Warning: file_exists(): open_basedir restriction in effect. File(/srv/http/vhosts/aur.archlinux.org/public/web/locale//en/LC_MESSAGES/aurweb.mo) is not within the allowed path(s): (/srv/http/vhosts/aur-dev.archlinux.org/:/etc/aurweb/) in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/streams.php on line 90
AUR (en) - strongswan

Notice: Undefined variable: name in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/pkgfuncs.inc.php on line 248

Package Details: strongswan 5.5.1-5

Git Clone URL: https://aur-dev.archlinux.org/strongswan.git (read-only)
Package Base: strongswan
Description: open source IPsec implementation
Upstream URL: http://www.strongswan.org
Keywords: IPsec strongswan
Licenses: GPL
Conflicts: openswan
Submitter: jayray
Maintainer: Thermi
Last Packager: Thermi
Votes: 99
Popularity: 2.646251
First Submitted: 2007-04-22 16:41
Last Updated: 2017-02-04 18:22

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 ... Next › Last »

ygorre commented on 2015-09-23 21:53

etc/swanctl/swanctl.conf should be defined as a config file in PKGBUILD as well, so that it is not destroyed on upgrades.

Fedes commented on 2015-09-04 19:05

I think I'm a bit late, as it was already added, but +1 to --enable-eap-tls, since it's widely used in common strongswan implementations.


Xenopathic commented on 2015-08-15 20:09

@Thermi: Thanks! Just helping make AUR packages better one step at a time :)

Thermi commented on 2015-08-10 23:58

@Xenopathic: Sure, I was just interested in hearing your justification for that change. Some plugins are loaded by default and some users don't use modular loading and use no charon.load line, so even adding a single plugin can break their setup (example: libipsec). Usually, that shouldn't happen though. I will add the options shortly.

Xenopathic commented on 2015-08-10 23:55

@Thermi: Upgrading packages. It's a nuisance to have to re-add the relevant configure options every time this package is upgraded, and for such standard and unobtrusive build options it makes little sense. The current PKGBUILD supports all manner of esoteric authentication methods (for example, --enable-eap-aka-3gpp2 - I have no idea what it is), yet doesn't support the standardised EAP-TTLS mechanism. I included the PAM backend simply because it is so useful.

Perhaps more importantly though - this takes very little extra disk space, negligibly longer compilation times, and no additional build-time or run-time dependencies, so the question shouldn't be 'Why add these options', and rather 'Why not?'

Thermi commented on 2015-08-09 14:48

@Xenopathic: As users generally build from source, you can add those options manually. What is the reason you want this enabled directly in the PKGBUILD in the AUR?

Xenopathic commented on 2015-08-09 14:45

Can I request two new configure options? --enable-eap-ttls --enable-xauth-pam enables EAP-TTLS and the PAM backend for authentication. EAP-TTLS is a standard EAP mechanism (unless your name is Microsoft) and the PAM backend is super useful for integrating authentication with the system. No extra dependencies as far as I'm aware.

darwish commented on 2015-07-02 11:18

Shouldn't libsystemd be listed as a dependency if compiling with "--enable-systemd"?

Thermi commented on 2015-03-31 16:09

New version. Yay!
Now includes the forecast and connmark plugins to support multicast/broadcast over IPsec, as well as several transport SAs over the same NAT device. Also, you can get a ruby gem and a python egg to communicate over VICI. The installation routine for that is still broken, so you cannot build it without the commits that fix it.
The ruby gem installation is fixed now:
The python egg installation is still broken.
More information: https://wiki.strongswan.org/versions/55

Thermi commented on 2015-03-31 16:08

New version. Yay!
Now includes the forecast and connmark plugins to support multicast/broadcast over IPsec, as well as several transport SAs over the same NAT device.
More information: https://wiki.strongswan.org/versions/55