuntu.
- Shared git repository on git.debian.org.