Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/strongswan/metadata.xml
blob: 4a999e41ff9dd3a4d8278055d5da5b53005b4e01 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
  <herd>no-herd</herd>
  <maintainer>
    <email>patrick@gentoo.org</email>
    <name>Patrick Lauer</name>
  </maintainer>
  <maintainer>
    <email>ua_bugz_gentoo@mortal-soul.de</email>
    <name>Matthias Dahl</name>
    <description>Proxy Maintainer, CC on all bugs</description>
  </maintainer>
  <longdescription lang="en">
    StrongSwan is direct descendant of the discontinued FreeS/WAN project.
    As an IPsec based VPN solution which is focused on security and ease of
    use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal
    via UDP encapsulation (incl. port floating) and Dead Peer Detection. It
    also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on
    Smartcards and virtual IP address pools.
  </longdescription>
  <use>
    <flag name="cisco">
      Enable support for the Cisco VPN client.
    </flag>
    <flag name="dhcp">
      Enable server support for querying virtual IP addresses for clients
      from a DHCP server. (IKEv2 only)
    </flag>
    <flag name="farp">
      Enable faking of ARP responses for virtual IP addresses assigned to
      clients. (IKEv2 only)
    </flag>
    <flag name="gcrypt">
      Enable <pkg>dev-libs/libgcrypt</pkg> plugin which provides 3DES, AES,
      Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with
      MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and
      22-24(4.4+). Also includes a software random number generator.
    </flag>
    <flag name="ikev1">
      Enable IKEv1 protocol (pluto daemon).
    </flag>
    <flag name="ikev2">
      Enable IKEv2 protocol (charon daemon).
    </flag>
    <flag name="nat-transport">
      Enable potentially insecure NAT traversal for transport mode in IKEv1.
      Only enable if you really need this.
    </flag>
    <flag name="non-root">
      Force IKEv1/IKEv2 daemons to normal user privileges. This might impose
      some restrictions mainly to the IKEv1 daemon. Disable only if you really
      require superuser privileges.
    </flag>
    <flag name="openssl">
      Enable <pkg>dev-libs/openssl</pkg> plugin which is required for Elliptic
      Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES,
      AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2,
      MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and
      22-24(4.4+)
      <pkg>dev-libs/openssl</pkg> has to be compiled with USE="-bindist".
    </flag>
  </use>
</pkgmetadata>