patrick@gentoo.org Patrick Lauer gurligebis@gentoo.org Bjarke Istrup Pedersen ua_bugz_gentoo@mortal-soul.de Matthias Dahl Proxy Maintainer, CC on all bugs StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools. Enable support for the Cisco VPN client. Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only) Enable support for the different EAP modules that is supported. Enable faking of ARP responses for virtual IP addresses assigned to clients. (IKEv2 only) Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator. Enable IKEv1 protocol (pluto daemon). Enable IKEv2 protocol (charon daemon). Enable potentially insecure NAT traversal for transport mode in IKEv1. Only enable if you really need this. Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges. Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".