patrick@gentoo.org Patrick Lauer gurligebis@gentoo.org Bjarke Istrup Pedersen StrongSwan is direct descendant of the discontinued FreeS/WAN project. As an IPsec based VPN solution which is focused on security and ease of use, it fully implements the IKEv1/IKEv2 protocols, MOBIKE, NAT-Traversal via UDP encapsulation (incl. port floating) and Dead Peer Detection. It also fully supports the Linux 2.6 IPsec stack, IPv6, certificates/keys on Smartcards and virtual IP address pools. Enable server support for querying virtual IP addresses for clients from a DHCP server. (IKEv2 only) Enable support for the different EAP modules that is supported. Enable faking of ARP responses for virtual IP addresses assigned to clients. (IKEv2 only) Enable dev-libs/libgcrypt plugin which provides 3DES, AES, Blowfish, Camellia, CAST, DES, Serpent and Twofish ciphers along with MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+). Also includes a software random number generator. Force IKEv1/IKEv2 daemons to normal user privileges. This might impose some restrictions mainly to the IKEv1 daemon. Disable only if you really require superuser privileges. Enable dev-libs/openssl plugin which is required for Elliptic Curve Cryptography (DH groups 19-21,25,26) and ECDSA. Also provides 3DES, AES, Blowfish, Camellia, CAST, DES, IDEA and RC5 ciphers along with MD2, MD4, MD5 and SHA1/2 hash algorithms, RSA and DH groups 1,2,5,14-18 and 22-24(4.4+) dev-libs/openssl has to be compiled with USE="-bindist".